fix: allow Codex Spark with Codex OAuth (#25640)

Co-authored-by: Shoubhit Dash <shoubhit2005@gmail.com>

.github/ISSUE_TEMPLATE/bug-report.yml

@@ -1,6 +1,5 @@
 name: Bug report
 description: Report an issue that should be fixed
-labels: ["bug"]
 body:
   - type: textarea
     id: description

.github/ISSUE_TEMPLATE/feature-request.yml

@@ -1,6 +1,5 @@
 name: 🚀 Feature Request
 description: Suggest an idea, feature, or enhancement
-labels: [discussion]
 title: "[FEATURE]:"
 
 body:

.github/ISSUE_TEMPLATE/question.yml

@@ -1,6 +1,5 @@
 name: Question
 description: Ask a question
-labels: ["question"]
 body:
   - type: textarea
     id: question

.github/TEAM_MEMBERS

@@ -11,6 +11,5 @@ MrMushrooooom
 nexxeln
 R44VC0RP
 rekram1-node
-RhysSullivan
 thdxr
 simonklee

.github/VOUCHED.td

@@ -1,41 +0,0 @@
-# Vouched contributors for this project.
-#
-# See https://github.com/mitchellh/vouch for details.
-#
-# Syntax:
-#   - One handle per line (without @), sorted alphabetically.
-#   - Optional platform prefix: platform:username (e.g., github:user).
-#   - Denounce with minus prefix: -username or -platform:username.
-#   - Optional details after a space following the handle.
-adamdotdevin
--agusbasari29 AI PR slop
-ariane-emory
--atharvau AI review spamming literally every PR
--borealbytes
--carycooper777
--danieljoshuanazareth
--danieljoshuanazareth
--davidbernat looks to be a clawdbot that spams team and sends super weird emails, doesnt appear to be a real person
-dmtrkovalenko
-edemaine
-fahreddinozcan
--florianleibert
-fwang
-iamdavidhill
-jayair
-kitlangton
-kommander
--opencode2026
--opencodeengineer bot that spams issues
-r44vc0rp
-rekram1-node
--ricardo-m-l
--robinmordasiewicz
-rubdos
--saisharan0103 spamming ai prs
-shantur
-simonklee
--spider-yamet clawdbot/llm psychosis, spam pinging the team
--terisuke
-thdxr
--toastythebot

