core: add Model service for v2 system to track AI providers and capabilities

core: remove unused AuthV2 import following authentication refactor
core: streamline authentication by removing redundant AuthV2 layer
2026-05-05 00:03:03 +08:00 · 2026-05-04 00:44:24 -04:00 · 2026-05-03 23:11:39 -04:00 · 2026-05-03 23:09:40 -04:00 · 2026-05-03 23:08:10 -04:00 · 2026-05-03 22:54:50 -04:00
66 changed files with 886 additions and 1480 deletions
--- a/packages/app/src/components/terminal.tsx
+++ b/packages/app/src/components/terminal.tsx
@@ -479,27 +479,6 @@ export const Terminal = (props: TerminalProps) => {
            return false
          })

-      const connectToken = async () => {
-        const result = await client.pty
-          .connectToken(
-            { ptyID: id, directory },
-            {
-              throwOnError: false,
-              headers: { "x-opencode-ticket": "1" },
-            },
-          )
-          .catch((err: unknown) => {
-            if (err instanceof Error && err.message.includes("Request is not supported")) return
-            throw err
-          })
-        if (!result) return
-        if (result.response.status === 200 && result.data?.ticket) return result.data.ticket
-        if (result.response.status === 404 || result.response.status === 405) return
-        if (result.response.status === 403)
-          throw new Error("PTY connect ticket rejected by origin or CSRF checks. Check the server CORS config.")
-        throw new Error(`PTY connect ticket failed with ${result.response.status}`)
-      }
-
      const retry = (err: unknown) => {
        if (disposed) return
        if (reconn !== undefined) return
@@ -519,29 +498,12 @@ export const Terminal = (props: TerminalProps) => {
        }, ms)
      }

-      const open = async () => {
+      const open = () => {
        if (disposed) return
        drop?.()

-        const ticket = await connectToken().catch((err) => {
-          fail(err)
-          return undefined
-        })
-        if (once.value) return
-        if (disposed) return
-
        const socket = new WebSocket(
-          terminalWebSocketURL({
-            url,
-            id,
-            directory,
-            cursor: seek,
-            ticket,
-            sameOrigin,
-            username,
-            password,
-            authToken: server.current?.type === "http" ? server.current.authToken : false,
-          }),
+          terminalWebSocketURL({ url, id, directory, cursor: seek, sameOrigin, username, password }),
        )
        socket.binaryType = "arraybuffer"
        ws = socket
--- a/packages/app/src/context/server.test.ts
+++ b/packages/app/src/context/server.test.ts
@@ -1,53 +0,0 @@
-import { describe, expect, test } from "bun:test"
-import { resolveServerList, ServerConnection } from "./server"
-
-describe("resolveServerList", () => {
-  test("lets startup auth_token credentials override a persisted same-url server", () => {
-    const list = resolveServerList({
-      stored: [{ url: "https://server.example.test" }],
-      props: [
-        {
-          type: "http",
-          authToken: true,
-          http: {
-            url: "https://server.example.test",
-            username: "opencode",
-            password: "secret",
-          },
-        },
-      ],
-    })
-
-    expect(list).toHaveLength(1)
-    expect(list[0]?.type).toBe("http")
-    expect(list[0]?.http).toEqual({
-      url: "https://server.example.test",
-      username: "opencode",
-      password: "secret",
-    })
-    expect(list[0]?.type === "http" ? list[0].authToken : false).toBe(true)
-    expect(ServerConnection.key(list[0]!) as string).toBe("https://server.example.test")
-  })
-
-  test("keeps persisted credentials when startup has no auth_token", () => {
-    const list = resolveServerList({
-      stored: [
-        {
-          url: "https://server.example.test",
-          username: "opencode",
-          password: "saved",
-        },
-      ],
-      props: [{ type: "http", http: { url: "https://server.example.test" } }],
-    })
-
-    expect(list).toHaveLength(1)
-    expect(list[0]?.type).toBe("http")
-    expect(list[0]?.http).toEqual({
-      url: "https://server.example.test",
-      username: "opencode",
-      password: "saved",
-    })
-    expect(list[0]?.type === "http" ? list[0].authToken : true).toBeUndefined()
-  })
-})
--- a/packages/app/src/context/server.tsx
+++ b/packages/app/src/context/server.tsx
@@ -33,33 +33,6 @@ function isLocalHost(url: string) {
  if (host === "localhost" || host === "127.0.0.1") return "local"
 }

-export function resolveServerList(input: {
-  props?: Array<ServerConnection.Any>
-  stored: StoredServer[]
-}): Array<ServerConnection.Any> {
-  const servers = [
-    ...input.stored.map((value) =>
-      typeof value === "string"
-        ? {
-            type: "http" as const,
-            http: { url: value },
-          }
-        : value,
-    ),
-    ...(input.props ?? []),
-  ]
-
-  const deduped = new Map<ServerConnection.Key, ServerConnection.Any>()
-  for (const value of servers) {
-    const conn: ServerConnection.Any = "type" in value ? value : { type: "http", http: value }
-    const key = ServerConnection.key(conn)
-    if (deduped.has(key) && conn.type === "http" && !conn.authToken) continue
-    deduped.set(key, conn)
-  }
-
-  return [...deduped.values()]
-}
-
 export namespace ServerConnection {
  type Base = { displayName?: string }

@@ -73,7 +46,6 @@ export namespace ServerConnection {
  export type Http = {
    type: "http"
    http: HttpBase
-    authToken?: boolean
  } & Base

  export type Sidecar = {
@@ -141,7 +113,26 @@ export const { use: useServer, provider: ServerProvider } = createSimpleContext(
    const url = (x: StoredServer) => (typeof x === "string" ? x : "type" in x ? x.http.url : x.url)

    const allServers = createMemo((): Array<ServerConnection.Any> => {
-      return resolveServerList({ stored: store.list, props: props.servers })
+      const servers = [
+        ...(props.servers ?? []),
+        ...store.list.map((value) =>
+          typeof value === "string"
+            ? {
+                type: "http" as const,
+                http: { url: value },
+              }
+            : value,
+        ),
+      ]
+
+      const deduped = new Map(
+        servers.map((value) => {
+          const conn: ServerConnection.Any = "type" in value ? value : { type: "http", http: value }
+          return [ServerConnection.key(conn), conn]
+        }),
+      )
+
+      return [...deduped.values()]
    })

    const [state, setState] = createStore({
@@ -183,7 +174,7 @@ export const { use: useServer, provider: ServerProvider } = createSimpleContext(
    function add(input: ServerConnection.Http) {
      const url_ = normalizeServerUrl(input.http.url)
      if (!url_) return
-      const conn: ServerConnection.Http = { ...input, authToken: undefined, http: { ...input.http, url: url_ } }
+      const conn = { ...input, http: { ...input.http, url: url_ } }
      return batch(() => {
        const existing = store.list.findIndex((x) => url(x) === url_)
        if (existing !== -1) {
--- a/packages/app/src/context/terminal.test.ts
+++ b/packages/app/src/context/terminal.test.ts
@@ -1,9 +1,6 @@
 import { beforeAll, describe, expect, mock, test } from "bun:test"

-type ServerKey = Parameters<typeof import("./terminal").getTerminalServerScope>[1]
-
-let getWorkspaceTerminalCacheKey: (dir: string, scope?: string) => string
-let getTerminalServerScope: typeof import("./terminal").getTerminalServerScope
+let getWorkspaceTerminalCacheKey: (dir: string) => string
 let getLegacyTerminalStorageKeys: (dir: string, legacySessionID?: string) => string[]
 let migrateTerminalState: (value: unknown) => unknown

@@ -20,7 +17,6 @@ beforeAll(async () => {
  }))
  const mod = await import("./terminal")
  getWorkspaceTerminalCacheKey = mod.getWorkspaceTerminalCacheKey
-  getTerminalServerScope = mod.getTerminalServerScope
  getLegacyTerminalStorageKeys = mod.getLegacyTerminalStorageKeys
  migrateTerminalState = mod.migrateTerminalState
 })
@@ -29,45 +25,6 @@ describe("getWorkspaceTerminalCacheKey", () => {
  test("uses workspace-only directory cache key", () => {
    expect(getWorkspaceTerminalCacheKey("/repo")).toBe("/repo:__workspace__")
  })
-
-  test("can include a server scope", () => {
-    expect(getWorkspaceTerminalCacheKey("/repo", "wsl:Debian")).toBe("wsl:Debian:/repo:__workspace__")
-  })
-})
-
-describe("getTerminalServerScope", () => {
-  test("preserves local server keys", () => {
-    expect(
-      getTerminalServerScope(
-        { type: "sidecar", variant: "base", http: { url: "http://127.0.0.1:4096" } },
-        "sidecar" as ServerKey,
-      ),
-    ).toBeUndefined()
-    expect(
-      getTerminalServerScope(
-        { type: "http", http: { url: "http://localhost:4096" } },
-        "http://localhost:4096" as ServerKey,
-      ),
-    ).toBeUndefined()
-    expect(
-      getTerminalServerScope({ type: "http", http: { url: "http://[::1]:4096" } }, "http://[::1]:4096" as ServerKey),
-    ).toBeUndefined()
-  })
-
-  test("scopes non-local server keys", () => {
-    expect(
-      getTerminalServerScope(
-        { type: "sidecar", variant: "wsl", distro: "Debian", http: { url: "http://127.0.0.1:4096" } },
-        "wsl:Debian" as ServerKey,
-      ),
-    ).toBe("wsl:Debian" as ServerKey)
-    expect(
-      getTerminalServerScope(
-        { type: "http", http: { url: "https://example.com" } },
-        "https://example.com" as ServerKey,
-      ),
-    ).toBe("https://example.com" as ServerKey)
-  })
 })

 describe("getLegacyTerminalStorageKeys", () => {
--- a/packages/app/src/context/terminal.tsx
+++ b/packages/app/src/context/terminal.tsx
@@ -4,7 +4,6 @@ import { batch, createEffect, createMemo, createRoot, on, onCleanup } from "soli
 import { useParams } from "@solidjs/router"
 import { useSDK } from "./sdk"
 import type { Platform } from "./platform"
-import { ServerConnection, useServer } from "./server"
 import { defaultTitle, titleNumber } from "./terminal-title"
 import { Persist, persisted, removePersisted } from "@/utils/persist"

@@ -83,31 +82,10 @@ export function migrateTerminalState(value: unknown) {
  }
 }

-export function getWorkspaceTerminalCacheKey(dir: string, scope?: string) {
-  if (scope) return `${scope}:${dir}:${WORKSPACE_KEY}`
+export function getWorkspaceTerminalCacheKey(dir: string) {
  return `${dir}:${WORKSPACE_KEY}`
 }

-export function getTerminalServerScope(conn: ServerConnection.Any | undefined, key: ServerConnection.Key) {
-  if (!conn) return
-  if (conn.type === "sidecar" && conn.variant === "base") return
-  if (conn.type === "http") {
-    try {
-      const url = new URL(conn.http.url)
-      if (
-        url.hostname === "localhost" ||
-        url.hostname === "127.0.0.1" ||
-        url.hostname === "::1" ||
-        url.hostname === "[::1]"
-      )
-        return
-    } catch {
-      return key
-    }
-  }
-  return key
-}
-
 export function getLegacyTerminalStorageKeys(dir: string, legacySessionID?: string) {
  if (!legacySessionID) return [`${dir}/terminal.v1`]
  return [`${dir}/terminal/${legacySessionID}.v1`, `${dir}/terminal.v1`]
@@ -132,16 +110,15 @@ const trimTerminal = (pty: LocalPTY) => {
  }
 }

-export function clearWorkspaceTerminals(dir: string, sessionIDs?: string[], platform?: Platform, scope?: string) {
-  const key = getWorkspaceTerminalCacheKey(dir, scope)
+export function clearWorkspaceTerminals(dir: string, sessionIDs?: string[], platform?: Platform) {
+  const key = getWorkspaceTerminalCacheKey(dir)
  for (const cache of caches) {
    const entry = cache.get(key)
    entry?.value.clear()
  }

-  void removePersisted(Persist.workspace(dir, scope ? `terminal:${scope}` : "terminal"), platform)
+  void removePersisted(Persist.workspace(dir, "terminal"), platform)

-  if (scope) return
  const legacy = new Set(getLegacyTerminalStorageKeys(dir))
  for (const id of sessionIDs ?? []) {
    for (const key of getLegacyTerminalStorageKeys(dir, id)) {
@@ -153,17 +130,12 @@ export function clearWorkspaceTerminals(dir: string, sessionIDs?: string[], plat
  }
 }

-function createWorkspaceTerminalSession(
-  sdk: ReturnType<typeof useSDK>,
-  dir: string,
-  legacySessionID?: string,
-  scope?: string,
-) {
-  const legacy = scope ? [] : getLegacyTerminalStorageKeys(dir, legacySessionID)
+function createWorkspaceTerminalSession(sdk: ReturnType<typeof useSDK>, dir: string, legacySessionID?: string) {
+  const legacy = getLegacyTerminalStorageKeys(dir, legacySessionID)

  const [store, setStore, _, ready] = persisted(
    {
-      ...Persist.workspace(dir, scope ? `terminal:${scope}` : "terminal", legacy),
+      ...Persist.workspace(dir, "terminal", legacy),
      migrate: migrateTerminalState,
    },
    createStore<{
@@ -385,12 +357,8 @@ export const { use: useTerminal, provider: TerminalProvider } = createSimpleCont
  gate: false,
  init: () => {
    const sdk = useSDK()
-    const server = useServer()
    const params = useParams()
    const cache = new Map<string, TerminalCacheEntry>()
-    const scope = createMemo(() => {
-      return getTerminalServerScope(server.current, server.key)
-    })

    caches.add(cache)
    onCleanup(() => caches.delete(cache))
@@ -414,9 +382,9 @@ export const { use: useTerminal, provider: TerminalProvider } = createSimpleCont
      }
    }

-    const loadWorkspace = (dir: string, legacySessionID: string | undefined, serverScope: string | undefined) => {
+    const loadWorkspace = (dir: string, legacySessionID?: string) => {
      // Terminals are workspace-scoped so tabs persist while switching sessions in the same directory.
-      const key = getWorkspaceTerminalCacheKey(dir, serverScope)
+      const key = getWorkspaceTerminalCacheKey(dir)
      const existing = cache.get(key)
      if (existing) {
        cache.delete(key)
@@ -425,7 +393,7 @@ export const { use: useTerminal, provider: TerminalProvider } = createSimpleCont
      }

      const entry = createRoot((dispose) => ({
-        value: createWorkspaceTerminalSession(sdk, dir, legacySessionID, serverScope),
+        value: createWorkspaceTerminalSession(sdk, dir, legacySessionID),
        dispose,
      }))

@@ -434,16 +402,16 @@ export const { use: useTerminal, provider: TerminalProvider } = createSimpleCont
      return entry.value
    }

-    const workspace = createMemo(() => loadWorkspace(params.dir!, params.id, scope()))
+    const workspace = createMemo(() => loadWorkspace(params.dir!, params.id))

    createEffect(
      on(
-        () => ({ dir: params.dir, id: params.id, scope: scope() }),
+        () => ({ dir: params.dir, id: params.id }),
        (next, prev) => {
          if (!prev?.dir) return
-          if (next.dir === prev.dir && next.id === prev.id && next.scope === prev.scope) return
-          if (next.dir === prev.dir && next.id && next.scope === prev.scope) return
-          loadWorkspace(prev.dir, prev.id, prev.scope).trimAll()
+          if (next.dir === prev.dir && next.id === prev.id) return
+          if (next.dir === prev.dir && next.id) return
+          loadWorkspace(prev.dir, prev.id).trimAll()
        },
        { defer: true },
      ),
--- a/packages/app/src/entry.tsx
+++ b/packages/app/src/entry.tsx
@@ -7,7 +7,6 @@ import { type Platform, PlatformProvider } from "@/context/platform"
 import { dict as en } from "@/i18n/en"
 import { dict as zh } from "@/i18n/zh"
 import { handleNotificationClick } from "@/utils/notification-click"
-import { authFromToken } from "@/utils/server"
 import pkg from "../package.json"
 import { ServerConnection } from "./context/server"

@@ -112,13 +111,6 @@ const getDefaultUrl = () => {
  return getCurrentUrl()
 }

-const clearAuthToken = () => {
-  const params = new URLSearchParams(location.search)
-  if (!params.has("auth_token")) return
-  params.delete("auth_token")
-  history.replaceState(null, "", location.pathname + (params.size ? `?${params}` : "") + location.hash)
-}
-
 const platform: Platform = {
  platform: "web",
  version: pkg.version,
@@ -154,16 +146,7 @@ if (import.meta.env.VITE_SENTRY_DSN) {
 }

 if (root instanceof HTMLElement) {
-  const auth = authFromToken(new URLSearchParams(location.search).get("auth_token"))
-  clearAuthToken()
-  const server: ServerConnection.Http = {
-    type: "http",
-    authToken: !!auth,
-    http: {
-      url: getCurrentUrl(),
-      ...auth,
-    },
-  }
+  const server: ServerConnection.Http = { type: "http", http: { url: getCurrentUrl() } }
  render(
    () => (
      <PlatformProvider value={platform}>
--- a/packages/app/src/pages/layout.tsx
+++ b/packages/app/src/pages/layout.tsx
@@ -35,7 +35,7 @@ import type { DragEvent } from "@thisbeyond/solid-dnd"
 import { useProviders } from "@/hooks/use-providers"
 import { showToast, Toast, toaster } from "@opencode-ai/ui/toast"
 import { useGlobalSDK } from "@/context/global-sdk"
-import { clearWorkspaceTerminals, getTerminalServerScope } from "@/context/terminal"
+import { clearWorkspaceTerminals } from "@/context/terminal"
 import { dropSessionCaches, pickSessionCacheEvictions } from "@/context/global-sync/session-cache"
 import {
  clearSessionPrefetchInflight,
@@ -1557,7 +1557,6 @@ export default function Layout(props: ParentProps) {
      directory,
      sessions.map((s) => s.id),
      platform,
-      getTerminalServerScope(server.current, server.key),
    )
    await globalSDK.client.instance.dispose({ directory }).catch(() => undefined)

--- a/packages/app/src/pages/session/terminal-panel.tsx
+++ b/packages/app/src/pages/session/terminal-panel.tsx
@@ -37,7 +37,6 @@ export function TerminalPanel() {
  const [store, setStore] = createStore({
    autoCreated: false,
    activeDraggable: undefined as string | undefined,
-    recovered: {} as Record<string, boolean>,
    view: typeof window === "undefined" ? 1000 : (window.visualViewport?.height ?? window.innerHeight),
  })

@@ -146,21 +145,6 @@ export function TerminalPanel() {
  const all = terminal.all
  const ids = createMemo(() => all().map((pty) => pty.id))