.github/workflows/daily-issues-recap.yml

@@ -1,170 +0,0 @@
-name: daily-issues-recap
-
-on:
-  schedule:
-    # Run at 6 PM EST (23:00 UTC, or 22:00 UTC during daylight saving)
-    - cron: "0 23 * * *"
-  workflow_dispatch: # Allow manual trigger for testing
-
-jobs:
-  daily-recap:
-    runs-on: blacksmith-4vcpu-ubuntu-2404
-    permissions:
-      contents: read
-      issues: read
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 1
-
-      - uses: ./.github/actions/setup-bun
-
-      - name: Install opencode
-        run: curl -fsSL https://opencode.ai/install | bash
-
-      - name: Generate daily issues recap
-        id: recap
-        env:
-          OPENCODE_API_KEY: ${{ secrets.OPENCODE_API_KEY }}
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          OPENCODE_PERMISSION: |
-            {
-              "bash": {
-                "*": "deny",
-                "gh issue*": "allow",
-                "gh search*": "allow"
-              },
-              "webfetch": "deny",
-              "edit": "deny",
-              "write": "deny"
-            }
-        run: |
-          # Get today's date range
-          TODAY=$(date -u +%Y-%m-%d)
-
-          opencode run -m opencode/claude-sonnet-4-5 "Generate a daily issues recap for the OpenCode repository.
-
-          TODAY'S DATE: ${TODAY}
-
-          STEP 1: Gather today's issues
-          Search for all OPEN issues created today (${TODAY}) using:
-          gh issue list --repo ${{ github.repository }} --state open --search \"created:${TODAY}\" --json number,title,body,labels,state,comments,createdAt,author --limit 500
-
-          IMPORTANT: EXCLUDE all issues authored by Anomaly team members. Filter out issues where the author login matches ANY of these:
-          adamdotdevin, Brendonovich, fwang, Hona, iamdavidhill, jayair, kitlangton, kommander, MrMushrooooom, R44VC0RP, rekram1-node, thdxr
-          This recap is specifically for COMMUNITY (external) issues only.
-
-          STEP 2: Analyze and categorize
-          For each issue created today, categorize it:
-
-          **Severity Assessment:**
-          - CRITICAL: Crashes, data loss, security issues, blocks major functionality
-          - HIGH: Significant bugs affecting many users, important features broken
-          - MEDIUM: Bugs with workarounds, minor features broken
-          - LOW: Minor issues, cosmetic, nice-to-haves
-
-          **Activity Assessment:**
-          - Note issues with high comment counts or engagement
-          - Note issues from repeat reporters (check if author has filed before)
-
-          STEP 3: Cross-reference with existing issues
-          For issues that seem like feature requests or recurring bugs:
-          - Search for similar older issues to identify patterns
-          - Note if this is a frequently requested feature
-          - Identify any issues that are duplicates of long-standing requests
-
-          STEP 4: Generate the recap
-          Create a structured recap with these sections:
-
-          ===DISCORD_START===
-          **Daily Issues Recap - ${TODAY}**
-
-          **Summary Stats**
-          - Total issues opened today: [count]
-          - By category: [bugs/features/questions]
-
-          **Critical/High Priority Issues**
-          [List any CRITICAL or HIGH severity issues with brief descriptions and issue numbers]
-
-          **Most Active/Discussed**
-          [Issues with significant engagement or from active community members]
-
-          **Trending Topics**
-          [Patterns noticed - e.g., 'Multiple reports about X', 'Continued interest in Y feature']
-
-          **Duplicates & Related**
-          [Issues that relate to existing open issues]
-          ===DISCORD_END===
-
-          STEP 5: Format for Discord
-          Format the recap as a Discord-compatible message:
-          - Use Discord markdown (**, __, etc.)
-          - BE EXTREMELY CONCISE - this is an EOD summary, not a detailed report
-          - Use hyperlinked issue numbers with suppressed embeds: [#1234](<https://github.com/${{ github.repository }}/issues/1234>)
-          - Group related issues on single lines where possible
-          - Add emoji sparingly for critical items only
-          - HARD LIMIT: Keep under 1800 characters total
-          - Skip sections that have nothing notable (e.g., if no critical issues, omit that section)
-          - Prioritize signal over completeness - only surface what matters
-
-          OUTPUT: Output ONLY the content between ===DISCORD_START=== and ===DISCORD_END=== markers. Include the markers so I can extract it." > /tmp/recap_raw.txt
-
-          # Extract only the Discord message between markers
-          sed -n '/===DISCORD_START===/,/===DISCORD_END===/p' /tmp/recap_raw.txt | grep -v '===DISCORD' > /tmp/recap.txt
-
-          echo "recap_file=/tmp/recap.txt" >> $GITHUB_OUTPUT
-
-      - name: Post to Discord
-        env:
-          DISCORD_WEBHOOK_URL: ${{ secrets.DISCORD_ISSUES_WEBHOOK_URL }}
-        run: |
-          if [ -z "$DISCORD_WEBHOOK_URL" ]; then
-            echo "Warning: DISCORD_ISSUES_WEBHOOK_URL secret not set, skipping Discord post"
-            cat /tmp/recap.txt
-            exit 0
-          fi
-
-          # Read the recap
-          RECAP_RAW=$(cat /tmp/recap.txt)
-          RECAP_LENGTH=${#RECAP_RAW}
-
-          echo "Recap length: ${RECAP_LENGTH} chars"
-
-          # Function to post a message to Discord
-          post_to_discord() {
-            local msg="$1"
-            local content=$(echo "$msg" | jq -Rs '.')
-            curl -s -H "Content-Type: application/json" \
-                 -X POST \
-                 -d "{\"content\": ${content}}" \
-                 "$DISCORD_WEBHOOK_URL"
-            sleep 1
-          }
-
-          # If under limit, send as single message
-          if [ "$RECAP_LENGTH" -le 1950 ]; then
-            post_to_discord "$RECAP_RAW"
-          else
-            echo "Splitting into multiple messages..."
-            remaining="$RECAP_RAW"
-            while [ ${#remaining} -gt 0 ]; do
-              if [ ${#remaining} -le 1950 ]; then
-                post_to_discord "$remaining"
-                break
-              else
-                chunk="${remaining:0:1900}"
-                last_newline=$(echo "$chunk" | grep -bo $'\n' | tail -1 | cut -d: -f1)
-                if [ -n "$last_newline" ] && [ "$last_newline" -gt 500 ]; then
-                  chunk="${remaining:0:$last_newline}"
-                  remaining="${remaining:$((last_newline+1))}"
-                else
-                  chunk="${remaining:0:1900}"
-                  remaining="${remaining:1900}"
-                fi
-                post_to_discord "$chunk"
-              fi
-            done
-          fi
-
-          echo "Posted daily recap to Discord"

.github/workflows/daily-pr-recap.yml

@@ -1,173 +0,0 @@
-name: daily-pr-recap
-
-on:
-  schedule:
-    # Run at 5pm EST (22:00 UTC, or 21:00 UTC during daylight saving)
-    - cron: "0 22 * * *"
-  workflow_dispatch: # Allow manual trigger for testing
-
-jobs:
-  pr-recap:
-    runs-on: blacksmith-4vcpu-ubuntu-2404
-    permissions:
-      contents: read
-      pull-requests: read
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 1
-
-      - uses: ./.github/actions/setup-bun
-
-      - name: Install opencode
-        run: curl -fsSL https://opencode.ai/install | bash
-
-      - name: Generate daily PR recap
-        id: recap
-        env:
-          OPENCODE_API_KEY: ${{ secrets.OPENCODE_API_KEY }}
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          OPENCODE_PERMISSION: |
-            {
-              "bash": {
-                "*": "deny",
-                "gh pr*": "allow",
-                "gh search*": "allow"
-              },
-              "webfetch": "deny",
-              "edit": "deny",
-              "write": "deny"
-            }
-        run: |
-          TODAY=$(date -u +%Y-%m-%d)
-
-          opencode run -m opencode/claude-sonnet-4-5 "Generate a daily PR activity recap for the OpenCode repository.
-
-          TODAY'S DATE: ${TODAY}
-
-          STEP 1: Gather PR data
-          Run these commands to gather PR information. ONLY include OPEN PRs created or updated TODAY (${TODAY}):
-
-          # Open PRs created today
-          gh pr list --repo ${{ github.repository }} --state open --search \"created:${TODAY}\" --json number,title,author,labels,createdAt,updatedAt,reviewDecision,isDraft,additions,deletions --limit 100
-
-          # Open PRs with activity today (updated today)
-          gh pr list --repo ${{ github.repository }} --state open --search \"updated:${TODAY}\" --json number,title,author,labels,createdAt,updatedAt,reviewDecision,isDraft,additions,deletions --limit 100
-
-          IMPORTANT: EXCLUDE all PRs authored by Anomaly team members. Filter out PRs where the author login matches ANY of these:
-          adamdotdevin, Brendonovich, fwang, Hona, iamdavidhill, jayair, kitlangton, kommander, MrMushrooooom, R44VC0RP, rekram1-node, thdxr
-          This recap is specifically for COMMUNITY (external) contributions only.
-
-
-
-          STEP 2: For high-activity PRs, check comment counts
-          For promising PRs, run:
-          gh pr view [NUMBER] --repo ${{ github.repository }} --json comments --jq '[.comments[] | select(.author.login != \"copilot-pull-request-reviewer\" and .author.login != \"github-actions\")] | length'
-
-          IMPORTANT: When counting comments/activity, EXCLUDE these bot accounts:
-          - copilot-pull-request-reviewer
-          - github-actions
-
-          STEP 3: Identify what matters (ONLY from today's PRs)
-
-          **Bug Fixes From Today:**
-          - PRs with 'fix' or 'bug' in title created/updated today
-          - Small bug fixes (< 100 lines changed) that are easy to review
-          - Bug fixes from community contributors
-
-          **High Activity Today:**
-          - PRs with significant human comments today (excluding bots listed above)
-          - PRs with back-and-forth discussion today
-
-          **Quick Wins:**
-          - Small PRs (< 50 lines) that are approved or nearly approved
-          - PRs that just need a final review
-
-          STEP 4: Generate the recap
-          Create a structured recap:
-
-          ===DISCORD_START===
-          **Daily PR Recap - ${TODAY}**
-
-          **New PRs Today**
-          [PRs opened today - group by type: bug fixes, features, etc.]
-
-          **Active PRs Today**
-          [PRs with activity/updates today - significant discussion]
-
-          **Quick Wins**
-          [Small PRs ready to merge]
-          ===DISCORD_END===
-
-          STEP 5: Format for Discord
-          - Use Discord markdown (**, __, etc.)
-          - BE EXTREMELY CONCISE - surface what we might miss
-          - Use hyperlinked PR numbers with suppressed embeds: [#1234](<https://github.com/${{ github.repository }}/pull/1234>)
-          - Include PR author: [#1234](<url>) (@author)
-          - For bug fixes, add brief description of what it fixes
-          - Show line count for quick wins: \"(+15/-3 lines)\"
-          - HARD LIMIT: Keep under 1800 characters total
-          - Skip empty sections
-          - Focus on PRs that need human eyes
-
-          OUTPUT: Output ONLY the content between ===DISCORD_START=== and ===DISCORD_END=== markers. Include the markers so I can extract it." > /tmp/pr_recap_raw.txt
-
-          # Extract only the Discord message between markers
-          sed -n '/===DISCORD_START===/,/===DISCORD_END===/p' /tmp/pr_recap_raw.txt | grep -v '===DISCORD' > /tmp/pr_recap.txt
-
-          echo "recap_file=/tmp/pr_recap.txt" >> $GITHUB_OUTPUT
-
-      - name: Post to Discord
-        env:
-          DISCORD_WEBHOOK_URL: ${{ secrets.DISCORD_ISSUES_WEBHOOK_URL }}
-        run: |
-          if [ -z "$DISCORD_WEBHOOK_URL" ]; then
-            echo "Warning: DISCORD_ISSUES_WEBHOOK_URL secret not set, skipping Discord post"
-            cat /tmp/pr_recap.txt
-            exit 0
-          fi
-
-          # Read the recap
-          RECAP_RAW=$(cat /tmp/pr_recap.txt)
-          RECAP_LENGTH=${#RECAP_RAW}
-
-          echo "Recap length: ${RECAP_LENGTH} chars"
-
-          # Function to post a message to Discord
-          post_to_discord() {
-            local msg="$1"
-            local content=$(echo "$msg" | jq -Rs '.')
-            curl -s -H "Content-Type: application/json" \
-                 -X POST \
-                 -d "{\"content\": ${content}}" \
-                 "$DISCORD_WEBHOOK_URL"
-            sleep 1
-          }
-
-          # If under limit, send as single message
-          if [ "$RECAP_LENGTH" -le 1950 ]; then
-            post_to_discord "$RECAP_RAW"
-          else
-            echo "Splitting into multiple messages..."
-            remaining="$RECAP_RAW"
-            while [ ${#remaining} -gt 0 ]; do
-              if [ ${#remaining} -le 1950 ]; then
-                post_to_discord "$remaining"
-                break
-              else
-                chunk="${remaining:0:1900}"
-                last_newline=$(echo "$chunk" | grep -bo $'\n' | tail -1 | cut -d: -f1)
-                if [ -n "$last_newline" ] && [ "$last_newline" -gt 500 ]; then
-                  chunk="${remaining:0:$last_newline}"
-                  remaining="${remaining:$((last_newline+1))}"
-                else
-                  chunk="${remaining:0:1900}"
-                  remaining="${remaining:1900}"
-                fi
-                post_to_discord "$chunk"
-              fi
-            done
-          fi
-
-          echo "Posted daily PR recap to Discord"