-  const recoverTerminal = (key: string, id: string, clone: (id: string) => Promise<void>) => {
-    if (store.recovered[key]) return
-    setStore("recovered", key, true)
-    void clone(id)
-  }
-
-  const terminalRecoveryKey = (pty: { id: string; title: string; titleNumber: number }) => {
-    return String(pty.titleNumber || pty.title || pty.id)
-  }
-
-  const markTerminalConnected = (key: string, id: string, trim: (id: string) => void) => {
-    setStore("recovered", key, false)
-    trim(id)
-  }
-
  const handleTerminalDragStart = (event: unknown) => {
    const id = getDraggableId(event)
    if (!id) return
@@ -296,9 +280,9 @@ export function TerminalPanel() {
                            <Terminal
                              pty={pty()}
                              autoFocus={opened()}
-                              onConnect={() => markTerminalConnected(terminalRecoveryKey(pty()), id, ops.trim)}
+                              onConnect={() => ops.trim(id)}
                              onCleanup={ops.update}
-                              onConnectError={() => recoverTerminal(terminalRecoveryKey(pty()), id, ops.clone)}
+                              onConnectError={() => ops.clone(id)}
                            />
                          </div>
                        )}
--- a/packages/app/src/utils/server.test.ts
+++ b/packages/app/src/utils/server.test.ts
@@ -1,23 +0,0 @@
-import { describe, expect, test } from "bun:test"
-import { authFromToken, authTokenFromCredentials } from "./server"
-
-describe("authFromToken", () => {
-  test("decodes basic auth credentials from auth_token", () => {
-    expect(authFromToken(btoa("kit:secret"))).toEqual({ username: "kit", password: "secret" })
-  })
-
-  test("defaults blank username to opencode", () => {
-    expect(authFromToken(btoa(":secret"))).toEqual({ username: "opencode", password: "secret" })
-  })
-
-  test("ignores malformed tokens", () => {
-    expect(authFromToken("not base64")).toBeUndefined()
-    expect(authFromToken(btoa("missing-separator"))).toBeUndefined()
-  })
-})
-
-describe("authTokenFromCredentials", () => {
-  test("encodes credentials with the default username", () => {
-    expect(authTokenFromCredentials({ password: "secret" })).toBe(btoa("opencode:secret"))
-  })
-})
--- a/packages/app/src/utils/server.ts
+++ b/packages/app/src/utils/server.ts
@@ -1,21 +1,5 @@
 import { createOpencodeClient } from "@opencode-ai/sdk/v2/client"
 import type { ServerConnection } from "@/context/server"
-import { decode64 } from "@/utils/base64"
-
-export function authTokenFromCredentials(input: { username?: string; password: string }) {
-  return btoa(`${input.username ?? "opencode"}:${input.password}`)
-}
-
-export function authFromToken(token: string | null) {
-  const decoded = decode64(token ?? undefined)
-  if (!decoded) return
-  const separator = decoded.indexOf(":")
-  if (separator === -1) return
-  return {
-    username: decoded.slice(0, separator) || "opencode",
-    password: decoded.slice(separator + 1),
-  }
-}

 export function createSdkForServer({
  server,
@@ -26,7 +10,7 @@ export function createSdkForServer({
  const auth = (() => {
    if (!server.password) return
    return {
-      Authorization: `Basic ${authTokenFromCredentials({ username: server.username, password: server.password })}`,
+      Authorization: `Basic ${btoa(`${server.username ?? "opencode"}:${server.password}`)}`,
    }
  })()

--- a/packages/app/src/utils/terminal-websocket-url.test.ts
+++ b/packages/app/src/utils/terminal-websocket-url.test.ts
@@ -19,7 +19,7 @@ describe("terminalWebSocketURL", () => {
    expect(url.searchParams.get("auth_token")).toBe(btoa("opencode:secret"))
  })

-  test("omits query auth for same-origin saved credentials", () => {
+  test("omits query auth for same-origin websocket URL", () => {
    const url = terminalWebSocketURL({
      url: "https://app.example.test",
      id: "pty_test",
@@ -33,20 +33,4 @@ describe("terminalWebSocketURL", () => {
    expect(url.protocol).toBe("wss:")
    expect(url.searchParams.has("auth_token")).toBe(false)
  })
-
-  test("uses query auth for same-origin credentials from auth_token", () => {
-    const url = terminalWebSocketURL({
-      url: "https://app.example.test",
-      id: "pty_test",
-      directory: "/tmp/project",
-      cursor: 10,
-      sameOrigin: true,
-      username: "opencode",
-      password: "secret",
-      authToken: true,
-    })
-
-    expect(url.protocol).toBe("wss:")
-    expect(url.searchParams.get("auth_token")).toBe(btoa("opencode:secret"))
-  })
 })
--- a/packages/app/src/utils/terminal-websocket-url.ts
+++ b/packages/app/src/utils/terminal-websocket-url.ts
@@ -1,28 +1,17 @@
-import { authTokenFromCredentials } from "@/utils/server"
-
 export function terminalWebSocketURL(input: {
  url: string
  id: string
  directory: string
  cursor: number
-  ticket?: string
-  sameOrigin?: boolean
-  username?: string
+  sameOrigin: boolean
+  username: string
  password?: string
-  authToken?: boolean
 }) {
  const next = new URL(`${input.url}/pty/${input.id}/connect`)
  next.searchParams.set("directory", input.directory)
  next.searchParams.set("cursor", String(input.cursor))
  next.protocol = next.protocol === "https:" ? "wss:" : "ws:"
-  if (input.ticket) {
-    next.searchParams.set("ticket", input.ticket)
-    return next
-  }
-  if (input.password && (!input.sameOrigin || input.authToken))
-    next.searchParams.set(
-      "auth_token",
-      authTokenFromCredentials({ username: input.username, password: input.password }),
-    )
+  if (!input.sameOrigin && input.password)
+    next.searchParams.set("auth_token", btoa(`${input.username}:${input.password}`))
  return next
 }
--- a/packages/console/app/src/routes/zen/util/handler.ts
+++ b/packages/console/app/src/routes/zen/util/handler.ts
@@ -158,13 +158,11 @@ export async function handler(
                Object.entries(obj).flatMap(([k, v]) => {
                  if (Array.isArray(v)) return [[k, v]]
                  if (typeof v === "object") return [[k, replacer(v)]]
-                  if (typeof v === "string") {
-                    if (v === "$ip") return [[k, ip]]
-                    if (v === "$workspace") return authInfo?.workspaceID ? [[k, authInfo?.workspaceID]] : []
-                    if (v.startsWith("$header.")) {
-                      const headerValue = input.request.headers.get(v.slice(8))
-                      return headerValue ? [[k, headerValue]] : []
-                    }
+                  if (v === "$ip") return [[k, ip]]
+                  if (v === "$workspace") return authInfo?.workspaceID ? [[k, authInfo?.workspaceID]] : []
+                  if (v.startsWith("$header.")) {
+                    const headerValue = input.request.headers.get(v.slice(8))
+                    return headerValue ? [[k, headerValue]] : []
                  }
                  return [[k, v]]
                }),
--- a/packages/core/src/global.ts
+++ b/packages/core/src/global.ts
@@ -71,6 +71,8 @@ export const layer = Layer.effect(
  Effect.sync(() => Service.of(make())),
 )

+export const defaultLayer = layer
+
 export const layerWith = (input: Partial<Interface>) =>
  Layer.effect(
    Service,
--- a/packages/opencode/src/cli/cmd/providers.ts
+++ b/packages/opencode/src/cli/cmd/providers.ts
@@ -1,8 +1,9 @@
 import { Auth } from "../../auth"
+import { AppRuntime } from "../../effect/app-runtime"
 import { cmd } from "./cmd"
-import { CliError, effectCmd, fail } from "../effect-cmd"
+import { effectCmd } from "../effect-cmd"
+import * as prompts from "@clack/prompts"
 import { UI } from "../ui"
-import * as Prompt from "../effect/prompt"
 import { ModelsDev } from "@/provider/models"

 import { map, pipe, sortBy, values } from "remeda"
@@ -13,57 +14,44 @@ import { Global } from "@opencode-ai/core/global"
 import { Plugin } from "../../plugin"
 import type { Hooks } from "@opencode-ai/plugin"
 import { Process } from "@/util/process"
-import { errorMessage } from "@/util/error"
 import { text } from "node:stream/consumers"
-import { Effect, Option } from "effect"
+import { Effect } from "effect"

 type PluginAuth = NonNullable<Hooks["auth"]>

-const promptValue = <Value>(value: Option.Option<Value>) => {
-  if (Option.isNone(value)) return Effect.die(new UI.CancelledError())
-  return Effect.succeed(value.value)
-}
+const put = (key: string, info: Auth.Info) =>
+  AppRuntime.runPromise(
+    Effect.gen(function* () {
+      const auth = yield* Auth.Service
+      yield* auth.set(key, info)
+    }),
+  )

-const put = Effect.fn("Cli.providers.put")(function* (key: string, info: Auth.Info) {
-  const auth = yield* Auth.Service
-  yield* Effect.orDie(auth.set(key, info))
-})
-
-const cliTry = <Value>(message: string, fn: () => PromiseLike<Value>) =>
-  Effect.tryPromise({
-    try: fn,
-    catch: (error) => new CliError({ message: message + errorMessage(error) }),
-  })
-
-const handlePluginAuth = Effect.fn("Cli.providers.pluginAuth")(function* (
-  plugin: { auth: PluginAuth },
-  provider: string,
-  methodName?: string,
-) {
-  const index = yield* Effect.gen(function* () {
-    if (!methodName) {
-      if (plugin.auth.methods.length <= 1) return 0
-      return yield* promptValue(
-        yield* Prompt.select({
-          message: "Login method",
-          options: plugin.auth.methods.map((x, index) => ({
-            label: x.label,
-            value: index,
-          })),
-        }),
-      )
-    }
+async function handlePluginAuth(plugin: { auth: PluginAuth }, provider: string, methodName?: string): Promise<boolean> {
+  let index = 0
+  if (methodName) {
    const match = plugin.auth.methods.findIndex((x) => x.label.toLowerCase() === methodName.toLowerCase())
    if (match === -1) {
-      return yield* fail(
+      prompts.log.error(
        `Unknown method "${methodName}" for ${provider}. Available: ${plugin.auth.methods.map((x) => x.label).join(", ")}`,
      )
+      process.exit(1)
    }
-    return match
-  })
+    index = match
+  } else if (plugin.auth.methods.length > 1) {
+    const method = await prompts.select({
+      message: "Login method",
+      options: plugin.auth.methods.map((x, index) => ({
+        label: x.label,
+        value: index.toString(),
+      })),
+    })
+    if (prompts.isCancel(method)) throw new UI.CancelledError()
+    index = parseInt(method)
+  }
  const method = plugin.auth.methods[index]

-  yield* Effect.sleep("10 millis")
+  await new Promise((r) => setTimeout(r, 10))
  const inputs: Record<string, string> = {}
  if (method.prompts) {
    for (const prompt of method.prompts) {
@@ -75,44 +63,46 @@ const handlePluginAuth = Effect.fn("Cli.providers.pluginAuth")(function* (
      }
      if (prompt.condition && !prompt.condition(inputs)) continue
      if (prompt.type === "select") {
-        const value = yield* Prompt.select({
+        const value = await prompts.select({
          message: prompt.message,
          options: prompt.options,
        })
-        inputs[prompt.key] = yield* promptValue(value)
-        continue
+        if (prompts.isCancel(value)) throw new UI.CancelledError()
+        inputs[prompt.key] = value
+      } else {
+        const value = await prompts.text({
+          message: prompt.message,
+          placeholder: prompt.placeholder,
+          validate: prompt.validate ? (v) => prompt.validate!(v ?? "") : undefined,
+        })
+        if (prompts.isCancel(value)) throw new UI.CancelledError()
+        inputs[prompt.key] = value
      }
-      const value = yield* Prompt.text({
-        message: prompt.message,
-        placeholder: prompt.placeholder,
-        validate: prompt.validate ? (v) => prompt.validate!(v ?? "") : undefined,
-      })
-      inputs[prompt.key] = yield* promptValue(value)
    }
  }

  if (method.type === "oauth") {
-    const authorize = yield* cliTry("Failed to authorize: ", () => method.authorize(inputs))
+    const authorize = await method.authorize(inputs)

    if (authorize.url) {
-      yield* Prompt.log.info("Go to: " + authorize.url)
+      prompts.log.info("Go to: " + authorize.url)
    }

    if (authorize.method === "auto") {
      if (authorize.instructions) {
-        yield* Prompt.log.info(authorize.instructions)
+        prompts.log.info(authorize.instructions)
      }
-      const spinner = Prompt.spinner()
-      yield* spinner.start("Waiting for authorization...")
-      const result = yield* cliTry("Failed to authorize: ", () => authorize.callback())
+      const spinner = prompts.spinner()
+      spinner.start("Waiting for authorization...")
+      const result = await authorize.callback()
      if (result.type === "failed") {
-        yield* spinner.stop("Failed to authorize", 1)
+        spinner.stop("Failed to authorize", 1)
      }
      if (result.type === "success") {
        const saveProvider = result.provider ?? provider
        if ("refresh" in result) {
          const { type: _, provider: __, refresh, access, expires, ...extraFields } = result
-          yield* put(saveProvider, {
+          await put(saveProvider, {
            type: "oauth",
            refresh,
            access,
@@ -121,30 +111,30 @@ const handlePluginAuth = Effect.fn("Cli.providers.pluginAuth")(function* (
          })
        }
        if ("key" in result) {
-          yield* put(saveProvider, {
+          await put(saveProvider, {
            type: "api",
            key: result.key,
          })
        }
-        yield* spinner.stop("Login successful")
+        spinner.stop("Login successful")
      }
    }

    if (authorize.method === "code") {
-      const code = yield* Prompt.text({
+      const code = await prompts.text({
        message: "Paste the authorization code here: ",
        validate: (x) => (x && x.length > 0 ? undefined : "Required"),
      })
-      const authorizationCode = yield* promptValue(code)
-      const result = yield* cliTry("Failed to authorize: ", () => authorize.callback(authorizationCode))
+      if (prompts.isCancel(code)) throw new UI.CancelledError()
+      const result = await authorize.callback(code)
      if (result.type === "failed") {
-        yield* Prompt.log.error("Failed to authorize")
+        prompts.log.error("Failed to authorize")
      }
      if (result.type === "success") {
        const saveProvider = result.provider ?? provider
        if ("refresh" in result) {
          const { type: _, provider: __, refresh, access, expires, ...extraFields } = result
-          yield* put(saveProvider, {
+          await put(saveProvider, {
            type: "oauth",
            refresh,
            access,
@@ -153,57 +143,56 @@ const handlePluginAuth = Effect.fn("Cli.providers.pluginAuth")(function* (
          })
        }
        if ("key" in result) {
-          yield* put(saveProvider, {
+          await put(saveProvider, {
            type: "api",
            key: result.key,
          })
        }
-        yield* Prompt.log.success("Login successful")
+        prompts.log.success("Login successful")
      }
    }

-    yield* Prompt.outro("Done")
+    prompts.outro("Done")
    return true
  }

  if (method.type === "api") {
-    const key = yield* Prompt.password({
+    const key = await prompts.password({
      message: "Enter your API key",
      validate: (x) => (x && x.length > 0 ? undefined : "Required"),
    })
-    const apiKey = yield* promptValue(key)
+    if (prompts.isCancel(key)) throw new UI.CancelledError()

    const metadata = Object.keys(inputs).length ? { metadata: inputs } : {}
-    const authorizeApi = method.authorize
-    if (!authorizeApi) {
-      yield* put(provider, {
+    if (!method.authorize) {
+      await put(provider, {
        type: "api",
-        key: apiKey,
+        key,
        ...metadata,
      })
-      yield* Prompt.outro("Done")
+      prompts.outro("Done")
      return true
    }

-    const result = yield* cliTry("Failed to authorize: ", () => authorizeApi(inputs))
+    const result = await method.authorize(inputs)
    if (result.type === "failed") {
-      yield* Prompt.log.error("Failed to authorize")
+      prompts.log.error("Failed to authorize")
    }
    if (result.type === "success") {
      const saveProvider = result.provider ?? provider
-      yield* put(saveProvider, {
+      await put(saveProvider, {
        type: "api",
-        key: result.key ?? apiKey,
+        key: result.key ?? key,
        ...metadata,
      })
-      yield* Prompt.log.success("Login successful")
+      prompts.log.success("Login successful")
    }
-    yield* Prompt.outro("Done")
+    prompts.outro("Done")
    return true
  }

  return false
-})
+}

 export function resolvePluginProviders(input: {
  hooks: Hooks[]
@@ -255,16 +244,16 @@ export const ProvidersListCommand = effectCmd({
    const authPath = path.join(Global.Path.data, "auth.json")
    const homedir = os.homedir()
    const displayPath = authPath.startsWith(homedir) ? authPath.replace(homedir, "~") : authPath
-    yield* Prompt.intro(`Credentials ${UI.Style.TEXT_DIM}${displayPath}`)
+    prompts.intro(`Credentials ${UI.Style.TEXT_DIM}${displayPath}`)
    const results = Object.entries(yield* Effect.orDie(authSvc.all()))
    const database = yield* modelsDev.get()

    for (const [providerID, result] of results) {
      const name = database[providerID]?.name || providerID
-      yield* Prompt.log.info(`${name} ${UI.Style.TEXT_DIM}${result.type}`)
+      prompts.log.info(`${name} ${UI.Style.TEXT_DIM}${result.type}`)
    }

-    yield* Prompt.outro(`${results.length} credentials`)
+    prompts.outro(`${results.length} credentials`)

    const activeEnvVars: Array<{ provider: string; envVar: string }> = []

@@ -281,13 +270,13 @@ export const ProvidersListCommand = effectCmd({

    if (activeEnvVars.length > 0) {
      UI.empty()
-      yield* Prompt.intro("Environment")
+      prompts.intro("Environment")

      for (const { provider, envVar } of activeEnvVars) {
-        yield* Prompt.log.info(`${provider} ${UI.Style.TEXT_DIM}${envVar}`)
+        prompts.log.info(`${provider} ${UI.Style.TEXT_DIM}${envVar}`)
      }