.github/workflows/publish.yml

@@ -209,182 +209,6 @@ jobs:
             packages/opencode/dist/opencode-windows-x64
             packages/opencode/dist/opencode-windows-x64-baseline
 
-  build-tauri:
-    needs:
-      - build-cli
-      - version
-    continue-on-error: false
-    env:
-      AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
-      AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
-      AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
-      AZURE_TRUSTED_SIGNING_ACCOUNT_NAME: ${{ secrets.AZURE_TRUSTED_SIGNING_ACCOUNT_NAME }}
-      AZURE_TRUSTED_SIGNING_CERTIFICATE_PROFILE: ${{ secrets.AZURE_TRUSTED_SIGNING_CERTIFICATE_PROFILE }}
-      AZURE_TRUSTED_SIGNING_ENDPOINT: ${{ secrets.AZURE_TRUSTED_SIGNING_ENDPOINT }}
-    strategy:
-      fail-fast: false
-      matrix:
-        settings:
-          - host: macos-latest
-            target: x86_64-apple-darwin
-          - host: macos-latest
-            target: aarch64-apple-darwin
-          # github-hosted: blacksmith lacks ARM64 MSVC cross-compilation toolchain
-          - host: windows-2025
-            target: aarch64-pc-windows-msvc
-          - host: blacksmith-4vcpu-windows-2025
-            target: x86_64-pc-windows-msvc
-          - host: blacksmith-4vcpu-ubuntu-2404
-            target: x86_64-unknown-linux-gnu
-          - host: blacksmith-8vcpu-ubuntu-2404-arm
-            target: aarch64-unknown-linux-gnu
-    runs-on: ${{ matrix.settings.host }}
-    steps:
-      - uses: actions/checkout@v3
-        with:
-          fetch-tags: true
-
-      - uses: apple-actions/import-codesign-certs@v2
-        if: ${{ runner.os == 'macOS' }}
-        with:
-          keychain: build
-          p12-file-base64: ${{ secrets.APPLE_CERTIFICATE }}
-          p12-password: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
-
-      - name: Verify Certificate
-        if: ${{ runner.os == 'macOS' }}
-        run: |
-          CERT_INFO=$(security find-identity -v -p codesigning build.keychain | grep "Developer ID Application")
-          CERT_ID=$(echo "$CERT_INFO" | awk -F'"' '{print $2}')
-          echo "CERT_ID=$CERT_ID" >> $GITHUB_ENV
-          echo "Certificate imported."
-
-      - name: Setup Apple API Key
-        if: ${{ runner.os == 'macOS' }}
-        run: |
-          echo "${{ secrets.APPLE_API_KEY_PATH }}" > $RUNNER_TEMP/apple-api-key.p8
-
-      - uses: ./.github/actions/setup-bun
-
-      - name: Azure login
-        if: runner.os == 'Windows'
-        uses: azure/login@v2
-        with:
-          client-id: ${{ env.AZURE_CLIENT_ID }}
-          tenant-id: ${{ env.AZURE_TENANT_ID }}
-          subscription-id: ${{ env.AZURE_SUBSCRIPTION_ID }}
-
-      - uses: actions/setup-node@v4
-        with:
-          node-version: "24"
-
-      - name: Cache apt packages
-        if: contains(matrix.settings.host, 'ubuntu')
-        uses: actions/cache@v4
-        with:
-          path: ~/apt-cache
-          key: ${{ runner.os }}-${{ matrix.settings.target }}-apt-${{ hashFiles('.github/workflows/publish.yml') }}
-          restore-keys: |
-            ${{ runner.os }}-${{ matrix.settings.target }}-apt-
-
-      - name: install dependencies (ubuntu only)
-        if: contains(matrix.settings.host, 'ubuntu')
-        run: |
-          mkdir -p ~/apt-cache && chmod -R a+rw ~/apt-cache
-          sudo apt-get update
-          sudo apt-get install -y --no-install-recommends -o dir::cache::archives="$HOME/apt-cache" libwebkit2gtk-4.1-dev libappindicator3-dev librsvg2-dev patchelf
-          sudo chmod -R a+rw ~/apt-cache
-
-      - name: install Rust stable
-        uses: dtolnay/rust-toolchain@stable
-        with:
-          targets: ${{ matrix.settings.target }}
-
-      - uses: Swatinem/rust-cache@v2
-        with:
-          workspaces: packages/desktop/src-tauri
-          shared-key: ${{ matrix.settings.target }}
-
-      - name: Prepare
-        run: |
-          cd packages/desktop
-          bun ./scripts/prepare.ts
-        env:
-          OPENCODE_VERSION: ${{ needs.version.outputs.version }}
-          GITHUB_TOKEN: ${{ steps.committer.outputs.token }}
-          OPENCODE_CLI_ARTIFACT: ${{ (runner.os == 'Windows' && 'opencode-cli-windows') || 'opencode-cli' }}
-          RUST_TARGET: ${{ matrix.settings.target }}
-          GH_TOKEN: ${{ github.token }}
-          GITHUB_RUN_ID: ${{ github.run_id }}
-
-      - name: Resolve tauri portable SHA
-        if: contains(matrix.settings.host, 'ubuntu')
-        run: echo "TAURI_PORTABLE_SHA=$(git ls-remote https://github.com/tauri-apps/tauri.git refs/heads/feat/truly-portable-appimage | cut -f1)" >> "$GITHUB_ENV"
-
-      # Fixes AppImage build issues, can be removed when https://github.com/tauri-apps/tauri/pull/12491 is released
-      - name: Install tauri-cli from portable appimage branch
-        uses: taiki-e/cache-cargo-install-action@v3
-        if: contains(matrix.settings.host, 'ubuntu')
-        with:
-          tool: tauri-cli
-          git: https://github.com/tauri-apps/tauri
-          # branch: feat/truly-portable-appimage
-          rev: ${{ env.TAURI_PORTABLE_SHA }}
-
-      - name: Show tauri-cli version
-        if: contains(matrix.settings.host, 'ubuntu')
-        run: cargo tauri --version
-
-      - name: Setup git committer
-        id: committer
-        uses: ./.github/actions/setup-git-committer
-        with:
-          opencode-app-id: ${{ vars.OPENCODE_APP_ID }}
-          opencode-app-secret: ${{ secrets.OPENCODE_APP_SECRET }}
-
-      - name: Build and upload artifacts
-        uses: tauri-apps/tauri-action@390cbe447412ced1303d35abe75287949e43437a
-        timeout-minutes: 60
-        with:
-          projectPath: packages/desktop
-          uploadWorkflowArtifacts: true
-          tauriScript: ${{ (contains(matrix.settings.host, 'ubuntu') && 'cargo tauri') || '' }}
-          args: --target ${{ matrix.settings.target }} --config ${{ (github.ref_name == 'beta' && './src-tauri/tauri.beta.conf.json') || './src-tauri/tauri.prod.conf.json' }} --verbose
-          updaterJsonPreferNsis: true
-          releaseId: ${{ needs.version.outputs.release }}
-          tagName: ${{ needs.version.outputs.tag }}
-          releaseDraft: true
-          releaseAssetNamePattern: opencode-desktop-[platform]-[arch][ext]
-          repo: ${{ (github.ref_name == 'beta' && 'opencode-beta') || '' }}
-          releaseCommitish: ${{ github.sha }}
-        env:
-          GITHUB_TOKEN: ${{ steps.committer.outputs.token }}
-          TAURI_BUNDLER_NEW_APPIMAGE_FORMAT: true
-          TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }}
-          TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }}
-          APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
-          APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
-          APPLE_SIGNING_IDENTITY: ${{ env.CERT_ID }}
-          APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
-          APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }}
-          APPLE_API_KEY_PATH: ${{ runner.temp }}/apple-api-key.p8
-
-      - name: Verify signed Windows desktop artifacts
-        if: runner.os == 'Windows'
-        shell: pwsh
-        run: |
-          $files = @(
-            "${{ github.workspace }}\packages\desktop\src-tauri\sidecars\opencode-cli-${{ matrix.settings.target }}.exe"
-          )
-          $files += Get-ChildItem "${{ github.workspace }}\packages\desktop\src-tauri\target\${{ matrix.settings.target }}\release\bundle\nsis\*.exe" | Select-Object -ExpandProperty FullName
-
-          foreach ($file in $files) {
-            $sig = Get-AuthenticodeSignature $file
-            if ($sig.Status -ne "Valid") {
-              throw "Invalid signature for ${file}: $($sig.Status)"
-            }
-          }
-
   build-electron:
     needs:
       - build-cli
@@ -524,6 +348,30 @@ jobs:
         env:
           OPENCODE_CHANNEL: ${{ (github.ref_name == 'beta' && 'beta') || 'prod' }}
 