-      yield* Prompt.outro(`${activeEnvVars.length} environment variable` + (activeEnvVars.length === 1 ? "" : "s"))
+      prompts.outro(`${activeEnvVars.length} environment variable` + (activeEnvVars.length === 1 ? "" : "s"))
    }
  }),
 })
@@ -312,42 +301,36 @@ export const ProvidersLoginCommand = effectCmd({
        type: "string",
      }),
  handler: Effect.fn("Cli.providers.login")(function* (args) {
-    const authSvc = yield* Auth.Service
-
-    UI.empty()
-    yield* Prompt.intro("Add credential")
-    if (args.url) {
-      const url = args.url.replace(/\/+$/, "")
-      const wellknown = (yield* cliTry(`Failed to load auth provider metadata from ${url}: `, () =>
-        fetch(`${url}/.well-known/opencode`).then((x) => x.json()),
-      )) as {
-        auth: { command: string[]; env: string }
-      }
-      yield* Prompt.log.info(`Running \`${wellknown.auth.command.join(" ")}\``)
-      const abort = new AbortController()
-      const proc = Process.spawn(wellknown.auth.command, { stdout: "pipe", stderr: "inherit", abort: abort.signal })
-      if (!proc.stdout) {
-        yield* Prompt.log.error("Failed")
-        yield* Prompt.outro("Done")
-        return
-      }
-      const [exit, token] = yield* cliTry("Failed to run auth provider command: ", () =>
-        Promise.all([proc.exited, text(proc.stdout!)]),
-      ).pipe(Effect.ensuring(Effect.sync(() => abort.abort())))
-      if (exit !== 0) {
-        yield* Prompt.log.error("Failed")
-        yield* Prompt.outro("Done")
-        return
-      }
-      yield* Effect.orDie(authSvc.set(url, { type: "wellknown", key: wellknown.auth.env, token: token.trim() }))
-      yield* Prompt.log.success("Logged into " + url)
-      yield* Prompt.outro("Done")
-      return
-    }
-
    const cfgSvc = yield* Config.Service
    const pluginSvc = yield* Plugin.Service
    const modelsDev = yield* ModelsDev.Service
+    const authSvc = yield* Auth.Service
+
+    UI.empty()
+    prompts.intro("Add credential")
+    if (args.url) {
+      const url = args.url.replace(/\/+$/, "")
+      const wellknown = (yield* Effect.promise(() => fetch(`${url}/.well-known/opencode`).then((x) => x.json()))) as {
+        auth: { command: string[]; env: string }
+      }
+      prompts.log.info(`Running \`${wellknown.auth.command.join(" ")}\``)
+      const proc = Process.spawn(wellknown.auth.command, { stdout: "pipe", stderr: "inherit" })
+      if (!proc.stdout) {
+        prompts.log.error("Failed")
+        prompts.outro("Done")
+        return
+      }
+      const [exit, token] = yield* Effect.promise(() => Promise.all([proc.exited, text(proc.stdout!)]))
+      if (exit !== 0) {
+        prompts.log.error("Failed")
+        prompts.outro("Done")
+        return
+      }
+      yield* Effect.orDie(authSvc.set(url, { type: "wellknown", key: wellknown.auth.env, token: token.trim() }))
+      prompts.log.success("Logged into " + url)
+      prompts.outro("Done")
+      return
+    }
    yield* Effect.ignore(modelsDev.refresh(true))

    const config = yield* cfgSvc.get()
@@ -409,46 +392,53 @@ export const ProvidersLoginCommand = effectCmd({
      const byName = options.find((x) => x.label.toLowerCase() === input.toLowerCase())
      const match = byID ?? byName
      if (!match) {
-        return yield* fail(`Unknown provider "${input}"`)
+        prompts.log.error(`Unknown provider "${input}"`)
+        process.exit(1)
      }
      provider = match.value
    } else {
-      provider = yield* promptValue(
-        yield* Prompt.autocomplete({
+      const selected = yield* Effect.promise(() =>
+        prompts.autocomplete({
          message: "Select provider",
          maxItems: 8,
          options: [...options, { value: "other", label: "Other" }],
        }),
      )
+      if (prompts.isCancel(selected)) yield* Effect.die(new UI.CancelledError())
+      provider = selected as string
    }

    const plugin = hooks.findLast((x) => x.auth?.provider === provider)
    if (plugin && plugin.auth) {
-      const handled = yield* handlePluginAuth({ auth: plugin.auth! }, provider, args.method)
+      const handled = yield* Effect.promise(() => handlePluginAuth({ auth: plugin.auth! }, provider, args.method))
      if (handled) return
    }

    if (provider === "other") {
-      provider = (yield* promptValue(
-        yield* Prompt.text({
+      const custom = yield* Effect.promise(() =>
+        prompts.text({
          message: "Enter provider id",
          validate: (x) => (x && x.match(/^[0-9a-z-]+$/) ? undefined : "a-z, 0-9 and hyphens only"),
        }),
-      )).replace(/^@ai-sdk\//, "")
+      )
+      if (prompts.isCancel(custom)) yield* Effect.die(new UI.CancelledError())
+      provider = (custom as string).replace(/^@ai-sdk\//, "")

      const customPlugin = hooks.findLast((x) => x.auth?.provider === provider)
      if (customPlugin && customPlugin.auth) {
-        const handled = yield* handlePluginAuth({ auth: customPlugin.auth! }, provider, args.method)
+        const handled = yield* Effect.promise(() =>
+          handlePluginAuth({ auth: customPlugin.auth! }, provider, args.method),
+        )
        if (handled) return
      }

-      yield* Prompt.log.warn(
+      prompts.log.warn(
        `This only stores a credential for ${provider} - you will need configure it in opencode.json, check the docs for examples.`,
      )
    }

    if (provider === "amazon-bedrock") {
-      yield* Prompt.log.info(
+      prompts.log.info(
        "Amazon Bedrock authentication priority:\n" +
          "  1. Bearer token (AWS_BEARER_TOKEN_BEDROCK or /connect)\n" +
          "  2. AWS credential chain (profile, access keys, IAM roles, EKS IRSA)\n\n" +
@@ -458,27 +448,29 @@ export const ProvidersLoginCommand = effectCmd({
    }

    if (provider === "opencode") {
-      yield* Prompt.log.info("Create an api key at https://opencode.ai/auth")
+      prompts.log.info("Create an api key at https://opencode.ai/auth")
    }

    if (provider === "vercel") {
-      yield* Prompt.log.info("You can create an api key at https://vercel.link/ai-gateway-token")
+      prompts.log.info("You can create an api key at https://vercel.link/ai-gateway-token")
    }

    if (["cloudflare", "cloudflare-ai-gateway"].includes(provider)) {
-      yield* Prompt.log.info(
+      prompts.log.info(
        "Cloudflare AI Gateway can be configured with CLOUDFLARE_GATEWAY_ID, CLOUDFLARE_ACCOUNT_ID, and CLOUDFLARE_API_TOKEN environment variables. Read more: https://opencode.ai/docs/providers/#cloudflare-ai-gateway",
      )
    }

-    const key = yield* Prompt.password({
-      message: "Enter your API key",
-      validate: (x) => (x && x.length > 0 ? undefined : "Required"),
-    })
-    const apiKey = yield* promptValue(key)
-    yield* Effect.orDie(authSvc.set(provider, { type: "api", key: apiKey }))
+    const key = yield* Effect.promise(() =>
+      prompts.password({
+        message: "Enter your API key",
+        validate: (x) => (x && x.length > 0 ? undefined : "Required"),
+      }),
+    )
+    if (prompts.isCancel(key)) yield* Effect.die(new UI.CancelledError())
+    yield* Effect.orDie(authSvc.set(provider, { type: "api", key: key as string }))

-    yield* Prompt.outro("Done")
+    prompts.outro("Done")
  }),
 })

@@ -493,20 +485,24 @@ export const ProvidersLogoutCommand = effectCmd({

    UI.empty()
    const credentials: Array<[string, Auth.Info]> = Object.entries(yield* Effect.orDie(authSvc.all()))
-    yield* Prompt.intro("Remove credential")
+    prompts.intro("Remove credential")
    if (credentials.length === 0) {
-      yield* Prompt.log.error("No credentials found")
+      prompts.log.error("No credentials found")
      return
    }
    const database = yield* modelsDev.get()
-    const selected = yield* Prompt.select({
-      message: "Select provider",
-      options: credentials.map(([key, value]) => ({
-        label: (database[key]?.name || key) + UI.Style.TEXT_DIM + " (" + value.type + ")",
-        value: key,
-      })),
-    })
-    yield* Effect.orDie(authSvc.remove(yield* promptValue(selected)))
-    yield* Prompt.outro("Logout successful")
+    const selected = yield* Effect.promise(() =>
+      prompts.select({
+        message: "Select provider",
+        options: credentials.map(([key, value]) => ({
+          label: (database[key]?.name || key) + UI.Style.TEXT_DIM + " (" + value.type + ")",
+          value: key,
+        })),
+      }),
+    )
+    if (prompts.isCancel(selected)) yield* Effect.die(new UI.CancelledError())
+    const providerID = selected as string
+    yield* Effect.orDie(authSvc.remove(providerID))
+    prompts.outro("Logout successful")
  }),
 })
--- a/packages/opencode/src/cli/cmd/tui/context/sync-v2.tsx
+++ b/packages/opencode/src/cli/cmd/tui/context/sync-v2.tsx
@@ -11,21 +11,21 @@ import { createSimpleContext } from "./helper"
 import { useSDK } from "./sdk"

 function activeAssistant(messages: SessionMessage[]) {
-  const index = messages.findLastIndex((message) => message.type === "assistant" && !message.time.completed)
+  const index = messages.findIndex((message) => message.type === "assistant" && !message.time.completed)
  if (index < 0) return
  const assistant = messages[index]
  return assistant?.type === "assistant" ? assistant : undefined
 }

 function activeCompaction(messages: SessionMessage[]) {
-  const index = messages.findLastIndex((message) => message.type === "compaction")
+  const index = messages.findIndex((message) => message.type === "compaction")
  if (index < 0) return
  const compaction = messages[index]
  return compaction?.type === "compaction" ? compaction : undefined
 }

 function activeShell(messages: SessionMessage[], callID: string) {
-  const index = messages.findLastIndex((message) => message.type === "shell" && message.callID === callID)
+  const index = messages.findIndex((message) => message.type === "shell" && message.callID === callID)
  if (index < 0) return
  const shell = messages[index]
  return shell?.type === "shell" ? shell : undefined
@@ -74,7 +74,7 @@ export const { use: useSyncV2, provider: SyncProviderV2 } = createSimpleContext(
      switch (event.type) {
        case "session.next.prompted": {
          update(event.properties.sessionID, (draft) => {
-            draft.push({
+            draft.unshift({
              id: event.id,
              type: "user",
              text: event.properties.prompt.text,
@@ -87,7 +87,7 @@ export const { use: useSyncV2, provider: SyncProviderV2 } = createSimpleContext(
        }
        case "session.next.synthetic":
          update(event.properties.sessionID, (draft) => {
-            draft.push({
+            draft.unshift({
              id: event.id,
              type: "synthetic",
              sessionID: event.properties.sessionID,
@@ -98,7 +98,7 @@ export const { use: useSyncV2, provider: SyncProviderV2 } = createSimpleContext(
          break
        case "session.next.shell.started":
          update(event.properties.sessionID, (draft) => {
-            draft.push({
+            draft.unshift({
              id: event.id,
              type: "shell",
              callID: event.properties.callID,
@@ -120,7 +120,7 @@ export const { use: useSyncV2, provider: SyncProviderV2 } = createSimpleContext(
          update(event.properties.sessionID, (draft) => {
            const currentAssistant = activeAssistant(draft)
            if (currentAssistant) currentAssistant.time.completed = event.properties.timestamp
-            draft.push({
+            draft.unshift({
              id: event.id,
              type: "assistant",
              agent: event.properties.agent,
@@ -259,7 +259,7 @@ export const { use: useSyncV2, provider: SyncProviderV2 } = createSimpleContext(
          break
        case "session.next.compaction.started":
          update(event.properties.sessionID, (draft) => {
-            draft.push({
+            draft.unshift({
              id: event.id,
              type: "compaction",
              reason: event.properties.reason,
--- a/packages/opencode/src/cli/cmd/tui/feature-plugins/system/session-v2.tsx
+++ b/packages/opencode/src/cli/cmd/tui/feature-plugins/system/session-v2.tsx
@@ -5,7 +5,7 @@ import { Spinner } from "@tui/component/spinner"
 import { useTheme } from "@tui/context/theme"
 import { useLocal } from "@tui/context/local"
 import { useKeyboard, useRenderer, useTerminalDimensions, type JSX } from "@opentui/solid"
-import type { SyntaxStyle } from "@opentui/core"
+import { TextAttributes, type BoxRenderable, type SyntaxStyle } from "@opentui/core"
 import { Locale } from "@/util/locale"
 import { LANGUAGE_EXTENSIONS } from "@/lsp/language"
 import path from "path"
@@ -44,6 +44,10 @@ function View(props: { api: TuiPluginApi; sessionID: string }) {
  const messages = createMemo(() => sync.data.messages[props.sessionID] ?? [])
  const renderedMessages = createMemo(() => messages().toReversed())
  const lastAssistant = createMemo(() => renderedMessages().findLast((message) => message.type === "assistant"))
+  const lastUserCreated = (index: number) =>
+    renderedMessages()
+      .slice(0, index)
+      .findLast((message) => message.type === "user")?.time.created

  createEffect(() => {
    void sync.session.message.sync(props.sessionID)
@@ -83,10 +87,11 @@ function View(props: { api: TuiPluginApi; sessionID: string }) {
                      last={lastAssistant()?.id === message.id}
                      syntax={syntax()}
                      subtleSyntax={subtleSyntax()}
+                      start={lastUserCreated(index())}
                    />
                  </Match>
                  <Match when={message.type === "synthetic"}>
-                    <SyntheticMessage message={message as SessionMessageSynthetic} index={index()} />
+                    <></>
                  </Match>
                  <Match when={message.type === "shell"}>
                    <ShellMessage message={message as SessionMessageShell} />
@@ -146,63 +151,36 @@ function UserMessage(props: { message: SessionMessageUser; index: number }) {
    <box
      id={props.message.id}
      border={["left"]}
-      borderColor={theme.primary}
+      borderColor={theme.secondary}
      customBorderChars={SplitBorder.customBorderChars}
      marginTop={props.index === 0 ? 0 : 1}
      flexShrink={0}
-    >
-      <box paddingTop={1} paddingBottom={1} paddingLeft={2} backgroundColor={theme.backgroundPanel}>
-        <Show
-          when={props.message.text.trim()}
-          fallback={
-            <MissingData label="User message text" detail={`Message ${props.message.id} has no text field content.`} />
-          }
-        >
-          <text fg={theme.text}>{props.message.text}</text>
-        </Show>
-        <Show when={attachments().length}>
-          <box flexDirection="row" paddingTop={1} gap={1} flexWrap="wrap">
-            <For each={props.message.files ?? []}>
-              {(file) => (
-                <text fg={theme.text}>
-                  <span style={{ bg: theme.secondary, fg: theme.background }}> {file.mime} </span>
-                  <span style={{ bg: theme.backgroundElement, fg: theme.textMuted }}> {file.name ?? file.uri} </span>
-                </text>
-              )}
-            </For>
-            <For each={props.message.agents ?? []}>
-              {(agent) => (
-                <text fg={theme.text}>
-                  <span style={{ bg: theme.accent, fg: theme.background }}> agent </span>
-                  <span style={{ bg: theme.backgroundElement, fg: theme.textMuted }}> {agent.name} </span>
-                </text>
-              )}
-            </For>
-          </box>
-        </Show>
-        <text fg={theme.textMuted}>{Locale.todayTimeOrDateTime(props.message.time.created)}</text>
-      </box>
-    </box>
-  )
-}
-
-function SyntheticMessage(props: { message: SessionMessageSynthetic; index: number }) {
-  const { theme } = useTheme()
-  return (
-    <box
-      id={props.message.id}
-      border={["left"]}
-      borderColor={theme.backgroundElement}
-      customBorderChars={SplitBorder.customBorderChars}
-      marginTop={props.index === 0 ? 0 : 1}
-      paddingLeft={2}
      paddingTop={1}
      paddingBottom={1}
+      paddingLeft={2}
      backgroundColor={theme.backgroundPanel}
-      flexShrink={0}
    >
-      <text fg={theme.textMuted}>Synthetic</text>
      <text fg={theme.text}>{props.message.text}</text>
+      <Show when={attachments().length}>
+        <box flexDirection="row" paddingTop={1} gap={1} flexWrap="wrap">
+          <For each={props.message.files ?? []}>
+            {(file) => (
+              <text fg={theme.text}>
+                <span style={{ bg: theme.secondary, fg: theme.background }}> {file.mime} </span>
+                <span style={{ bg: theme.backgroundElement, fg: theme.textMuted }}> {file.name ?? file.uri} </span>
+              </text>
+            )}
+          </For>
+          <For each={props.message.agents ?? []}>
+            {(agent) => (
+              <text fg={theme.text}>
+                <span style={{ bg: theme.accent, fg: theme.background }}> agent </span>
+                <span style={{ bg: theme.backgroundElement, fg: theme.textMuted }}> {agent.name} </span>
+              </text>
+            )}
+          </For>
+        </box>
+      </Show>
    </box>
  )
 }
@@ -237,7 +215,7 @@ function ShellMessage(props: { message: SessionMessageShell }) {
 }

 function CompactionMessage(props: { message: SessionMessageCompaction }) {
-  const { theme } = useTheme()
+  const { theme, syntax } = useTheme()
  return (
    <box
      marginTop={1}
@@ -248,7 +226,19 @@ function CompactionMessage(props: { message: SessionMessageCompaction }) {
      flexShrink={0}
    >
      <Show when={props.message.summary}>
-        <text fg={theme.textMuted}>{props.message.summary}</text>
+        {(summary) => (
+          <box paddingLeft={3} paddingTop={1}>
+            <code
+              filetype="markdown"
+              drawUnstyledText={false}
+              streaming={false}
+              syntaxStyle={syntax()}
+              content={summary().trim()}
+              conceal={true}
+              fg={theme.text}
+            />
+          </box>
+        )}
      </Show>
    </box>
  )
@@ -294,12 +284,13 @@ function AssistantMessage(props: {
  last: boolean
  syntax: SyntaxStyle
  subtleSyntax: SyntaxStyle
+  start?: number
 }) {
  const { theme } = useTheme()
  const local = useLocal()
  const duration = createMemo(() => {
    if (!props.message.time.completed) return 0
-    return props.message.time.completed - props.message.time.created
+    return props.message.time.completed - (props.start ?? props.message.time.created)
  })
  const model = createMemo(() => {
    const variant = props.message.model.variant ? `/${props.message.model.variant}` : ""
@@ -361,7 +352,7 @@ function AssistantText(props: { part: SessionMessageAssistantText; syntax: Synta
  const { theme } = useTheme()
  return (
    <Show when={props.part.text.trim()}>
-      <box paddingLeft={3} marginTop={1} flexShrink={0}>
+      <box paddingLeft={3} marginTop={1} flexShrink={0} id="text">
        <code
          filetype="markdown"
          drawUnstyledText={false}
@@ -521,33 +512,93 @@ function InlineTool(props: {
  part: SessionMessageAssistantTool
 }) {
  const { theme } = useTheme()
+  const renderer = useRenderer()
+  const [margin, setMargin] = createSignal(0)
+  const [hover, setHover] = createSignal(false)
+  const [showError, setShowError] = createSignal(false)
  const error = createMemo(() => (props.part.state.status === "error" ? props.part.state.error.message : undefined))
+  const complete = createMemo(() => !!props.complete)
  const denied = createMemo(() => {
    const message = error()
    if (!message) return false
    return (
      message.includes("QuestionRejectedError") ||
      message.includes("rejected permission") ||
+      message.includes("specified a rule") ||
      message.includes("user dismissed")
    )
  })
+  const fg = createMemo(() => {
+    if (error()) return theme.error
+    if (complete()) return theme.textMuted
+    return theme.text
+  })
+  const attributes = createMemo(() => (denied() ? TextAttributes.STRIKETHROUGH : undefined))
  return (
-    <box marginTop={1} paddingLeft={3} flexShrink={0}>
-      <Switch>
-        <Match when={props.spinner}>
-          <Spinner color={theme.text}>{props.children}</Spinner>
-        </Match>
-        <Match when={true}>
-          <text paddingLeft={3} fg={props.complete ? theme.textMuted : theme.text}>
-            <Show fallback={<>~ {props.pending}</>} when={props.complete}>
-              {props.icon} {props.children}
-            </Show>
-          </text>
-        </Match>
-      </Switch>
-      <Show when={error() && !denied()}>
-        <text fg={theme.error}>{error()}</text>
-      </Show>
+    <box
+      marginTop={margin()}
+      paddingLeft={3}
+      flexShrink={0}
+      flexDirection="row"
+      gap={1}
+      backgroundColor={hover() && error() ? theme.backgroundMenu : undefined}
+      onMouseOver={() => error() && setHover(true)}
+      onMouseOut={() => setHover(false)}
+      onMouseUp={() => {
+        if (!error()) return
+        if (renderer.getSelection()?.getSelectedText()) return
+        setShowError((prev) => !prev)
+      }}
+      renderBefore={function () {
+        const el = this as BoxRenderable
+        const parent = el.parent
+        if (!parent) return
+        const previous = parent.getChildren()[parent.getChildren().indexOf(el) - 1]
+        if (!previous) {
+          setMargin(0)
+          return
+        }
+        if (previous.id.startsWith("text")) setMargin(1)
+      }}
+    >
+      <box flexShrink={0}>
+        <Switch>
+          <Match when={props.spinner}>
+            <Spinner color={theme.text} />
+          </Match>
+          <Match when={complete()}>
+            <text fg={fg()} attributes={attributes()}>
+              {props.icon}
+            </text>
+          </Match>
+          <Match when={true}>
+            <text fg={fg()} attributes={attributes()}>
+              ~
+            </text>
+          </Match>
+        </Switch>
+      </box>
+      <box flexGrow={1}>
+        <box>
+          <Switch>
+            <Match when={complete()}>
+              <text fg={fg()} attributes={attributes()}>
+                {props.children}
+              </text>
+            </Match>
+            <Match when={true}>
+              <text fg={fg()} attributes={attributes()}>
+                {props.pending}
+              </text>
+            </Match>
+          </Switch>
+        </box>
+        <Show when={showError() && error()}>
+          <box>
+            <text fg={theme.error}>{error()}</text>
+          </box>
+        </Show>
+      </box>
    </box>
  )
 }
--- a/packages/opencode/src/cli/effect/prompt.ts
+++ b/packages/opencode/src/cli/effect/prompt.ts
@@ -6,27 +6,15 @@ export const outro = (msg: string) => Effect.sync(() => prompts.outro(msg))

 export const log = {
  info: (msg: string) => Effect.sync(() => prompts.log.info(msg)),
-  error: (msg: string) => Effect.sync(() => prompts.log.error(msg)),
-  warn: (msg: string) => Effect.sync(() => prompts.log.warn(msg)),
-  success: (msg: string) => Effect.sync(() => prompts.log.success(msg)),
-}
-
-const optional = <Value>(result: Value | symbol) => {
-  if (prompts.isCancel(result)) return Option.none<Value>()
-  return Option.some(result)
 }

 export const select = <Value>(opts: Parameters<typeof prompts.select<Value>>[0]) =>
-  Effect.promise(() => prompts.select(opts)).pipe(Effect.map((result) => optional(result)))
-
-export const autocomplete = <Value>(opts: Parameters<typeof prompts.autocomplete<Value>>[0]) =>
-  Effect.promise(() => prompts.autocomplete(opts)).pipe(Effect.map((result) => optional(result)))
-
-export const text = (opts: Parameters<typeof prompts.text>[0]) =>
-  Effect.promise(() => prompts.text(opts)).pipe(Effect.map((result) => optional(result)))
-
-export const password = (opts: Parameters<typeof prompts.password>[0]) =>
-  Effect.promise(() => prompts.password(opts)).pipe(Effect.map((result) => optional(result)))
+  Effect.tryPromise(() => prompts.select(opts)).pipe(
+    Effect.map((result) => {
+      if (prompts.isCancel(result)) return Option.none<Value>()
+      return Option.some(result)
+    }),
+  )

 export const spinner = () => {
  const s = prompts.spinner()
--- a/packages/opencode/src/effect/app-runtime.ts
+++ b/packages/opencode/src/effect/app-runtime.ts
@@ -46,7 +46,6 @@ import { Vcs } from "@/project/vcs"
 import { Workspace } from "@/control-plane/workspace"
 import { Worktree } from "@/worktree"
 import { Pty } from "@/pty"
-import { PtyTicket } from "@/pty/ticket"
 import { Installation } from "@/installation"
 import { ShareNext } from "@/share/share-next"
 import { SessionShare } from "@/share/session"
@@ -99,7 +98,6 @@ export const AppLayer = Layer.mergeAll(
  Workspace.defaultLayer,
  Worktree.appLayer,
  Pty.defaultLayer,
-  PtyTicket.defaultLayer,
  Installation.defaultLayer,
  ShareNext.defaultLayer,
  SessionShare.defaultLayer,
--- a/packages/opencode/src/id/id.ts
+++ b/packages/opencode/src/id/id.ts
@@ -13,6 +13,7 @@ const prefixes = {
  tool: "tool",
  workspace: "wrk",
  entry: "ent",
+  account: "act",
 } as const

 export function schema(prefix: keyof typeof prefixes) {
--- a/packages/opencode/src/plugin/codex.ts
+++ b/packages/opencode/src/plugin/codex.ts
@@ -14,14 +14,7 @@ const ISSUER = "https://auth.openai.com"
 const CODEX_API_ENDPOINT = "https://chatgpt.com/backend-api/codex/responses"
 const OAUTH_PORT = 1455
 const OAUTH_POLLING_SAFETY_MARGIN_MS = 3000
-const ALLOWED_MODELS = new Set([
-  "gpt-5.5",
-  "gpt-5.2",
-  "gpt-5.3-codex",
-  "gpt-5.3-codex-spark",
-  "gpt-5.4",
-  "gpt-5.4-mini",
-])
+const ALLOWED_MODELS = new Set(["gpt-5.5", "gpt-5.2", "gpt-5.3-codex", "gpt-5.4", "gpt-5.4-mini"])

 interface PkceCodes {
  verifier: string
--- a/packages/opencode/src/provider/provider.ts
+++ b/packages/opencode/src/provider/provider.ts
@@ -138,14 +138,6 @@ function useLanguageModel(sdk: any) {
  return sdk.responses === undefined && sdk.chat === undefined
 }

-function selectAzureLanguageModel(sdk: any, modelID: string, useChat: boolean) {
-  if (useChat && sdk.chat) return sdk.chat(modelID)
-  if (sdk.responses) return sdk.responses(modelID)
-  if (sdk.messages) return sdk.messages(modelID)
-  if (sdk.chat) return sdk.chat(modelID)
-  return sdk.languageModel(modelID)
-}
-
 function custom(dep: CustomDep): Record<string, CustomLoader> {
  return {
    anthropic: () =>
@@ -230,7 +222,12 @@ function custom(dep: CustomDep): Record<string, CustomLoader> {
      return {
        autoload: false,
        async getModel(sdk: any, modelID: string, options?: Record<string, any>) {
-          return selectAzureLanguageModel(sdk, modelID, Boolean(options?.["useCompletionUrls"]))
+          if (useLanguageModel(sdk)) return sdk.languageModel(modelID)
+          if (options?.["useCompletionUrls"]) {
+            return sdk.chat(modelID)
+          } else {
+            return sdk.responses(modelID)
+          }
        },
        options: {
          resourceName: resource,
@@ -250,7 +247,12 @@ function custom(dep: CustomDep): Record<string, CustomLoader> {
      return {
        autoload: false,
        async getModel(sdk: any, modelID: string, options?: Record<string, any>) {
-          return selectAzureLanguageModel(sdk, modelID, Boolean(options?.["useCompletionUrls"]))
+          if (useLanguageModel(sdk)) return sdk.languageModel(modelID)
+          if (options?.["useCompletionUrls"]) {
+            return sdk.chat(modelID)
+          } else {
+            return sdk.responses(modelID)
+          }
        },
        options: {
          baseURL: resourceName ? `https://${resourceName}.cognitiveservices.azure.com/openai` : undefined,
--- a/packages/opencode/src/pty/ticket.ts
+++ b/packages/opencode/src/pty/ticket.ts
@@ -1,68 +0,0 @@
-export * as PtyTicket from "./ticket"
-
-import { WorkspaceID } from "@/control-plane/schema"
-import { InstanceRef, WorkspaceRef } from "@/effect/instance-ref"
-import { PtyID } from "@/pty/schema"
-import { PositiveInt } from "@/util/schema"
-import { Cache, Context, Duration, Effect, Layer, Schema } from "effect"
-
-const DEFAULT_TTL = Duration.seconds(60)
-const CAPACITY = 10_000
-
-export const ConnectToken = Schema.Struct({
-  ticket: Schema.String,
-  expires_in: PositiveInt,
-})
-
-export type Scope = {
-  readonly ptyID: PtyID
-  readonly directory?: string
-  readonly workspaceID?: WorkspaceID
-}
-
-export interface Interface {
-  issue(input: Scope): Effect.Effect<typeof ConnectToken.Type>
-  consume(input: Scope & { readonly ticket: string }): Effect.Effect<boolean>
-}
-
-export class Service extends Context.Service<Service, Interface>()("@opencode/PtyTicket") {}
-
-function matches(record: Scope, input: Scope) {
-  return (
-    record.ptyID === input.ptyID && record.directory === input.directory && record.workspaceID === input.workspaceID
-  )
-}
-
-// Tickets are inserted via Cache.set and removed atomically via invalidateWhen. The lookup is
-// never invoked; it dies if it ever is, which would signal a misuse of the Service interface.
-const noLookup = () => Effect.die("PtyTicket cache must be used via set/invalidateWhen, never get")
-
-// Visible for tests so the TTL can be shortened. Production uses `layer` with the default TTL.
-export const make = (ttl: Duration.Input = DEFAULT_TTL) =>
-  Effect.gen(function* () {
-    const cache = yield* Cache.make<string, Scope>({ capacity: CAPACITY, lookup: noLookup, timeToLive: ttl })
-    const expiresIn = Math.max(1, Math.round(Duration.toSeconds(Duration.fromInputUnsafe(ttl))))
-    return Service.of({
-      issue: Effect.fn("PtyTicket.issue")(function* (input) {
-        const ticket = crypto.randomUUID()
-        yield* Cache.set(cache, ticket, input)
-        return { ticket, expires_in: expiresIn }
-      }),
-      consume: Effect.fn("PtyTicket.consume")(function* (input) {
-        return yield* Cache.invalidateWhen(cache, input.ticket, (stored) => matches(stored, input))
-      }),
-    })
-  })
-
-export const layer = Layer.effect(Service, make())
-
-export const defaultLayer = layer
-
-export const scope = Effect.gen(function* () {
-  const instance = yield* InstanceRef
-  const workspaceID = yield* WorkspaceRef
-  return {
-    directory: instance?.directory,
-    workspaceID,
-  }
-})
--- a/packages/opencode/src/server/cors.ts
+++ b/packages/opencode/src/server/cors.ts
@@ -1,13 +1,7 @@
-import { Context } from "effect"
-
 const opencodeOrigin = /^https:\/\/([a-z0-9-]+\.)*opencode\.ai$/

 export type CorsOptions = { readonly cors?: ReadonlyArray<string> }

-export const CorsConfig = Context.Reference<CorsOptions | undefined>("@opencode/ServerCorsConfig", {
-  defaultValue: () => undefined,
-})
-
 export function isAllowedCorsOrigin(input: string | undefined, opts?: CorsOptions) {
  if (!input) return true
  if (input.startsWith("http://localhost:")) return true
@@ -18,17 +12,3 @@ export function isAllowedCorsOrigin(input: string | undefined, opts?: CorsOption
  if (opencodeOrigin.test(input)) return true
  return opts?.cors?.includes(input) ?? false
 }
-
-export function isAllowedRequestOrigin(input: string | undefined, host: string | undefined, opts?: CorsOptions) {
-  if (!input) return true
-  if (host && sameHost(input, host)) return true
-  return isAllowedCorsOrigin(input, opts)
-}
-
-function sameHost(origin: string, host: string) {
-  try {
-    return new URL(origin).host === host
-  } catch {
-    return false
-  }
-}
--- a/packages/opencode/src/server/error.ts
+++ b/packages/opencode/src/server/error.ts
@@ -21,9 +21,6 @@ export const ERRORS = {
      },
    },
  },
-  403: {
-    description: "Forbidden",
-  },
  404: {
    description: "Not found",
    content: {
--- a/packages/opencode/src/server/middleware.ts
+++ b/packages/opencode/src/server/middleware.ts
@@ -12,8 +12,6 @@ import { cors } from "hono/cors"
 import { compress } from "hono/compress"
 import * as ServerBackend from "./backend"
 import { isAllowedCorsOrigin, type CorsOptions } from "./cors"
-import { isPtyConnectPath, PTY_CONNECT_TICKET_QUERY } from "./shared/pty-ticket"
-import { isPublicUIPath } from "./shared/public-ui"

 const log = Log.create({ service: "server" })

@@ -46,8 +44,6 @@ export const AuthMiddleware: MiddlewareHandler = (c, next) => {
  if (c.req.method === "OPTIONS") return next()
  const password = Flag.OPENCODE_SERVER_PASSWORD
  if (!password) return next()
-  if (isPublicUIPath(c.req.method, c.req.path)) return next()
-  if (isPtyConnectPath(c.req.path) && c.req.query(PTY_CONNECT_TICKET_QUERY)) return next()
  const username = Flag.OPENCODE_SERVER_USERNAME ?? "opencode"

  if (c.req.query("auth_token")) c.req.raw.headers.set("authorization", `Basic ${c.req.query("auth_token")}`)
@@ -62,7 +58,6 @@ export function LoggerMiddleware(backendAttributes: ServerBackend.Attributes): M
    const attributes = {
      method: c.req.method,
      path: c.req.path,
-      // If this logger grows full-URL fields, redact auth_token and ticket query params.
      ...backendAttributes,
    }
    log.info("request", attributes)
--- a/packages/opencode/src/server/routes/instance/httpapi/groups/pty.ts
+++ b/packages/opencode/src/server/routes/instance/httpapi/groups/pty.ts
@@ -1,5 +1,4 @@
 import { Pty } from "@/pty"
-import { PtyTicket } from "@/pty/ticket"
 import { PtyID } from "@/pty/schema"
 import { Schema } from "effect"
 import { HttpApi, HttpApiEndpoint, HttpApiError, HttpApiGroup, OpenApi } from "effect/unstable/httpapi"
@@ -24,7 +23,6 @@ export const PtyPaths = {
  get: `${root}/:ptyID`,
  update: `${root}/:ptyID`,
  remove: `${root}/:ptyID`,
-  connectToken: `${root}/:ptyID/connect-token`,
  connect: `${root}/:ptyID/connect`,
 } as const

@@ -95,17 +93,6 @@ export const PtyApi = HttpApi.make("pty")
            description: "Remove and terminate a specific pseudo-terminal (PTY) session.",
          }),
        ),
-        HttpApiEndpoint.post("connectToken", PtyPaths.connectToken, {
-          params: { ptyID: PtyID },
-          success: described(PtyTicket.ConnectToken, "WebSocket connect token"),
-          error: [HttpApiError.Forbidden, HttpApiError.NotFound],
-        }).annotateMerge(
-          OpenApi.annotations({
-            identifier: "pty.connectToken",
-            summary: "Create PTY WebSocket token",
-            description: "Create a short-lived ticket for opening a PTY WebSocket connection.",
-          }),
-        ),
      )
      .annotateMerge(OpenApi.annotations({ title: "pty", description: "Experimental HttpApi PTY routes." }))
      .middleware(InstanceContextMiddleware)
@@ -126,7 +113,7 @@ export const PtyConnectApi = HttpApi.make("pty-connect").add(
      HttpApiEndpoint.get("connect", PtyPaths.connect, {
        params: Params,
        success: described(Schema.Boolean, "Connected session"),
-        error: [HttpApiError.Forbidden, HttpApiError.NotFound],
+        error: HttpApiError.NotFound,
      }).annotateMerge(
        OpenApi.annotations({
          identifier: "pty.connect",
--- a/packages/opencode/src/server/routes/instance/httpapi/handlers/pty.ts
+++ b/packages/opencode/src/server/routes/instance/httpapi/handlers/pty.ts
@@ -1,15 +1,8 @@
 import { Pty } from "@/pty"
 import { PtyID } from "@/pty/schema"
-import { PtyTicket } from "@/pty/ticket"
 import { handlePtyInput } from "@/pty/input"
 import { Shell } from "@/shell/shell"
 import { EffectBridge } from "@/effect/bridge"
-import { CorsConfig, isAllowedRequestOrigin, type CorsOptions } from "@/server/cors"
-import {
-  PTY_CONNECT_TICKET_QUERY,
-  PTY_CONNECT_TOKEN_HEADER,
-  PTY_CONNECT_TOKEN_HEADER_VALUE,
-} from "@/server/shared/pty-ticket"
 import { Effect } from "effect"
 import { HttpRouter, HttpServerRequest, HttpServerResponse } from "effect/unstable/http"
 import { HttpApiBuilder, HttpApiError } from "effect/unstable/httpapi"
@@ -18,15 +11,9 @@ import { InstanceHttpApi } from "../api"
 import { CursorQuery, Params, PtyPaths } from "../groups/pty"
 import { WebSocketTracker } from "../websocket-tracker"

-function validOrigin(request: HttpServerRequest.HttpServerRequest, opts: CorsOptions | undefined) {
-  return isAllowedRequestOrigin(request.headers.origin, request.headers.host, opts)
-}
-
 export const ptyHandlers = HttpApiBuilder.group(InstanceHttpApi, "pty", (handlers) =>
  Effect.gen(function* () {
    const pty = yield* Pty.Service
-    const tickets = yield* PtyTicket.Service
-    const cors = yield* CorsConfig

    const shells = Effect.fn("PtyHttpApi.shells")(function* () {
      return yield* Effect.promise(() => Shell.list())
@@ -67,14 +54,6 @@ export const ptyHandlers = HttpApiBuilder.group(InstanceHttpApi, "pty", (handler
      return true
    })