+      - name: Create and upload macOS .app.tar.gz
+        if: runner.os == 'macOS' && needs.version.outputs.release
+        working-directory: packages/desktop-electron/dist
+        env:
+          GH_TOKEN: ${{ steps.committer.outputs.token }}
+        run: |
+          if [[ "${{ matrix.settings.target }}" == "x86_64-apple-darwin" ]]; then
+            APP_DIR="mac"
+            OUT_NAME="opencode-desktop-mac-x64.app.tar.gz"
+          elif [[ "${{ matrix.settings.target }}" == "aarch64-apple-darwin" ]]; then
+            APP_DIR="mac-arm64"
+            OUT_NAME="opencode-desktop-mac-arm64.app.tar.gz"
+          else
+            echo "Unknown macOS target: ${{ matrix.settings.target }}"
+            exit 1
+          fi
+          APP_PATH=$(find "$APP_DIR" -maxdepth 1 -name "*.app" -type d | head -1)
+          if [ -z "$APP_PATH" ]; then
+            echo "No .app bundle found in $APP_DIR"
+            exit 1
+          fi
+          tar -czf "$OUT_NAME" -C "$(dirname "$APP_PATH")" "$(basename "$APP_PATH")"
+          gh release upload "v${{ needs.version.outputs.version }}" "$OUT_NAME" --clobber --repo "${{ needs.version.outputs.repo }}"
+
       - name: Verify signed Windows Electron artifacts
         if: runner.os == 'Windows'
         shell: pwsh
@@ -542,7 +390,7 @@ jobs:
 
       - uses: actions/upload-artifact@v4
         with:
-          name: opencode-electron-${{ matrix.settings.target }}
+          name: opencode-desktop-${{ matrix.settings.target }}
           path: packages/desktop-electron/dist/*
 
       - uses: actions/upload-artifact@v4
@@ -556,7 +404,6 @@ jobs:
       - version
       - build-cli
       - sign-cli-windows
-      - build-tauri
       - build-electron
     if: always() && !failure() && !cancelled()
     runs-on: blacksmith-4vcpu-ubuntu-2404
@@ -583,13 +430,6 @@ jobs:
           node-version: "24"
           registry-url: "https://registry.npmjs.org"
 
-      - name: Setup git committer
-        id: committer
-        uses: ./.github/actions/setup-git-committer
-        with:
-          opencode-app-id: ${{ vars.OPENCODE_APP_ID }}
-          opencode-app-secret: ${{ secrets.OPENCODE_APP_SECRET }}
-
       - uses: actions/download-artifact@v4
         with:
           name: opencode-cli
@@ -611,6 +451,13 @@ jobs:
           pattern: latest-yml-*
           path: /tmp/latest-yml
 
+      - name: Setup git committer
+        id: committer
+        uses: ./.github/actions/setup-git-committer
+        with:
+          opencode-app-id: ${{ vars.OPENCODE_APP_ID }}
+          opencode-app-secret: ${{ secrets.OPENCODE_APP_SECRET }}
+
       - name: Cache apt packages (AUR)
         uses: actions/cache@v4
         with:
@@ -639,3 +486,5 @@ jobs:
           GH_REPO: ${{ needs.version.outputs.repo }}
           NPM_CONFIG_PROVENANCE: false
           LATEST_YML_DIR: /tmp/latest-yml
+          TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }}
+          TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }}

.github/workflows/vouch-check-issue.yml

@@ -1,116 +0,0 @@
-name: vouch-check-issue
-
-on:
-  issues:
-    types: [opened]
-
-permissions:
-  contents: read
-  issues: write
-
-jobs:
-  check:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Check if issue author is denounced
-        uses: actions/github-script@v7
-        with:
-          script: |
-            const author = context.payload.issue.user.login;
-            const issueNumber = context.payload.issue.number;
-
-            // Skip bots
-            if (author.endsWith('[bot]')) {
-              core.info(`Skipping bot: ${author}`);
-              return;
-            }
-
-            // Read the VOUCHED.td file via API (no checkout needed)
-            let content;
-            try {
-              const response = await github.rest.repos.getContent({
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-                path: '.github/VOUCHED.td',
-              });
-              content = Buffer.from(response.data.content, 'base64').toString('utf-8');
-            } catch (error) {
-              if (error.status === 404) {
-                core.info('No .github/VOUCHED.td file found, skipping check.');
-                return;
-              }
-              throw error;
-            }
-
-            // Parse the .td file for vouched and denounced users
-            const vouched = new Set();
-            const denounced = new Map();
-            for (const line of content.split('\n')) {
-              const trimmed = line.trim();
-              if (!trimmed || trimmed.startsWith('#')) continue;
-
-              const isDenounced = trimmed.startsWith('-');
-              const rest = isDenounced ? trimmed.slice(1).trim() : trimmed;
-              if (!rest) continue;
-
-              const spaceIdx = rest.indexOf(' ');
-              const handle = spaceIdx === -1 ? rest : rest.slice(0, spaceIdx);
-              const reason = spaceIdx === -1 ? null : rest.slice(spaceIdx + 1).trim();
-
-              // Handle platform:username or bare username
-              // Only match bare usernames or github: prefix (skip other platforms)
-              const colonIdx = handle.indexOf(':');
-              if (colonIdx !== -1) {
-                const platform = handle.slice(0, colonIdx).toLowerCase();
-                if (platform !== 'github') continue;
-              }
-              const username = colonIdx === -1 ? handle : handle.slice(colonIdx + 1);
-              if (!username) continue;
-
-              if (isDenounced) {
-                denounced.set(username.toLowerCase(), reason);
-                continue;
-              }
-
-              vouched.add(username.toLowerCase());
-            }
-
-            // Check if the author is denounced
-            const reason = denounced.get(author.toLowerCase());
-            if (reason !== undefined) {
-              // Author is denounced — close the issue
-              const body = 'This issue has been automatically closed.';
-
-              await github.rest.issues.createComment({
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-                issue_number: issueNumber,
-                body,
-              });
-
-              await github.rest.issues.update({
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-                issue_number: issueNumber,
-                state: 'closed',
-                state_reason: 'not_planned',
-              });
-
-              core.info(`Closed issue #${issueNumber} from denounced user ${author}`);
-              return;
-            }
-
-            // Author is positively vouched — add label
-            if (!vouched.has(author.toLowerCase())) {
-              core.info(`User ${author} is not denounced or vouched. Allowing issue.`);
-              return;
-            }
-
-            await github.rest.issues.addLabels({
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              issue_number: issueNumber,
-              labels: ['Vouched'],
-            });
-
-            core.info(`Added vouched label to issue #${issueNumber} from ${author}`);