-    const connectToken = Effect.fn("PtyHttpApi.connectToken")(function* (ctx: { params: { ptyID: PtyID } }) {
-      const request = yield* HttpServerRequest.HttpServerRequest
-      if (request.headers[PTY_CONNECT_TOKEN_HEADER] !== PTY_CONNECT_TOKEN_HEADER_VALUE || !validOrigin(request, cors))
-        return yield* new HttpApiError.Forbidden({})
-      if (!(yield* pty.get(ctx.params.ptyID))) return yield* new HttpApiError.NotFound({})
-      return yield* tickets.issue({ ptyID: ctx.params.ptyID, ...(yield* PtyTicket.scope) })
-    })
-
    return handlers
      .handle("shells", shells)
      .handle("list", list)
@@ -82,15 +61,12 @@ export const ptyHandlers = HttpApiBuilder.group(InstanceHttpApi, "pty", (handler
      .handle("get", get)
      .handle("update", update)
      .handle("remove", remove)
-      .handle("connectToken", connectToken)
  }),
 )

 export const ptyConnectRoute = HttpRouter.use((router) =>
  Effect.gen(function* () {
    const pty = yield* Pty.Service
-    const tickets = yield* PtyTicket.Service
-    const cors = yield* CorsConfig
    yield* router.add(
      "GET",
      PtyPaths.connect,
@@ -99,20 +75,12 @@ export const ptyConnectRoute = HttpRouter.use((router) =>
        if (!(yield* pty.get(params.ptyID))) return HttpServerResponse.empty({ status: 404 })

        const query = yield* HttpServerRequest.schemaSearchParams(CursorQuery)
-        const request = yield* HttpServerRequest.HttpServerRequest
-        const ticket = new URL(request.url, "http://localhost").searchParams.get(PTY_CONNECT_TICKET_QUERY)
-        if (ticket) {
-          const valid = validOrigin(request, cors)
-            ? yield* tickets.consume({ ticket, ptyID: params.ptyID, ...(yield* PtyTicket.scope) })
-            : false
-          if (!valid) return HttpServerResponse.empty({ status: 403 })
-        }
        const parsedCursor = query.cursor === undefined ? undefined : Number(query.cursor)
        const cursor =
          parsedCursor !== undefined && Number.isSafeInteger(parsedCursor) && parsedCursor >= -1
            ? parsedCursor
            : undefined
-        const socket = yield* Effect.orDie(request.upgrade)
+        const socket = yield* Effect.orDie((yield* HttpServerRequest.HttpServerRequest).upgrade)
        const write = yield* socket.writer
        const closeAccepted = (event: Socket.CloseEvent) =>
          socket
--- a/packages/opencode/src/server/routes/instance/httpapi/middleware/authorization.ts
+++ b/packages/opencode/src/server/routes/instance/httpapi/middleware/authorization.ts
@@ -2,8 +2,6 @@ import { ServerAuth } from "@/server/auth"
 import { Effect, Encoding, Layer, Redacted } from "effect"
 import { HttpRouter, HttpServerRequest, HttpServerResponse } from "effect/unstable/http"
 import { HttpApiError, HttpApiMiddleware } from "effect/unstable/httpapi"
-import { hasPtyConnectTicketURL } from "@/server/shared/pty-ticket"
-import { isPublicUIPath } from "@/server/shared/public-ui"

 const AUTH_TOKEN_QUERY = "auth_token"
 const UNAUTHORIZED = 401
@@ -57,11 +55,7 @@ function decodeCredential(input: string) {
 }

 function credentialFromRequest(request: HttpServerRequest.HttpServerRequest) {
-  return credentialFromURL(new URL(request.url, "http://localhost"), request)
-}
-
-function credentialFromURL(url: URL, request: HttpServerRequest.HttpServerRequest) {
-  const token = url.searchParams.get(AUTH_TOKEN_QUERY)
+  const token = new URL(request.url, "http://localhost").searchParams.get(AUTH_TOKEN_QUERY)
  if (token) return decodeCredential(token)
  const match = /^Basic\s+(.+)$/i.exec(request.headers.authorization ?? "")
  if (match) return decodeCredential(match[1])
@@ -92,10 +86,7 @@ export const authorizationRouterMiddleware = HttpRouter.middleware()(
    return (effect) =>
      Effect.gen(function* () {
        const request = yield* HttpServerRequest.HttpServerRequest
-        const url = new URL(request.url, "http://localhost")
-        if (isPublicUIPath(request.method, url.pathname)) return yield* effect
-        if (hasPtyConnectTicketURL(url)) return yield* effect
-        return yield* credentialFromURL(url, request).pipe(
+        return yield* credentialFromRequest(request).pipe(
          Effect.flatMap((credential) => validateRawCredential(effect, credential, config)),
        )
      })
--- a/packages/opencode/src/server/routes/instance/httpapi/server.ts
+++ b/packages/opencode/src/server/routes/instance/httpapi/server.ts
@@ -25,7 +25,6 @@ import { ProviderAuth } from "@/provider/auth"
 import { ModelsDev } from "@/provider/models"
 import { Provider } from "@/provider/provider"
 import { Pty } from "@/pty"
-import { PtyTicket } from "@/pty/ticket"
 import { Question } from "@/question"
 import { Session } from "@/session/session"
 import { SessionCompaction } from "@/session/compaction"
@@ -45,7 +44,7 @@ import { lazy } from "@/util/lazy"
 import { Vcs } from "@/project/vcs"
 import { Worktree } from "@/worktree"
 import { Workspace } from "@/control-plane/workspace"
-import { CorsConfig, isAllowedCorsOrigin, type CorsOptions } from "@/server/cors"
+import { isAllowedCorsOrigin, type CorsOptions } from "@/server/cors"
 import { serveUIEffect } from "@/server/shared/ui"
 import { ServerAuth } from "@/server/auth"
 import { InstanceHttpApi, RootHttpApi } from "./api"
@@ -164,7 +163,6 @@ export function createRoutes(corsOptions?: CorsOptions) {
      ProviderAuth.defaultLayer,
      Provider.defaultLayer,
      Pty.defaultLayer,
-      PtyTicket.defaultLayer,
      Question.defaultLayer,
      Ripgrep.defaultLayer,
      Session.defaultLayer,
@@ -189,7 +187,6 @@ export function createRoutes(corsOptions?: CorsOptions) {
      FetchHttpClient.layer,
      HttpServer.layerServices,
    ]),
-    Layer.provideMerge(Layer.succeed(CorsConfig)(corsOptions)),
    Layer.provideMerge(InstanceLayer.layer),
    Layer.provideMerge(Observability.layer),
  )
--- a/packages/opencode/src/server/routes/instance/index.ts
+++ b/packages/opencode/src/server/routes/instance/index.ts
@@ -39,11 +39,10 @@ import { SessionPaths } from "./httpapi/groups/session"
 import { SyncPaths } from "./httpapi/groups/sync"
 import { TuiPaths } from "./httpapi/groups/tui"
 import { WorkspacePaths } from "./httpapi/groups/workspace"
-import type { CorsOptions } from "@/server/cors"

-export const InstanceRoutes = (upgrade: UpgradeWebSocket, opts?: CorsOptions): Hono => {
+export const InstanceRoutes = (upgrade: UpgradeWebSocket): Hono => {
  const app = new Hono()
-  const handler = ExperimentalHttpApiServer.webHandler(opts).handler
+  const handler = ExperimentalHttpApiServer.webHandler().handler
  const context = Context.empty() as Context.Context<unknown>

  app.all("/api/*", (c) => handler(c.req.raw, context))
@@ -108,7 +107,6 @@ export const InstanceRoutes = (upgrade: UpgradeWebSocket, opts?: CorsOptions): H
    app.get(PtyPaths.get, (c) => handler(c.req.raw, context))
    app.put(PtyPaths.update, (c) => handler(c.req.raw, context))
    app.delete(PtyPaths.remove, (c) => handler(c.req.raw, context))
-    app.post(PtyPaths.connectToken, (c) => handler(c.req.raw, context))
    app.get(PtyPaths.connect, (c) => handler(c.req.raw, context))
    app.get(SessionPaths.list, (c) => handler(c.req.raw, context))
    app.get(SessionPaths.status, (c) => handler(c.req.raw, context))
@@ -160,7 +158,7 @@ export const InstanceRoutes = (upgrade: UpgradeWebSocket, opts?: CorsOptions): H

  return app
    .route("/project", ProjectRoutes())
-    .route("/pty", PtyRoutes(upgrade, opts))
+    .route("/pty", PtyRoutes(upgrade))
    .route("/config", ConfigRoutes())
    .route("/experimental", ExperimentalRoutes())
    .route("/session", SessionRoutes())
--- a/packages/opencode/src/server/routes/instance/pty.ts
+++ b/packages/opencode/src/server/routes/instance/pty.ts
@@ -1,5 +1,4 @@
 import { Hono } from "hono"
-import type { Context } from "hono"
 import { describeRoute, validator, resolver } from "hono-openapi"
 import type { UpgradeWebSocket } from "hono/ws"
 import { Effect, Schema } from "effect"
@@ -7,19 +6,10 @@ import z from "zod"
 import { AppRuntime } from "@/effect/app-runtime"
 import { Pty } from "@/pty"
 import { PtyID } from "@/pty/schema"
-import { PtyTicket } from "@/pty/ticket"
 import { Shell } from "@/shell/shell"
 import { NotFoundError } from "@/storage/storage"
 import { errors } from "../../error"
 import { jsonRequest, runRequest } from "./trace"
-import { HTTPException } from "hono/http-exception"
-import { isAllowedRequestOrigin, type CorsOptions } from "@/server/cors"
-import {
-  PTY_CONNECT_TICKET_QUERY,
-  PTY_CONNECT_TOKEN_HEADER,
-  PTY_CONNECT_TOKEN_HEADER_VALUE,
-} from "@/server/shared/pty-ticket"
-import { zod as effectZod } from "@/util/effect-zod"

 const ShellItem = z.object({
  path: z.string(),
@@ -28,11 +18,7 @@ const ShellItem = z.object({
 })
 const decodePtyID = Schema.decodeUnknownSync(PtyID)

-function validOrigin(c: Context, opts?: CorsOptions) {
-  return isAllowedRequestOrigin(c.req.header("origin"), c.req.header("host"), opts)
-}
-
-export function PtyRoutes(upgradeWebSocket: UpgradeWebSocket, opts?: CorsOptions) {
+export function PtyRoutes(upgradeWebSocket: UpgradeWebSocket) {
  return new Hono()
    .get(
      "/shells",
@@ -189,43 +175,6 @@ export function PtyRoutes(upgradeWebSocket: UpgradeWebSocket, opts?: CorsOptions
          return true
        }),
    )
-    .post(
-      "/:ptyID/connect-token",
-      describeRoute({
-        summary: "Create PTY WebSocket token",
-        description: "Create a short-lived token for opening a PTY WebSocket connection.",
-        operationId: "pty.connectToken",
-        responses: {
-          200: {
-            description: "WebSocket connect token",
-            content: {
-              "application/json": {
-                schema: resolver(effectZod(PtyTicket.ConnectToken)),
-              },
-            },
-          },
-          ...errors(403, 404),
-        },
-      }),
-      validator("param", z.object({ ptyID: PtyID.zod })),
-      async (c) => {
-        if (c.req.header(PTY_CONNECT_TOKEN_HEADER) !== PTY_CONNECT_TOKEN_HEADER_VALUE || !validOrigin(c, opts))
-          throw new HTTPException(403)
-        const result = await runRequest(
-          "PtyRoutes.connectToken",
-          c,
-          Effect.gen(function* () {
-            const pty = yield* Pty.Service
-            const id = c.req.valid("param").ptyID
-            if (!(yield* pty.get(id))) return
-            const tickets = yield* PtyTicket.Service
-            return yield* tickets.issue({ ptyID: id, ...(yield* PtyTicket.scope) })
-          }),
-        )
-        if (!result) throw new NotFoundError({ message: "Session not found" })
-        return c.json(result)
-      },
-    )
    .get(
      "/:ptyID/connect",
      describeRoute({
@@ -241,7 +190,7 @@ export function PtyRoutes(upgradeWebSocket: UpgradeWebSocket, opts?: CorsOptions
              },
            },
          },
-          ...errors(403, 404),
+          ...errors(404),
        },
      }),
      validator("param", z.object({ ptyID: PtyID.zod })),
@@ -252,6 +201,14 @@ export function PtyRoutes(upgradeWebSocket: UpgradeWebSocket, opts?: CorsOptions
        }

        const id = decodePtyID(c.req.param("ptyID"))
+        const cursor = (() => {
+          const value = c.req.query("cursor")
+          if (!value) return
+          const parsed = Number(value)
+          if (!Number.isSafeInteger(parsed) || parsed < -1) return
+          return parsed
+        })()
+        let handler: Handler | undefined
        if (
          !(await runRequest(
            "PtyRoutes.connect",
@@ -262,29 +219,8 @@ export function PtyRoutes(upgradeWebSocket: UpgradeWebSocket, opts?: CorsOptions
            }),
          ))
        ) {
-          throw new NotFoundError({ message: "Session not found" })
+          throw new Error("Session not found")
        }
-        const ticket = c.req.query(PTY_CONNECT_TICKET_QUERY)
-        if (ticket) {
-          if (!validOrigin(c, opts)) throw new HTTPException(403)
-          const valid = await runRequest(
-            "PtyRoutes.connect.ticket",
-            c,
-            Effect.gen(function* () {
-              const tickets = yield* PtyTicket.Service
-              return yield* tickets.consume({ ticket, ptyID: id, ...(yield* PtyTicket.scope) })
-            }),
-          )
-          if (!valid) throw new HTTPException(403)
-        }
-        const cursor = (() => {
-          const value = c.req.query("cursor")
-          if (!value) return
-          const parsed = Number(value)
-          if (!Number.isSafeInteger(parsed) || parsed < -1) return
-          return parsed
-        })()
-        let handler: Handler | undefined

        type Socket = {
          readyState: number
--- a/packages/opencode/src/server/server.ts
+++ b/packages/opencode/src/server/server.ts
@@ -120,7 +120,7 @@ function createHono(opts: CorsOptions, selection: ServerBackend.Selection = Serv
      app: app
        .use(InstanceMiddleware(Flag.OPENCODE_WORKSPACE_ID ? WorkspaceID.make(Flag.OPENCODE_WORKSPACE_ID) : undefined))
        .use(FenceMiddleware)
-        .route("/", InstanceRoutes(runtime.upgradeWebSocket, opts)),
+        .route("/", InstanceRoutes(runtime.upgradeWebSocket)),
      runtime,
    }
  }
@@ -136,7 +136,7 @@ function createHono(opts: CorsOptions, selection: ServerBackend.Selection = Serv
    app: app
      .route("/", ControlPlaneRoutes())
      .route("/", workspaceApp)
-      .route("/", InstanceRoutes(runtime.upgradeWebSocket, opts))
+      .route("/", InstanceRoutes(runtime.upgradeWebSocket))
      .route("/", UIRoutes()),
    runtime,
  }
--- a/packages/opencode/src/server/shared/pty-ticket.ts
+++ b/packages/opencode/src/server/shared/pty-ticket.ts
@@ -1,15 +0,0 @@
-export const PTY_CONNECT_TICKET_QUERY = "ticket"
-export const PTY_CONNECT_TOKEN_HEADER = "x-opencode-ticket"
-export const PTY_CONNECT_TOKEN_HEADER_VALUE = "1"
-
-const PTY_CONNECT_PATH = /^\/pty\/[^/]+\/connect$/
-
-// Auth middleware skips Basic Auth when this matches; the PTY connect handler
-// is then responsible for validating the ticket.
-export function isPtyConnectPath(pathname: string) {
-  return PTY_CONNECT_PATH.test(pathname)
-}
-
-export function hasPtyConnectTicketURL(url: URL) {
-  return isPtyConnectPath(url.pathname) && !!url.searchParams.get(PTY_CONNECT_TICKET_QUERY)
-}
--- a/packages/opencode/src/server/shared/public-ui.ts
+++ b/packages/opencode/src/server/shared/public-ui.ts
@@ -1,12 +0,0 @@
-// Static UI assets the browser fetches without app-managed credentials, e.g.
-// the manifest link in <head>. These bypass auth so the page can install/render
-// the manifest icons even when a server password is configured.
-export const PUBLIC_UI_PATHS = new Set<string>([
-  "/site.webmanifest",
-  "/web-app-manifest-192x192.png",
-  "/web-app-manifest-512x512.png",
-])
-
-export function isPublicUIPath(method: string, pathname: string) {
-  return method === "GET" && PUBLIC_UI_PATHS.has(pathname)
-}
--- a/packages/opencode/src/server/shared/ui.ts
+++ b/packages/opencode/src/server/shared/ui.ts
@@ -33,7 +33,6 @@ function proxyResponseHeaders(headers: Record<string, string>) {
  // transfer metadata makes browsers decode already-decoded assets again.
  result.delete("content-encoding")
  result.delete("content-length")
-  result.delete("transfer-encoding")
  return result
 }