.github/workflows/vouch-check-pr.yml

@@ -1,114 +0,0 @@
-name: vouch-check-pr
-
-on:
-  pull_request_target:
-    types: [opened]
-
-permissions:
-  contents: read
-  issues: write
-  pull-requests: write
-
-jobs:
-  check:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Check if PR author is denounced
-        uses: actions/github-script@v7
-        with:
-          script: |
-            const author = context.payload.pull_request.user.login;
-            const prNumber = context.payload.pull_request.number;
-
-            // Skip bots
-            if (author.endsWith('[bot]')) {
-              core.info(`Skipping bot: ${author}`);
-              return;
-            }
-
-            // Read the VOUCHED.td file via API (no checkout needed)
-            let content;
-            try {
-              const response = await github.rest.repos.getContent({
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-                path: '.github/VOUCHED.td',
-              });
-              content = Buffer.from(response.data.content, 'base64').toString('utf-8');
-            } catch (error) {
-              if (error.status === 404) {
-                core.info('No .github/VOUCHED.td file found, skipping check.');
-                return;
-              }
-              throw error;
-            }
-
-            // Parse the .td file for vouched and denounced users
-            const vouched = new Set();
-            const denounced = new Map();
-            for (const line of content.split('\n')) {
-              const trimmed = line.trim();
-              if (!trimmed || trimmed.startsWith('#')) continue;
-
-              const isDenounced = trimmed.startsWith('-');
-              const rest = isDenounced ? trimmed.slice(1).trim() : trimmed;
-              if (!rest) continue;
-
-              const spaceIdx = rest.indexOf(' ');
-              const handle = spaceIdx === -1 ? rest : rest.slice(0, spaceIdx);
-              const reason = spaceIdx === -1 ? null : rest.slice(spaceIdx + 1).trim();
-
-              // Handle platform:username or bare username
-              // Only match bare usernames or github: prefix (skip other platforms)
-              const colonIdx = handle.indexOf(':');
-              if (colonIdx !== -1) {
-                const platform = handle.slice(0, colonIdx).toLowerCase();
-                if (platform !== 'github') continue;
-              }
-              const username = colonIdx === -1 ? handle : handle.slice(colonIdx + 1);
-              if (!username) continue;
-
-              if (isDenounced) {
-                denounced.set(username.toLowerCase(), reason);
-                continue;
-              }
-
-              vouched.add(username.toLowerCase());
-            }
-
-            // Check if the author is denounced
-            const reason = denounced.get(author.toLowerCase());
-            if (reason !== undefined) {
-              // Author is denounced — close the PR
-              await github.rest.issues.createComment({
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-                issue_number: prNumber,
-                body: 'This pull request has been automatically closed.',
-              });
-
-              await github.rest.pulls.update({
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-                pull_number: prNumber,
-                state: 'closed',
-              });
-
-              core.info(`Closed PR #${prNumber} from denounced user ${author}`);
-              return;
-            }
-
-            // Author is positively vouched — add label
-            if (!vouched.has(author.toLowerCase())) {
-              core.info(`User ${author} is not denounced or vouched. Allowing PR.`);
-              return;
-            }
-
-            await github.rest.issues.addLabels({
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              issue_number: prNumber,
-              labels: ['Vouched'],
-            });
-
-            core.info(`Added vouched label to PR #${prNumber} from ${author}`);

.github/workflows/vouch-manage-by-issue.yml

@@ -1,38 +0,0 @@
-name: vouch-manage-by-issue
-
-on:
-  issue_comment:
-    types: [created]
-
-concurrency:
-  group: vouch-manage
-  cancel-in-progress: false
-
-permissions:
-  contents: write
-  issues: write
-  pull-requests: read
-
-jobs:
-  manage:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          persist-credentials: false
-          fetch-depth: 0
-
-      - name: Setup git committer
-        id: committer
-        uses: ./.github/actions/setup-git-committer
-        with:
-          opencode-app-id: ${{ vars.OPENCODE_APP_ID }}
-          opencode-app-secret: ${{ secrets.OPENCODE_APP_SECRET }}
-
-      - uses: mitchellh/vouch/action/manage-by-issue@main
-        with:
-          issue-id: ${{ github.event.issue.number }}
-          comment-id: ${{ github.event.comment.id }}
-          roles: admin,maintain,write
-        env:
-          GITHUB_TOKEN: ${{ steps.committer.outputs.token }}

.opencode/agent/triage.md

@@ -1,7 +1,7 @@
 ---
 mode: primary
 hidden: true
-model: opencode/minimax-m2.5
+model: opencode/gpt-5.4-nano
 color: "#44BA81"
 tools:
   "*": false
@@ -14,127 +14,30 @@ Use your github-triage tool to triage issues.
 
 This file is the source of truth for ownership/routing rules.
 
-## Labels
+Assign issues by choosing the team with the strongest overlap. The github-triage tool will assign a random member from that team.
 