--- a/packages/opencode/src/session/processor.ts
+++ b/packages/opencode/src/session/processor.ts
@@ -655,7 +655,7 @@ export const layer: Layer.Layer<
          EventV2.run(SessionEvent.Step.Failed.Sync, {
            sessionID: ctx.sessionID,
            error: {
-              type: error.name,
+              type: "unknown",
              message: errorMessage(e),
            },
            timestamp: DateTime.makeUnsafe(Date.now()),
--- a/packages/opencode/src/v2/auth.ts
+++ b/packages/opencode/src/v2/auth.ts
@@ -0,0 +1,246 @@
+import path from "path"
+import { Effect, Layer, Option, Schema, Context, SynchronizedRef } from "effect"
+import { Identifier } from "@opencode-ai/core/util/identifier"
+import { NonNegativeInt, withStatics } from "@/util/schema"
+import { Global } from "@opencode-ai/core/global"
+import { AppFileSystem } from "@opencode-ai/core/filesystem"
+
+export const OAUTH_DUMMY_KEY = "opencode-oauth-dummy-key"
+
+const AccountID = Schema.String.pipe(
+  Schema.brand("AccountID"),
+  withStatics((schema) => ({ create: () => schema.make("acc_" + Identifier.ascending()) })),
+)
+export type AccountID = typeof AccountID.Type
+
+export const ServiceID = Schema.String.pipe(Schema.brand("ServiceID"))
+export type ServiceID = typeof ServiceID.Type
+
+export class OAuthCredential extends Schema.Class<OAuthCredential>("AuthV2.OAuthCredential")({
+  type: Schema.Literal("oauth"),
+  refresh: Schema.String,
+  access: Schema.String,
+  expires: NonNegativeInt,
+}) {}
+
+export class ApiKeyCredential extends Schema.Class<ApiKeyCredential>("AuthV2.ApiKeyCredential")({
+  type: Schema.Literal("api"),
+  key: Schema.String,
+  metadata: Schema.optional(Schema.Record(Schema.String, Schema.String)),
+}) {}
+
+export const Credential = Schema.Union([OAuthCredential, ApiKeyCredential])
+  .pipe(Schema.toTaggedUnion("type"))
+  .annotate({
+    identifier: "AuthV2.Credential",
+  })
+export type Credential = Schema.Schema.Type<typeof Credential>
+
+export class Account extends Schema.Class<Account>("AuthV2.Account")({
+  id: AccountID,
+  serviceID: ServiceID,
+  description: Schema.String,
+  credential: Credential,
+}) {}
+
+export class AuthFileWriteError extends Schema.TaggedErrorClass<AuthFileWriteError>()("AuthV2.FileWriteError", {
+  operation: Schema.Union([Schema.Literal("migrate"), Schema.Literal("write")]),
+  cause: Schema.Defect,
+}) {}
+
+export type AuthError = AuthFileWriteError
+
+interface Writable {
+  version: 2
+  accounts: Record<string, Account>
+  active: Record<string, AccountID>
+}
+
+const decodeV1 = Schema.decodeUnknownOption(Schema.Record(Schema.String, Credential))
+
+function migrate(old: Record<string, unknown>): Writable {
+  const accounts: Record<string, Account> = {}
+  const active: Record<string, AccountID> = {}
+  for (const [serviceID, value] of Object.entries(old)) {
+    const decoded = Option.getOrElse(decodeV1({ [serviceID]: value }), () => ({}))
+    const parsed = (decoded as Record<string, Credential>)[serviceID]
+    if (!parsed) continue
+    const id = Identifier.ascending()
+    const accountID = AccountID.make(id)
+    const brandedServiceID = ServiceID.make(serviceID)
+    accounts[id] = new Account({
+      id: accountID,
+      serviceID: brandedServiceID,
+      description: "default",
+      credential: parsed,
+    })
+    active[brandedServiceID] = accountID
+  }
+  return { version: 2, accounts, active }
+}
+
+export interface Interface {
+  readonly get: (accountID: AccountID) => Effect.Effect<Account | undefined, AuthError>
+  readonly all: () => Effect.Effect<Account[], AuthError>
+  readonly create: (input: {
+    serviceID: ServiceID
+    credential: Credential
+    description?: string
+    active?: boolean
+  }) => Effect.Effect<Account, AuthError>
+  readonly update: (
+    accountID: AccountID,
+    updates: Partial<Pick<Account, "description" | "credential">>,
+  ) => Effect.Effect<void, AuthError>
+  readonly remove: (accountID: AccountID) => Effect.Effect<void, AuthError>
+  readonly activate: (accountID: AccountID) => Effect.Effect<void, AuthError>
+  readonly active: (serviceID: ServiceID) => Effect.Effect<Account | undefined, AuthError>
+  readonly forService: (serviceID: ServiceID) => Effect.Effect<Account[], AuthError>
+}
+
+export class Service extends Context.Service<Service, Interface>()("@opencode/v2/Auth") {}
+
+export const layer = Layer.effect(
+  Service,
+  Effect.gen(function* () {
+    const fsys = yield* AppFileSystem.Service
+    const global = yield* Global.Service
+    const file = path.join(global.data, "auth-v2.json")
+
+    const load: () => Effect.Effect<Writable, AuthError> = Effect.fnUntraced(function* () {
+      if (process.env.OPENCODE_AUTH_CONTENT) {
+        try {
+          return JSON.parse(process.env.OPENCODE_AUTH_CONTENT)
+        } catch {}
+      }
+
+      const raw = yield* fsys.readJson(file).pipe(Effect.orElseSucceed(() => null))
+
+      if (!raw || typeof raw !== "object") return { version: 2, accounts: {}, active: {} }
+
+      if ("version" in raw && raw.version === 2) return raw as Writable
+
+      const migrated = migrate(raw as Record<string, unknown>)
+      yield* fsys
+        .writeJson(file, migrated, 0o600)
+        .pipe(Effect.mapError((cause) => new AuthFileWriteError({ operation: "migrate", cause })))
+      return migrated
+    })
+
+    const write = (data: Writable) =>
+      fsys
+        .writeJson(file, data, 0o600)
+        .pipe(Effect.mapError((cause) => new AuthFileWriteError({ operation: "write", cause })))
+
+    const state = SynchronizedRef.makeUnsafe(yield* load())
+
+    const result: Interface = {
+      get: Effect.fn("AuthV2.get")(function* (accountID) {
+        return (yield* SynchronizedRef.get(state)).accounts[accountID]
+      }),
+
+      all: Effect.fn("AuthV2.all")(function* () {
+        return Object.values((yield* SynchronizedRef.get(state)).accounts)
+      }),
+
+      active: Effect.fn("AuthV2.active")(function* (serviceID) {
+        const data = yield* SynchronizedRef.get(state)
+        return (
+          data.accounts[data.active[serviceID]] ?? Object.values(data.accounts).find((a) => a.serviceID === serviceID)
+        )
+      }),
+
+      forService: Effect.fn("AuthV2.list")(function* (serviceID) {
+        return Object.values((yield* SynchronizedRef.get(state)).accounts).filter((a) => a.serviceID === serviceID)
+      }),
+
+      create: Effect.fn("AuthV2.add")(function* (input) {
+        return yield* SynchronizedRef.modifyEffect(
+          state,
+          Effect.fnUntraced(function* (data) {
+            const account = new Account({
+              id: AccountID.make(Identifier.ascending()),
+              serviceID: input.serviceID,
+              description: input.description ?? "default",
+              credential: input.credential,
+            })
+            const next = {
+              ...data,
+              accounts: { ...data.accounts, [account.id]: account },
+              active:
+                (input.active ?? Object.values(data.accounts).every((a) => a.serviceID !== input.serviceID))
+                  ? { ...data.active, [input.serviceID]: account.id }
+                  : data.active,
+            }
+
+            yield* write(next)
+            return [account, next] as const
+          }),
+        )
+      }),
+
+      update: Effect.fn("AuthV2.update")(function* (accountID, updates) {
+        yield* SynchronizedRef.modifyEffect(
+          state,
+          Effect.fnUntraced(function* (data) {
+            const existing = data.accounts[accountID]
+            if (!existing) return [undefined, data] as const
+
+            const next = {
+              ...data,
+              accounts: {
+                ...data.accounts,
+                [accountID]: new Account({
+                  id: accountID,
+                  serviceID: existing.serviceID,
+                  description: updates.description ?? existing.description,
+                  credential: updates.credential ?? existing.credential,
+                }),
+              },
+            }
+
+            yield* write(next)
+            return [undefined, next] as const
+          }),
+        )
+      }),
+
+      remove: Effect.fn("AuthV2.remove")(function* (accountID) {
+        yield* SynchronizedRef.modifyEffect(
+          state,
+          Effect.fnUntraced(function* (data) {
+            const accounts = { ...data.accounts }
+            const active = { ...data.active }
+            if (accounts[accountID] && active[accounts[accountID].serviceID] === accountID)
+              delete active[accounts[accountID].serviceID]
+            delete accounts[accountID]
+
+            const next = { ...data, accounts, active }
+            yield* write(next)
+            return [undefined, next] as const
+          }),
+        )
+      }),
+
+      activate: Effect.fn("AuthV2.activate")(function* (accountID) {
+        yield* SynchronizedRef.modifyEffect(
+          state,
+          Effect.fnUntraced(function* (data) {
+            const account = data.accounts[accountID]
+            if (!account) return [undefined, data] as const
+
+            const next = { ...data, active: { ...data.active, [account.serviceID]: accountID } }
+            yield* write(next)
+            return [undefined, next] as const
+          }),
+        )
+      }),
+    }
+
+    return Service.of(result)
+  }),
+)
+
+export const defaultLayer = layer.pipe(Layer.provide(AppFileSystem.defaultLayer), Layer.provide(Global.defaultLayer))
+
+export * as AuthV2 from "./auth"
--- a/packages/opencode/src/v2/model.ts
+++ b/packages/opencode/src/v2/model.ts
@@ -0,0 +1,135 @@
+import { withStatics } from "@/util/schema"
+import { Array, Context, Effect, HashMap, Layer, Option, Order, pipe, Schema } from "effect"
+import { DateTimeUtcFromMillis } from "effect/Schema"
+
+export const ID = Schema.String.pipe(Schema.brand("Model.ID"))
+export type ID = typeof ID.Type
+
+export const ProviderID = Schema.String.pipe(
+  Schema.brand("Model.ProviderID"),
+  withStatics((schema) => ({
+    // Well-known providers
+    opencode: schema.make("opencode"),
+    anthropic: schema.make("anthropic"),
+    openai: schema.make("openai"),
+    google: schema.make("google"),
+    googleVertex: schema.make("google-vertex"),
+    githubCopilot: schema.make("github-copilot"),
+    amazonBedrock: schema.make("amazon-bedrock"),
+    azure: schema.make("azure"),
+    openrouter: schema.make("openrouter"),
+    mistral: schema.make("mistral"),
+    gitlab: schema.make("gitlab"),
+  })),
+)
+export type ProviderID = typeof ProviderID.Type
+
+export const ApiFormat = Schema.Union([
+  Schema.Literal("openai/responses"),
+  Schema.Literal("openai/completions"),
+  Schema.Literal("anthropic"),
+])
+
+const Modalities = Schema.Struct({
+  text: Schema.Boolean,
+  audio: Schema.Boolean,
+  image: Schema.Boolean,
+  video: Schema.Boolean,
+  pdf: Schema.Boolean,
+})
+
+export const Capabilities = Schema.Struct({
+  temperature: Schema.Boolean,
+  reasoning: Schema.Boolean,
+  attachment: Schema.Boolean,
+  toolcall: Schema.Boolean,
+  small: Schema.Boolean,
+  input: Modalities,
+  output: Modalities,
+})
+
+export class Info extends Schema.Class<Info>("Model.Info")({
+  id: ID,
+  providerID: ProviderID,
+  api: Schema.Struct({
+    format: ApiFormat,
+    url: Schema.String,
+    headers: Schema.Record(Schema.String, Schema.String),
+  }),
+  capabilities: Capabilities,
+  name: Schema.String,
+  family: Schema.optional(Schema.String),
+  variants: Schema.Record(Schema.String, Schema.Record(Schema.String, Schema.Any)),
+  time: Schema.Struct({
+    released: DateTimeUtcFromMillis,
+  }),
+}) {}
+
+export function parse(input: string): { providerID: ProviderID; modelID: ID } {
+  const [providerID, ...modelID] = input.split("/")
+  return {
+    providerID: ProviderID.make(providerID),
+    modelID: ID.make(modelID.join("/")),
+  }
+}
+
+export interface Interface {
+  readonly get: (providerID: ProviderID, modelID: ID) => Effect.Effect<Option.Option<Info>>
+  readonly add: (model: Info) => Effect.Effect<void>
+  readonly remove: (providerID: ProviderID, modelID: ID) => Effect.Effect<void>
+  readonly all: () => Effect.Effect<Info[]>
+  readonly default: () => Effect.Effect<Option.Option<Info>>
+  readonly small: (provider: ProviderID) => Effect.Effect<Option.Option<Info>>
+}
+
+export class Service extends Context.Service<Service, Interface>()("@opencode/v2/Model") {}
+
+export const layer = Layer.effect(
+  Service,
+  Effect.gen(function* () {
+    let models = HashMap.empty<string, Info>()
+
+    function key(providerID: ProviderID, modelID: ID) {
+      return `${providerID}/${modelID}`
+    }
+
+    const result: Interface = {
+      get: Effect.fn("V2Model.get")(function* (providerID, modelID) {
+        return HashMap.get(models, key(providerID, modelID))
+      }),
+
+      add: Effect.fn("V2Model.add")(function* (model) {
+        models = HashMap.set(models, key(model.providerID, model.id), model)
+      }),
+
+      remove: Effect.fn("V2Model.remove")(function* (providerID, modelID) {
+        models = HashMap.remove(models, key(providerID, modelID))
+      }),
+
+      all: Effect.fn("V2Model.all")(function* () {
+        return pipe(
+          models,
+          HashMap.toValues,
+          Array.sortWith((item) => item.time.released.epochMilliseconds, Order.flip(Order.Number)),
+        )
+      }),
+
+      default: Effect.fn("V2Model.default")(function* () {
+        const all = yield* result.all()
+        return Option.fromUndefinedOr(all[0])
+      }),
+
+      small: Effect.fn("V2Model.small")(function* (providerID) {
+        const all = yield* result.all()
+        const match = all.find((model) => model.capabilities.small && model.providerID === providerID)
+        return Option.fromUndefinedOr(match)
+      }),
+    }
+
+    return Service.of(result)
+  }),
+)
+
+export const defaultLayer = layer
+
+export * as Modelv2 from "./model"
--- a/packages/opencode/src/v2/session-event.ts
+++ b/packages/opencode/src/v2/session-event.ts
@@ -22,10 +22,13 @@ const Base = {
  sessionID: SessionID,
 }

-const Error = Schema.Struct({
-  type: Schema.String,
+export const UnknownError = Schema.Struct({
+  type: Schema.Literal("unknown"),
  message: Schema.String,
+}).annotate({
+  identifier: "Session.Error.Unknown",
 })
+export type UnknownError = Schema.Schema.Type<typeof UnknownError>

 export const AgentSwitched = EventV2.define({
  type: "session.next.agent.switched",
@@ -139,7 +142,7 @@ export namespace Step {
    aggregate: "sessionID",
    schema: {
      ...Base,
-      error: Error,
+      error: UnknownError,
    },
  })
  export type Failed = Schema.Schema.Type<typeof Failed>
@@ -296,7 +299,7 @@ export namespace Tool {
    schema: {
      ...Base,
      callID: Schema.String,
-      error: Error,
+      error: UnknownError,
      provider: Schema.Struct({
        executed: Schema.Boolean,
        metadata: Schema.Record(Schema.String, Schema.Unknown).pipe(Schema.optional),
--- a/packages/opencode/src/v2/session-message.ts
+++ b/packages/opencode/src/v2/session-message.ts
@@ -87,10 +87,7 @@ export class ToolStateError extends Schema.Class<ToolStateError>("Session.Messag
  input: Schema.Record(Schema.String, Schema.Unknown),
  content: ToolOutput.Content.pipe(Schema.Array),
  structured: ToolOutput.Structured,
-  error: Schema.Struct({
-    type: Schema.String,
-    message: Schema.String,
-  }),
+  error: SessionEvent.UnknownError,
 }) {}

 export const ToolState = Schema.Union([ToolStatePending, ToolStateRunning, ToolStateCompleted, ToolStateError]).pipe(
--- a/packages/opencode/test/agent/plugin-agent-regression.test.ts
+++ b/packages/opencode/test/agent/plugin-agent-regression.test.ts
@@ -1,65 +1,52 @@
-import { expect } from "bun:test"
-import { CrossSpawnSpawner } from "@opencode-ai/core/cross-spawn-spawner"
-import { Effect, Layer } from "effect"
+import { afterEach, expect, test } from "bun:test"
 import path from "path"
 import { pathToFileURL } from "url"
+import { AppRuntime } from "../../src/effect/app-runtime"
 import { Agent } from "../../src/agent/agent"
-import { InstanceRef } from "../../src/effect/instance-ref"
-import { InstanceLayer } from "../../src/project/instance-layer"
-import { InstanceStore } from "../../src/project/instance-store"
-import { tmpdirScoped } from "../fixture/fixture"
-import { testEffect } from "../lib/effect"
+import { Instance } from "../../src/project/instance"
+import { WithInstance } from "../../src/project/with-instance"
+import { disposeAllInstances, tmpdir } from "../fixture/fixture"

-const pluginAgent = {
-  name: "plugin_added",
-  description: "Added by a plugin via the config hook",
-  mode: "subagent",
-} as const
+afterEach(async () => {
+  await disposeAllInstances()
+})

-const it = testEffect(Layer.mergeAll(Agent.defaultLayer, InstanceLayer.layer, CrossSpawnSpawner.defaultLayer))
+test("plugin-registered agents appear in Agent.list", async () => {
+  await using tmp = await tmpdir({
+    init: async (dir) => {
+      const pluginFile = path.join(dir, "plugin.ts")
+      await Bun.write(
+        pluginFile,
+        [
+          "export default async () => ({",
+          "  config: async (cfg) => {",
+          "    cfg.agent = cfg.agent ?? {}",
+          "    cfg.agent.plugin_added = {",
+          '      description: "Added by a plugin via the config hook",',
+          '      mode: "subagent",',
+          "    }",
+          "  },",
+          "})",
+          "",
+        ].join("\n"),
+      )
+      await Bun.write(
+        path.join(dir, "opencode.json"),
+        JSON.stringify({
+          $schema: "https://opencode.ai/config.json",
+          plugin: [pathToFileURL(pluginFile).href],
+        }),
+      )
+    },
+  })

-it.live("plugin-registered agents appear in Agent.list", () =>
-  Effect.gen(function* () {
-    const dir = yield* tmpdirScoped()
-    const pluginFile = path.join(dir, "plugin.ts")
-
-    yield* Effect.promise(async () => {
-      await Promise.all([
-        Bun.write(
-          pluginFile,
-          [
-            "export default async () => ({",
-            "  config: async (cfg) => {",
-            "    cfg.agent = cfg.agent ?? {}",
-            `    cfg.agent[${JSON.stringify(pluginAgent.name)}] = {`,
-            `      description: ${JSON.stringify(pluginAgent.description)},`,
-            `      mode: ${JSON.stringify(pluginAgent.mode)},`,
-            "    }",
-            "  },",
-            "})",
-            "",
-          ].join("\n"),
-        ),
-        Bun.write(
-          path.join(dir, "opencode.json"),
-          JSON.stringify({
-            $schema: "https://opencode.ai/config.json",
-            plugin: [pathToFileURL(pluginFile).href],
-          }),
-        ),
-      ])
-    })
-
-    const agents = yield* InstanceStore.Service.use((store) =>
-      Effect.gen(function* () {
-        const ctx = yield* store.load({ directory: dir })
-        yield* Effect.addFinalizer(() => store.dispose(ctx).pipe(Effect.ignore))
-        return yield* Agent.Service.use((svc) => svc.list()).pipe(Effect.provideService(InstanceRef, ctx))
-      }),
-    )
-    const added = agents.find((agent) => agent.name === pluginAgent.name)
-
-    expect(added?.description).toBe(pluginAgent.description)
-    expect(added?.mode).toBe(pluginAgent.mode)
-  }),
-)
+  await WithInstance.provide({
+    directory: tmp.path,
+    fn: async () => {
+      const agents = await AppRuntime.runPromise(Agent.Service.use((svc) => svc.list()))
+      const added = agents.find((agent) => agent.name === "plugin_added")
+      expect(added?.description).toBe("Added by a plugin via the config hook")
+      expect(added?.mode).toBe("subagent")
+    },
+  })
+})
--- a/packages/opencode/test/pty/ticket.test.ts
+++ b/packages/opencode/test/pty/ticket.test.ts
@@ -1,57 +0,0 @@
-import { describe, expect } from "bun:test"
-import { Effect, Layer } from "effect"
-import { WorkspaceID } from "../../src/control-plane/schema"
-import { PtyID } from "../../src/pty/schema"
-import { PtyTicket } from "../../src/pty/ticket"
-import { testEffect } from "../lib/effect"
-
-const it = testEffect(PtyTicket.layer)
-const itExpiring = testEffect(Layer.effect(PtyTicket.Service, PtyTicket.make(5)))
-
-describe("PTY websocket tickets", () => {
-  it.live("consumes tickets once", () =>
-    Effect.gen(function* () {
-      const tickets = yield* PtyTicket.Service
-      const scope = { ptyID: PtyID.ascending(), directory: "/tmp/a" }
-      const issued = yield* tickets.issue(scope)
-
-      expect(yield* tickets.consume({ ...scope, ticket: issued.ticket })).toBe(true)
-      expect(yield* tickets.consume({ ...scope, ticket: issued.ticket })).toBe(false)
-    }),
-  )
-
-  it.live("rejects tickets scoped to a different request", () =>
-    Effect.gen(function* () {
-      const tickets = yield* PtyTicket.Service
-      const ptyID = PtyID.ascending()
-      const issued = yield* tickets.issue({ ptyID, directory: "/tmp/a" })
-
-      expect(yield* tickets.consume({ ptyID, directory: "/tmp/b", ticket: issued.ticket })).toBe(false)
-      expect(yield* tickets.consume({ ptyID, directory: "/tmp/a", ticket: issued.ticket })).toBe(true)
-    }),
-  )
-
-  itExpiring.live("rejects tickets after the TTL elapses", () =>
-    Effect.gen(function* () {
-      const tickets = yield* PtyTicket.Service
-      const ptyID = PtyID.ascending()
-      const issued = yield* tickets.issue({ ptyID })
-
-      yield* Effect.promise(() => new Promise((resolve) => setTimeout(resolve, 25)))
-
-      expect(yield* tickets.consume({ ptyID, ticket: issued.ticket })).toBe(false)
-    }),
-  )
-
-  it.live("rejects tickets scoped to a different workspace", () =>
-    Effect.gen(function* () {
-      const tickets = yield* PtyTicket.Service
-      const ptyID = PtyID.ascending()
-      const workspaceID = WorkspaceID.ascending()
-      const issued = yield* tickets.issue({ ptyID, workspaceID })
-
-      expect(yield* tickets.consume({ ptyID, workspaceID: WorkspaceID.ascending(), ticket: issued.ticket })).toBe(false)
-      expect(yield* tickets.consume({ ptyID, workspaceID, ticket: issued.ticket })).toBe(true)
-    }),
-  )
-})
--- a/packages/opencode/test/server/httpapi-listen.test.ts
+++ b/packages/opencode/test/server/httpapi-listen.test.ts
@@ -31,8 +31,8 @@ afterEach(async () => {
  await resetDatabase()
 })

-async function startListener(backend: "effect-httpapi" | "hono" = "effect-httpapi") {
-  Flag.OPENCODE_EXPERIMENTAL_HTTPAPI = backend === "effect-httpapi"
+async function startListener() {
+  Flag.OPENCODE_EXPERIMENTAL_HTTPAPI = true
  Flag.OPENCODE_SERVER_PASSWORD = auth.password
  Flag.OPENCODE_SERVER_USERNAME = auth.username
  process.env.OPENCODE_SERVER_PASSWORD = auth.password
@@ -40,53 +40,19 @@ async function startListener(backend: "effect-httpapi" | "hono" = "effect-httpap
  return Server.listen({ hostname: "127.0.0.1", port: 0 })
 }

-async function startNoAuthListener() {
-  Flag.OPENCODE_EXPERIMENTAL_HTTPAPI = false
-  Flag.OPENCODE_SERVER_PASSWORD = undefined
-  Flag.OPENCODE_SERVER_USERNAME = auth.username
-  delete process.env.OPENCODE_SERVER_PASSWORD
-  process.env.OPENCODE_SERVER_USERNAME = auth.username
-  return Server.listen({ hostname: "127.0.0.1", port: 0 })
-}
-
 function authorization() {
  return `Basic ${btoa(`${auth.username}:${auth.password}`)}`
 }

-function socketURL(listener: Awaited<ReturnType<typeof startListener>>, id: string, dir: string, ticket?: string) {
+function socketURL(listener: Awaited<ReturnType<typeof startListener>>, id: string, dir: string) {
  const url = new URL(PtyPaths.connect.replace(":ptyID", id), listener.url)
  url.protocol = "ws:"
  url.searchParams.set("directory", dir)
  url.searchParams.set("cursor", "-1")
-  if (ticket) url.searchParams.set("ticket", ticket)
+  url.searchParams.set("auth_token", btoa(`${auth.username}:${auth.password}`))
  return url
 }

-async function requestTicket(
-  listener: Awaited<ReturnType<typeof startListener>>,
-  id: string,
-  dir: string,
-  options?: { ticketHeader?: boolean; origin?: string },
-) {
-  const response = await fetch(new URL(PtyPaths.connectToken.replace(":ptyID", id), listener.url), {
-    method: "POST",
-    headers: {
-      authorization: authorization(),
-      "x-opencode-directory": dir,
-      ...(options?.ticketHeader === false ? {} : { "x-opencode-ticket": "1" }),
-      ...(options?.origin ? { origin: options.origin } : {}),
-    },
-  })
-
-  return response
-}
-
-async function connectTicket(listener: Awaited<ReturnType<typeof startListener>>, id: string, dir: string) {
-  const response = await requestTicket(listener, id, dir)
-  expect(response.status).toBe(200)
-  return (await response.json()) as { ticket: string; expires_in: number }
-}
-
 async function createCat(listener: Awaited<ReturnType<typeof startListener>>, dir: string) {
  const response = await fetch(new URL(PtyPaths.create, listener.url), {
    method: "POST",
@@ -115,28 +81,6 @@ async function openSocket(url: URL) {
  return ws
 }

-async function expectSocketRejected(url: URL, init?: { headers?: Record<string, string> }) {
-  // Bun's WebSocket accepts an init object with headers; standard DOM types don't reflect that.
-  const Ctor = WebSocket as unknown as new (url: URL, init?: { headers?: Record<string, string> }) => WebSocket
-  const ws = new Ctor(url, init)
-  await withTimeout(
-    new Promise<void>((resolve, reject) => {
-      ws.addEventListener(
-        "open",
-        () => {
-          ws.close(1000)
-          reject(new Error("websocket opened"))
-        },
-        { once: true },
-      )
-      ws.addEventListener("error", () => resolve(), { once: true })
-      ws.addEventListener("close", () => resolve(), { once: true })
-    }),
-    5_000,
-    "timed out waiting for websocket rejection",
-  )
-}
-
 function stop(listener: Awaited<ReturnType<typeof startListener>>, label: string) {
  return withTimeout(listener.stop(true), 10_000, label)
 }
@@ -181,9 +125,7 @@ describe("HttpApi Server.listen", () => {
      )

      const info = await createCat(listener, tmp.path)
-      const ticket = await connectTicket(listener, info.id, tmp.path)
-      expect(ticket.expires_in).toBeGreaterThan(0)
-      const ws = await openSocket(socketURL(listener, info.id, tmp.path, ticket.ticket))
+      const ws = await openSocket(socketURL(listener, info.id, tmp.path))
      const closed = new Promise<void>((resolve) => ws.addEventListener("close", () => resolve(), { once: true }))

      const message = waitForMessage(ws, (message) => message.includes("ping-listen"))
@@ -198,8 +140,7 @@ describe("HttpApi Server.listen", () => {
      const restarted = await startListener()
      try {
        const nextInfo = await createCat(restarted, tmp.path)
-        const nextTicket = await connectTicket(restarted, nextInfo.id, tmp.path)
-        const nextWs = await openSocket(socketURL(restarted, nextInfo.id, tmp.path, nextTicket.ticket))
+        const nextWs = await openSocket(socketURL(restarted, nextInfo.id, tmp.path))
        const nextMessage = waitForMessage(nextWs, (message) => message.includes("ping-restarted"))
        nextWs.send("ping-restarted\n")
        expect(await nextMessage).toContain("ping-restarted")
@@ -211,107 +152,4 @@ describe("HttpApi Server.listen", () => {
      if (!stopped) await stop(listener, "timed out cleaning up listener").catch(() => undefined)
    }
  })
-
-  testPty("serves PTY websocket tickets through legacy Hono Server.listen", async () => {
-    await using tmp = await tmpdir({ git: true, config: { formatter: false, lsp: false } })
-    const listener = await startListener("hono")
-    try {
-      const info = await createCat(listener, tmp.path)
-      const ticket = await connectTicket(listener, info.id, tmp.path)
-      const ws = await openSocket(socketURL(listener, info.id, tmp.path, ticket.ticket))
-      const message = waitForMessage(ws, (message) => message.includes("ping-hono-ticket"))
-      ws.send("ping-hono-ticket\n")
-      expect(await message).toContain("ping-hono-ticket")
-      ws.close(1000)
-    } finally {
-      await stop(listener, "timed out cleaning up hono listener").catch(() => undefined)
-    }
-  })
-
-  testPty("rejects unsafe PTY ticket mint and connect requests", async () => {
-    await using tmp = await tmpdir({ git: true, config: { formatter: false, lsp: false } })
-    const listener = await startListener()
-    try {
-      const info = await createCat(listener, tmp.path)
-
-      expect((await requestTicket(listener, info.id, tmp.path, { ticketHeader: false })).status).toBe(403)
-      expect((await requestTicket(listener, info.id, tmp.path, { origin: "https://evil.example" })).status).toBe(403)
-
-      await expectSocketRejected(socketURL(listener, info.id, tmp.path, "not-a-ticket"))
-
-      const reusable = await connectTicket(listener, info.id, tmp.path)
-      const ws = await openSocket(socketURL(listener, info.id, tmp.path, reusable.ticket))
-      await expectSocketRejected(socketURL(listener, info.id, tmp.path, reusable.ticket))
-      ws.close(1000)
-
-      const other = await createCat(listener, tmp.path)
-      const scoped = await connectTicket(listener, info.id, tmp.path)
-      await expectSocketRejected(socketURL(listener, other.id, tmp.path, scoped.ticket))
-
-      const crossOrigin = await connectTicket(listener, info.id, tmp.path)
-      await expectSocketRejected(socketURL(listener, info.id, tmp.path, crossOrigin.ticket), {
-        headers: { origin: "https://evil.example" },
-      })
-    } finally {
-      await stop(listener, "timed out cleaning up rejected ticket listener").catch(() => undefined)
-    }
-  })
-
-  // Regression for #25698 (Ope): the app's SDK call to
-  // `client.pty.connectToken({ ptyID })` originally omitted `directory`, so
-  // the server resolved the PTY in its own cwd context — where the project
-  // PTY isn't registered — and returned 404. The fix is to always pass
-  // `directory` from the app side; this test locks in two contracts:
-  //   1. Mint without directory cannot find a PTY registered in another dir.
-  //   2. Mint with the project directory succeeds; the resulting ticket
-  //      consumes cleanly when the WS upgrade carries the same directory.
-  testPty("PTY connect token requires matching directory across mint and connect", async () => {
-    await using tmp = await tmpdir({ git: true, config: { formatter: false, lsp: false } })
-    const listener = await startListener()
-    try {
-      const info = await createCat(listener, tmp.path)
-
-      // Mint without directory — server uses its own cwd, can't find the PTY.
-      const ambiguous = await fetch(new URL(PtyPaths.connectToken.replace(":ptyID", info.id), listener.url), {
-        method: "POST",
-        headers: { authorization: authorization(), "x-opencode-ticket": "1" },
-      })
-      expect(ambiguous.status).toBe(404)
-
-      // Mint with the project directory — succeeds, ticket binds to that scope.
-      const scoped = await fetch(
-        new URL(
-          `${PtyPaths.connectToken.replace(":ptyID", info.id)}?directory=${encodeURIComponent(tmp.path)}`,
-          listener.url,
-        ),
-        {
-          method: "POST",
-          headers: { authorization: authorization(), "x-opencode-ticket": "1" },
-        },
-      )
-      expect(scoped.status).toBe(200)
-      const mint = (await scoped.json()) as { ticket: string }
-
-      // Same directory on the WS upgrade → consume succeeds.
-      const ws = await openSocket(socketURL(listener, info.id, tmp.path, mint.ticket))
-      ws.close(1000)
-    } finally {
-      await stop(listener, "timed out cleaning up directory-scope listener").catch(() => undefined)
-    }
-  })
-
-  testPty("keeps PTY websocket tickets optional when server auth is disabled", async () => {
-    await using tmp = await tmpdir({ git: true, config: { formatter: false, lsp: false } })
-    const listener = await startNoAuthListener()
-    try {
-      const info = await createCat(listener, tmp.path)
-      const ws = await openSocket(socketURL(listener, info.id, tmp.path))
-      const message = waitForMessage(ws, (message) => message.includes("ping-no-auth"))
-      ws.send("ping-no-auth\n")
-      expect(await message).toContain("ping-no-auth")
-      ws.close(1000)
-    } finally {
-      await stop(listener, "timed out cleaning up no-auth listener").catch(() => undefined)
-    }
-  })
 })
--- a/packages/opencode/test/server/httpapi-ui.test.ts
+++ b/packages/opencode/test/server/httpapi-ui.test.ts
@@ -184,52 +184,6 @@ describe("HttpApi UI fallback", () => {
    expect(await response.text()).toBe("console.log('ok')")
  })

-  // Regression for #25698 (Ope): upstream `transfer-encoding: chunked` was
-  // forwarded through the proxy while the proxy itself re-frames the body,
-  // causing browsers to fail with `ERR_INVALID_CHUNKED_ENCODING`.
-  test("strips upstream transfer-encoding header from proxied assets", async () => {
-    Flag.OPENCODE_EXPERIMENTAL_HTTPAPI = true
-    Flag.OPENCODE_DISABLE_EMBEDDED_WEB_UI = true
-
-    const response = await Effect.runPromise(
-      Effect.gen(function* () {
-        const fs = yield* AppFileSystem.Service
-        const client = yield* HttpClient.HttpClient
-        return yield* serveUIEffect(HttpServerRequest.fromWeb(new Request("http://localhost/")), {
-          fs,
-          client,
-        })
-      }).pipe(
-        Effect.provide(
-          Layer.mergeAll(
-            AppFileSystem.defaultLayer,
-            Layer.succeed(
-              HttpClient.HttpClient,
-              HttpClient.make((request) =>
-                Effect.succeed(
-                  HttpClientResponse.fromWeb(
-                    request,
-                    new Response("<html>opencode</html>", {
-                      headers: {
-                        "transfer-encoding": "chunked",
-                        "content-type": "text/html",
-                      },
-                    }),
-                  ),
-                ),
-              ),
-            ),
-          ),
-        ),
-        Effect.map(HttpServerResponse.toWeb),
-      ),
-    )
-
-    expect(response.status).toBe(200)
-    expect(response.headers.get("transfer-encoding")).toBeNull()
-    expect(await response.text()).toBe("<html>opencode</html>")
-  })
-
  test("serves embedded UI assets when Bun can read them but access reports missing", async () => {
    Flag.OPENCODE_EXPERIMENTAL_HTTPAPI = true
    let readPath: string | undefined
@@ -303,25 +257,6 @@ describe("HttpApi UI fallback", () => {
    expect(response.status).toBe(200)
  })

-  // Regression for #25698 (Ope): the browser fetches the PWA manifest and
-  // its icons via flows that don't carry app-managed credentials (the
-  // `<link rel="manifest">` request is not under page-auth control), so the
-  // server returning 401 breaks PWA install. These specific public assets
-  // should bypass auth.
-  test("serves the PWA manifest without auth even when a server password is set", async () => {
-    Flag.OPENCODE_EXPERIMENTAL_HTTPAPI = true
-    Flag.OPENCODE_DISABLE_EMBEDDED_WEB_UI = true
-
-    for (const path of ["/site.webmanifest", "/web-app-manifest-192x192.png", "/web-app-manifest-512x512.png"]) {
-      const response = await uiApp({
-        password: "secret",
-        username: "opencode",
-        client: httpClient(new Response("ok")),
-      }).request(path)
-      expect(response.status).not.toBe(401)
-    }
-  })
-
  test("allows web UI preflight without auth", async () => {
    Flag.OPENCODE_EXPERIMENTAL_HTTPAPI = true

--- a/packages/sdk/js/src/v2/gen/sdk.gen.ts
+++ b/packages/sdk/js/src/v2/gen/sdk.gen.ts
@@ -99,8 +99,6 @@ import type {
  ProviderOauthCallbackResponses,
  PtyConnectErrors,
  PtyConnectResponses,
-  PtyConnectTokenErrors,
-  PtyConnectTokenResponses,
  PtyCreateErrors,
  PtyCreateResponses,
  PtyGetErrors,
@@ -2347,38 +2345,6 @@ export class Pty extends HeyApiClient {
    })
  }

-  /**
-   * Create PTY WebSocket token
-   *
-   * Create a short-lived ticket for opening a PTY WebSocket connection.
-   */
-  public connectToken<ThrowOnError extends boolean = false>(
-    parameters: {
-      ptyID: string
-      directory?: string
-      workspace?: string
-    },
-    options?: Options<never, ThrowOnError>,
-  ) {
-    const params = buildClientParams(
-      [parameters],
-      [
-        {
-          args: [
-            { in: "path", key: "ptyID" },
-            { in: "query", key: "directory" },
-            { in: "query", key: "workspace" },
-          ],
-        },
-      ],
-    )
-    return (options?.client ?? this.client).post<PtyConnectTokenResponses, PtyConnectTokenErrors, ThrowOnError>({
-      url: "/pty/{ptyID}/connect-token",
-      ...options,
-      ...params,
-    })
-  }
-
  /**
   * Connect to PTY session
   *
--- a/packages/sdk/js/src/v2/gen/types.gen.ts
+++ b/packages/sdk/js/src/v2/gen/types.gen.ts
@@ -1563,10 +1563,6 @@ export type McpUnsupportedOAuthError = {
  error: string
 }

-export type EffectHttpApiErrorForbidden = {
-  _tag: "Forbidden"
-}
-
 export type ProviderAuthMethod = {
  type: "oauth" | "api"
  label: string
@@ -4675,43 +4671,6 @@ export type PtyUpdateResponses = {

 export type PtyUpdateResponse = PtyUpdateResponses[keyof PtyUpdateResponses]

-export type PtyConnectTokenData = {
-  body?: never
-  path: {
-    ptyID: string
-  }
-  query?: {
-    directory?: string
-    workspace?: string
-  }
-  url: "/pty/{ptyID}/connect-token"
-}
-
-export type PtyConnectTokenErrors = {
-  /**
-   * Forbidden
-   */
-  403: EffectHttpApiErrorForbidden
-  /**
-   * Not found
-   */
-  404: NotFoundError
-}
-
-export type PtyConnectTokenError = PtyConnectTokenErrors[keyof PtyConnectTokenErrors]
-
-export type PtyConnectTokenResponses = {
-  /**
-   * WebSocket connect token
-   */
-  200: {
-    ticket: string
-    expires_in: number
-  }
-}
-
-export type PtyConnectTokenResponse = PtyConnectTokenResponses[keyof PtyConnectTokenResponses]
-
 export type QuestionListData = {
  body?: never
  path?: never
@@ -6693,10 +6652,6 @@ export type PtyConnectData = {
 }

 export type PtyConnectErrors = {
-  /**
-   * Forbidden
-   */
-  403: EffectHttpApiErrorForbidden
  /**
   * Not found
   */
--- a/packages/sdk/openapi.json
+++ b/packages/sdk/openapi.json
@@ -3414,91 +3414,6 @@
        ]
      }
    },
-    "/pty/{ptyID}/connect-token": {
-      "post": {
-        "tags": ["pty"],
-        "operationId": "pty.connectToken",
-        "parameters": [
-          {
-            "name": "directory",
-            "in": "query",
-            "required": false,
-            "schema": {
-              "type": "string"
-            }
-          },
-          {
-            "name": "workspace",
-            "in": "query",
-            "required": false,
-            "schema": {
-              "type": "string"
-            }
-          },
-          {
-            "name": "ptyID",
-            "in": "path",
-            "schema": {
-              "type": "string",
-              "pattern": "^pty.*"
-            },
-            "required": true
-          }
-        ],
-        "responses": {
-          "200": {
-            "description": "WebSocket connect token",
-            "content": {
-              "application/json": {
-                "schema": {
-                  "type": "object",
-                  "properties": {
-                    "ticket": {
-                      "type": "string"
-                    },
-                    "expires_in": {
-                      "type": "integer",
-                      "exclusiveMinimum": 0
-                    }
-                  },
-                  "required": ["ticket", "expires_in"],
-                  "additionalProperties": false,
-                  "description": "WebSocket connect token"
-                }
-              }
-            }
-          },
-          "403": {
-            "description": "Forbidden",
-            "content": {
-              "application/json": {
-                "schema": {
-                  "$ref": "#/components/schemas/effect_HttpApiError_Forbidden"
-                }
-              }
-            }
-          },
-          "404": {
-            "description": "Not found",
-            "content": {
-              "application/json": {
-                "schema": {
-                  "$ref": "#/components/schemas/NotFoundError"
-                }
-              }
-            }
-          }
-        },
-        "description": "Create a short-lived ticket for opening a PTY WebSocket connection.",
-        "summary": "Create PTY WebSocket token",
-        "x-codeSamples": [
-          {
-            "lang": "js",
-            "source": "import { createOpencodeClient } from \"@opencode-ai/sdk\n\nconst client = createOpencodeClient()\nawait client.pty.connectToken({\n  ...\n})"
-          }
-        ]
-      }
-    },
    "/question": {
      "get": {
        "tags": ["question"],
@@ -8412,16 +8327,6 @@
              }
            }
          },
-          "403": {
-            "description": "Forbidden",
-            "content": {
-              "application/json": {
-                "schema": {
-                  "$ref": "#/components/schemas/effect_HttpApiError_Forbidden"
-                }
-              }
-            }
-          },
          "404": {
            "description": "Not found",
            "content": {
@@ -12847,17 +12752,6 @@
        "required": ["error"],
        "additionalProperties": false
      },
-      "effect_HttpApiError_Forbidden": {
-        "type": "object",
-        "properties": {
-          "_tag": {
-            "type": "string",
-            "enum": ["Forbidden"]
-          }
-        },
-        "required": ["_tag"],
-        "additionalProperties": false
-      },
      "ProviderAuthMethod": {
        "type": "object",
        "properties": {
--- a/packages/web/src/content/docs/ar/providers.mdx
+++ b/packages/web/src/content/docs/ar/providers.mdx
@@ -648,17 +648,17 @@ OpenCode Go هي خطة اشتراك منخفضة التكلفة توفّر وص

 ---

-### FrogBot
+### Firmware

-1. توجّه إلى [FrogBot dashboard](https://app.frogbot.ai/signup)، وأنشئ حسابا، ثم أنشئ مفتاح API.
+1. توجّه إلى [Firmware dashboard](https://app.firmware.ai/signup)، وأنشئ حسابا، ثم أنشئ مفتاح API.

-2. شغّل الأمر `/connect` وابحث عن **FrogBot**.
+2. شغّل الأمر `/connect` وابحث عن **Firmware**.

   ```txt
   /connect
   ```

-3. أدخل مفتاح API الخاص بـ FrogBot.
+3. أدخل مفتاح API الخاص بـ Firmware.

   ```txt
   ┌ API key
--- a/packages/web/src/content/docs/bs/providers.mdx
+++ b/packages/web/src/content/docs/bs/providers.mdx
@@ -653,17 +653,17 @@ Također možete dodati modele kroz svoju opencode konfiguraciju.

 ---

-### FrogBot
+### Firmware

-1. Idite na [kontrolnu tablu firmvera](https://app.frogbot.ai/signup), kreirajte nalog i generišite API ključ.
+1. Idite na [kontrolnu tablu firmvera](https://app.firmware.ai/signup), kreirajte nalog i generišite API ključ.

-2. Pokrenite naredbu `/connect` i potražite **FrogBot**.
+2. Pokrenite naredbu `/connect` i potražite **Firmware**.

 ```txt
   /connect
 ```

-3. Unesite svoj FrogBot API ključ.
+3. Unesite svoj Firmware API ključ.

 ```txt
   ┌ API key
--- a/packages/web/src/content/docs/da/providers.mdx
+++ b/packages/web/src/content/docs/da/providers.mdx
@@ -644,17 +644,17 @@ Cloudflare AI Gateway lader dig få adgang til modeller fra OpenAI, Anthropic, W

 ---

-### FrogBot
+### Firmware

-1. Gå til [FrogBot dashboard](https://app.frogbot.ai/signup), opret en konto og generer en API-nøgle.
+1. Gå til [Firmware dashboard](https://app.firmware.ai/signup), opret en konto og generer en API-nøgle.

-2. Kør kommandoen `/connect` og søg efter **FrogBot**.
+2. Kør kommandoen `/connect` og søg efter **Firmware**.

   ```txt
   /connect
   ```

-3. Indtast frogbot API-nøglen.
+3. Indtast firmware API-nøglen.

   ```txt
   ┌ API key
--- a/packages/web/src/content/docs/de/providers.mdx
+++ b/packages/web/src/content/docs/de/providers.mdx
@@ -650,17 +650,17 @@ Mit dem Cloudflare AI Gateway können Sie über einen einheitlichen Endpunkt auf

 ---

-### FrogBot
+### Firmware

-1. Gehen Sie zu [FrogBot dashboard](https://app.frogbot.ai/signup), erstellen Sie ein Konto und generieren Sie einen API-Schlüssel.
+1. Gehen Sie zu [Firmware dashboard](https://app.firmware.ai/signup), erstellen Sie ein Konto und generieren Sie einen API-Schlüssel.

-2. Führen Sie den Befehl `/connect` aus und suchen Sie nach **FrogBot**.
+2. Führen Sie den Befehl `/connect` aus und suchen Sie nach **Firmware**.

   ```txt
   /connect
   ```

-3. Geben Sie Ihren FrogBot API-Schlüssel ein.
+3. Geben Sie Ihren Firmware API-Schlüssel ein.

   ```txt
   ┌ API key
--- a/packages/web/src/content/docs/es/providers.mdx
+++ b/packages/web/src/content/docs/es/providers.mdx
@@ -651,17 +651,17 @@ Cloudflare AI Gateway le permite acceder a modelos de OpenAI, Anthropic, Workers

 ---

-### FrogBot
+### Firmware

-1. Dirígete al [Panel de frogbot](https://app.frogbot.ai/signup), crea una cuenta y genera una clave API.
+1. Dirígete al [Panel de firmware](https://app.firmware.ai/signup), crea una cuenta y genera una clave API.

-2. Ejecute el comando `/connect` y busque **FrogBot**.
+2. Ejecute el comando `/connect` y busque **Firmware**.

   ```txt
   /connect
   ```

-3. Ingrese su clave de frogbot API.
+3. Ingrese su clave de firmware API.

   ```txt
   ┌ API key
--- a/packages/web/src/content/docs/fr/providers.mdx
+++ b/packages/web/src/content/docs/fr/providers.mdx
@@ -654,11 +654,11 @@ Vous pouvez également ajouter des modèles via votre configuration opencode.

 ---

-### FrogBot
+### Firmware

-1. Rendez-vous sur le [Tableau de bord du micrologiciel](https://app.frogbot.ai/signup), créez un compte et générez une clé API.
+1. Rendez-vous sur le [Tableau de bord du micrologiciel](https://app.firmware.ai/signup), créez un compte et générez une clé API.

-2. Exécutez la commande `/connect` et recherchez **FrogBot**.
+2. Exécutez la commande `/connect` et recherchez **Firmware**.

   ```txt
   /connect
--- a/packages/web/src/content/docs/it/providers.mdx
+++ b/packages/web/src/content/docs/it/providers.mdx
@@ -628,17 +628,17 @@ Cloudflare AI Gateway ti permette di accedere a modelli di OpenAI, Anthropic, Wo

 ---

-### FrogBot
+### Firmware

-1. Vai alla [dashboard di FrogBot](https://app.frogbot.ai/signup), crea un account e genera una chiave API.
+1. Vai alla [dashboard di Firmware](https://app.firmware.ai/signup), crea un account e genera una chiave API.

-2. Esegui il comando `/connect` e cerca **FrogBot**.
+2. Esegui il comando `/connect` e cerca **Firmware**.

   ```txt
   /connect
   ```

-3. Inserisci la tua chiave API di FrogBot.
+3. Inserisci la tua chiave API di Firmware.

   ```txt
   ┌ API key
--- a/packages/web/src/content/docs/ja/providers.mdx
+++ b/packages/web/src/content/docs/ja/providers.mdx
@@ -658,9 +658,9 @@ OpenCode 設定を通じてモデルを追加することもできます。

 ---

-### FrogBot
+### Firmware

-1. [ファームウェアダッシュボード](https://app.frogbot.ai/signup) に移動し、アカウントを作成し、API キーを生成します。
+1. [ファームウェアダッシュボード](https://app.firmware.ai/signup) に移動し、アカウントを作成し、API キーを生成します。

 2. `/connect` コマンドを実行し、**ファームウェア**を検索します。

--- a/packages/web/src/content/docs/ko/providers.mdx
+++ b/packages/web/src/content/docs/ko/providers.mdx
@@ -654,17 +654,17 @@ Cloudflare AI Gateway는 OpenAI, Anthropic, Workers AI 등의 모델에 액세

 ---

-### FrogBot
+### Firmware

-1. [FrogBot 대시보드](https://app.frogbot.ai/signup)로 이동하여 계정을 만들고 API 키를 생성합니다.
+1. [Firmware 대시보드](https://app.firmware.ai/signup)로 이동하여 계정을 만들고 API 키를 생성합니다.

-2. `/connect` 명령을 실행하고 **FrogBot**를 검색하십시오.
+2. `/connect` 명령을 실행하고 **Firmware**를 검색하십시오.

   ```txt
   /connect
   ```

-3. FrogBot API 키를 입력하십시오.
+3. Firmware API 키를 입력하십시오.

   ```txt
   ┌ API key
--- a/packages/web/src/content/docs/nb/providers.mdx
+++ b/packages/web/src/content/docs/nb/providers.mdx
@@ -652,17 +652,17 @@ Cloudflare AI Gateway lar deg få tilgang til modeller fra OpenAI, Anthropic, Wo

 ---

-### FrogBot
+### Firmware

-1. Gå over til [FrogBot dashboard](https://app.frogbot.ai/signup), opprett en konto og generer en API nøkkel.
+1. Gå over til [Firmware dashboard](https://app.firmware.ai/signup), opprett en konto og generer en API nøkkel.

-2. Kjør kommandoen `/connect` og søk etter **FrogBot**.
+2. Kjør kommandoen `/connect` og søk etter **Firmware**.

   ```txt
   /connect
   ```

-3. Skriv inn frogbot API nøkkelen.
+3. Skriv inn firmware API nøkkelen.

   ```txt
   ┌ API key
--- a/packages/web/src/content/docs/pl/providers.mdx
+++ b/packages/web/src/content/docs/pl/providers.mdx
@@ -650,17 +650,17 @@ Cloudflare AI Gateway umożliwia dostęp do modeli z OpenAI, Anthropic, Workers

 ---

-### FrogBot
+### Firmware

-1. Przejdź do [FrogBot dashboard](https://app.frogbot.ai/signup), utwórz konto i wygeneruj klucz API.
+1. Przejdź do [Firmware dashboard](https://app.firmware.ai/signup), utwórz konto i wygeneruj klucz API.

-2. Uruchom polecenie `/connect` i wyszukaj **FrogBot**.
+2. Uruchom polecenie `/connect` i wyszukaj **Firmware**.

   ```txt
   /connect
   ```

-3. Wprowadź klucz API FrogBot.
+3. Wprowadź klucz API Firmware.

   ```txt
   ┌ API key
--- a/packages/web/src/content/docs/providers.mdx
+++ b/packages/web/src/content/docs/providers.mdx
@@ -721,17 +721,17 @@ Cloudflare Workers AI lets you run AI models on Cloudflare's global network dire

 ---

-### FrogBot
+### Firmware

-1. Head over to the [FrogBot dashboard](https://app.frogbot.ai/signup), create an account, and generate an API key.
+1. Head over to the [Firmware dashboard](https://app.firmware.ai/signup), create an account, and generate an API key.

-2. Run the `/connect` command and search for **FrogBot**.
+2. Run the `/connect` command and search for **Firmware**.

   ```txt
   /connect
   ```

-3. Enter your FrogBot API key.
+3. Enter your Firmware API key.

   ```txt
   ┌ API key
--- a/packages/web/src/content/docs/pt-br/providers.mdx
+++ b/packages/web/src/content/docs/pt-br/providers.mdx
@@ -654,17 +654,17 @@ O Cloudflare AI Gateway permite que você acesse modelos do OpenAI, Anthropic, W

 ---

-### FrogBot
+### Firmware

-1. Acesse o [painel FrogBot](https://app.frogbot.ai/signup), crie uma conta e gere uma chave da API.
+1. Acesse o [painel Firmware](https://app.firmware.ai/signup), crie uma conta e gere uma chave da API.

-2. Execute o comando `/connect` e procure por **FrogBot**.
+2. Execute o comando `/connect` e procure por **Firmware**.

   ```txt
   /connect
   ```

-3. Insira sua chave da API FrogBot.
+3. Insira sua chave da API Firmware.

   ```txt
   ┌ API key
--- a/packages/web/src/content/docs/ru/providers.mdx
+++ b/packages/web/src/content/docs/ru/providers.mdx
@@ -650,17 +650,17 @@ Cloudflare AI Gateway позволяет вам получать доступ к

 ---

-### FrogBot
+### Firmware

-1. Перейдите на [панель FrogBot](https://app.frogbot.ai/signup), создайте учетную запись и сгенерируйте ключ API.
+1. Перейдите на [панель Firmware](https://app.firmware.ai/signup), создайте учетную запись и сгенерируйте ключ API.

-2. Запустите команду `/connect` и найдите **FrogBot**.
+2. Запустите команду `/connect` и найдите **Firmware**.

   ```txt
   /connect
   ```

-3. Введите ключ API FrogBot.
+3. Введите ключ API Firmware.

   ```txt
   ┌ API key
--- a/packages/web/src/content/docs/th/providers.mdx
+++ b/packages/web/src/content/docs/th/providers.mdx
@@ -650,17 +650,17 @@ Cloudflare AI Gateway ช่วยให้คุณเข้าถึงโม

 ---

-### FrogBot
+### Firmware

-1. ไปที่ [แดชบอร์ด FrogBot](https://app.frogbot.ai/signup) สร้างบัญชี และสร้างคีย์ API
+1. ไปที่ [แดชบอร์ด Firmware](https://app.firmware.ai/signup) สร้างบัญชี และสร้างคีย์ API

-2. เรียกใช้คำสั่ง `/connect` และค้นหา **FrogBot**
+2. เรียกใช้คำสั่ง `/connect` และค้นหา **Firmware**

   ```txt
   /connect
   ```

-3. ป้อนคีย์ FrogBot API ของคุณ
+3. ป้อนคีย์ Firmware API ของคุณ

   ```txt
   ┌ API key
--- a/packages/web/src/content/docs/tr/providers.mdx
+++ b/packages/web/src/content/docs/tr/providers.mdx
@@ -652,17 +652,17 @@ Cloudflare AI Gateway, OpenAI, Anthropic, Workers AI ve daha fazlasındaki model

 ---

-### FrogBot
+### Firmware

-1. [FrogBot dashboard](https://app.frogbot.ai/signup) adresine gidin, bir hesap oluşturun ve bir API anahtarı oluşturun.
+1. [Firmware dashboard](https://app.firmware.ai/signup) adresine gidin, bir hesap oluşturun ve bir API anahtarı oluşturun.

-2. `/connect` komutunu çalıştırın ve **FrogBot**'i arayın.
+2. `/connect` komutunu çalıştırın ve **Firmware**'i arayın.

   ```txt
   /connect
   ```

-3. FrogBot API anahtarınızı girin.
+3. Firmware API anahtarınızı girin.

   ```txt
   ┌ API key
--- a/packages/web/src/content/docs/zh-cn/providers.mdx
+++ b/packages/web/src/content/docs/zh-cn/providers.mdx
@@ -624,17 +624,17 @@ Cloudflare AI Gateway 允许你通过统一端点访问来自 OpenAI、Anthropic

 ---

-### FrogBot
+### Firmware

-1. 前往 [FrogBot 仪表盘](https://app.frogbot.ai/signup)，创建账户并生成 API 密钥。
+1. 前往 [Firmware 仪表盘](https://app.firmware.ai/signup)，创建账户并生成 API 密钥。

-2. 执行 `/connect` 命令并搜索 **FrogBot**。
+2. 执行 `/connect` 命令并搜索 **Firmware**。

   ```txt
   /connect
   ```

-3. 输入你的 FrogBot API 密钥。
+3. 输入你的 Firmware API 密钥。

   ```txt
   ┌ API key
--- a/packages/web/src/content/docs/zh-tw/providers.mdx
+++ b/packages/web/src/content/docs/zh-tw/providers.mdx
@@ -645,17 +645,17 @@ Cloudflare AI Gateway 允許您透過統一端點存取來自 OpenAI、Anthropic

 ---

-### FrogBot
+### Firmware

-1. 前往 [FrogBot 儀表板](https://app.frogbot.ai/signup)，建立帳號並產生 API 金鑰。
+1. 前往 [Firmware 儀表板](https://app.firmware.ai/signup)，建立帳號並產生 API 金鑰。

-2. 執行 `/connect` 指令並搜尋 **FrogBot**。
+2. 執行 `/connect` 指令並搜尋 **Firmware**。

   ```txt
   /connect
   ```

-3. 輸入您的 FrogBot API 金鑰。
+3. 輸入您的 Firmware API 金鑰。

   ```txt
   ┌ API key
Author	SHA1	Message	Date
Dax Raad	f053b52094	core: add Model service for v2 system to track AI providers and capabilities	2026-05-04 00:44:24 -04:00
Dax Raad	897c3001dc	core: remove unused AuthV2 import following authentication refactor	2026-05-03 23:11:39 -04:00
Dax Raad	aea638e237	core: streamline authentication by removing redundant AuthV2 layer	2026-05-03 23:09:40 -04:00
Dax Raad	4946e0b1fa	core: integrate v2 auth system into app runtime Adds the AuthV2 layer to the application runtime so the v2 authentication system is available throughout the app. This ensures auth state is properly managed and accessible to all components that depend on it.	2026-05-03 23:08:10 -04:00
Dax Raad	033500dae5	core: standardize error types and add operation context to auth file failures - Replace dynamic error.name with structured 'unknown' type for consistent error reporting - Add operation context (migrate/write) to auth file write errors for better debugging - Unify UnknownError schema across session events and tool states	2026-05-03 22:54:50 -04:00
Dax Raad	9ac1ce0c08	core: add account ID prefix and defaultLayer export for v2 auth system Add 'act' prefix for account identifiers and export defaultLayer from Global to support the new v2 authentication system that allows multiple accounts per service with migration from v1 credentials.	2026-05-03 21:27:22 -04:00
Dax Raad	fed24cbda8	fix(tui): improve v2 inline tool error state	2026-05-03 16:11:37 -04:00
Dax Raad	fc801c70ae	fix(tui): align v2 inline tool content	2026-05-03 16:11:06 -04:00
Dax Raad	0ed82a1d69	fix(tui): calculate v2 assistant duration from user prompt	2026-05-03 16:11:06 -04:00
Dax Raad	aa73a5941f	fix(tui): keep v2 realtime messages newest first	2026-05-03 16:11:06 -04:00
Dax Raad	4b1f77e59c	fix(tui): collapse v2 inline tool spacing	2026-05-03 16:11:06 -04:00
Dax Raad	4d9d69526e	chore(v2): remove session message model converter	2026-05-03 16:11:06 -04:00
Dax Raad	5b31f6af68	feat(v2): add session message model conversion	2026-05-03 16:11:06 -04:00