-### windows
+Do not add labels to issues. Only assign an owner.
 
-Use for any issue that mentions Windows (the OS). Be sure they are saying that they are on Windows.
+When calling github-triage, pass one of these team values: tui, desktop_web, core, inference, windows.
 
-- Use if they mention WSL too
+## Teams
 
-#### perf
+### TUI
 
-Performance-related issues:
+Terminal UI issues, including rendering, keybindings, scrolling, terminal compatibility, SSH behavior, crashes in the TUI, and low-level TUI performance.
 
-- Slow performance
-- High RAM usage
-- High CPU usage
+### Desktop / Web
 
-**Only** add if it's likely a RAM or CPU issue. **Do not** add for LLM slowness.
+Desktop application and browser-based app issues, including `opencode web`, desktop-specific UI behavior, packaging, and web view problems.
 
-#### desktop
+### Core
 
-Desktop app issues:
+Core opencode server and harness issues, including sqlite, snapshots, memory, API behavior, agent context construction, tool execution, provider integrations, model behavior, documentation, and larger architectural features.
 
-- `opencode web` command
-- The desktop app itself
+### Inference
 
-**Only** add if it's specifically about the Desktop application or `opencode web` view. **Do not** add for terminal, TUI, or general opencode issues.
+OpenCode Zen, OpenCode Go, and billing issues.
 
-#### nix
+### Windows
 
-**Only** add if the issue explicitly mentions nix.
-
-If the issue does not mention nix, do not add nix.
-
-If the issue mentions nix, assign to `rekram1-node`.
-
-#### zen
-
-**Only** add if the issue mentions "zen" or "opencode zen" or "opencode black".
-
-If the issue doesn't have "zen" or "opencode black" in it then don't add zen label
-
-#### core
-
-Use for core server issues in `packages/opencode/`, excluding `packages/opencode/src/cli/cmd/tui/`.
-
-Examples:
-
-- LSP server behavior
-- Harness behavior (agent + tools)
-- Feature requests for server behavior
-- Agent context construction
-- API endpoints
-- Provider integration issues
-- New, broken, or poor-quality models
-
-#### acp
-
-If the issue mentions acp support, assign acp label.
-
-#### docs
-
-Add if the issue requests better documentation or docs updates.
-
-#### opentui
-
-TUI issues potentially caused by our underlying TUI library:
-
-- Keybindings not working
-- Scroll speed issues (too fast/slow/laggy)
-- Screen flickering
-- Crashes with opentui in the log
-
-**Do not** add for general TUI bugs.
-
-When assigning to people here are the following rules:
-
-Desktop / Web:
-Use for desktop-labeled issues only.
-
-- adamdotdevin
-- iamdavidhill
-- Brendonovich
-- nexxeln
-
-Zen:
-ONLY assign if the issue will have the "zen" label.
-
-- fwang
-- MrMushrooooom
-
-TUI (`packages/opencode/src/cli/cmd/tui/...`):
-
-- thdxr for TUI UX/UI product decisions and interaction flow
-- kommander for OpenTUI engine issues: rendering artifacts, keybind handling, terminal compatibility, SSH behavior, and low-level perf bottlenecks
-- rekram1-node for TUI bugs that are not clearly OpenTUI engine issues
-
-Core (`packages/opencode/...`, excluding TUI subtree):
-
-- thdxr for sqlite/snapshot/memory bugs and larger architectural core features
-- jlongster for opencode server + API feature work (tool currently remaps jlongster -> thdxr until assignable)
-- rekram1-node for harness issues, provider issues, and other bug-squashing
-
-For core bugs that do not clearly map, either thdxr or rekram1-node is acceptable.
-
-Docs:
-
-- R44VC0RP
-
-Windows:
-
-- Hona (assign any issue that mentions Windows or is likely Windows-specific)
-
-Determinism rules:
-
-- If title + body does not contain "zen", do not add the "zen" label
-- If "nix" label is added but title + body does not mention nix/nixos, the tool will drop "nix"
-- If title + body mentions nix/nixos, assign to `rekram1-node`
-- If "desktop" label is added, the tool will override assignee and randomly pick one Desktop / Web owner
-
-In all other cases, choose the team/section with the most overlap with the issue and assign a member from that team at random.
-
-ACP:
-
-- rekram1-node (assign any acp issues to rekram1-node)
+Windows-specific issues, including native Windows behavior, WSL interactions, path handling, shell compatibility, and installation or runtime problems that only happen on Windows.

.opencode/command/changelog.md

@@ -18,9 +18,12 @@ Do not use `git log` or author metadata when deciding attribution.
 
 Rules:
 
-- Write the final file with sections in this order:
+- Write the final file with release sections in this order:
   `## Core`, `## TUI`, `## Desktop`, `## SDK`, `## Extensions`
 - Only include sections that have at least one notable entry
+- Within each release section, keep bug fixes grouped under `### Bugfixes`
+- Keep other notable entries under `### Improvements` when a section has bug fixes too
+- Omit empty subsections
 - Keep one bullet per commit you keep
 - Skip commits that are entirely internal, CI, tests, refactors, or otherwise not user-facing
 - Start each bullet with a capital letter

.opencode/tool/github-triage.ts

@@ -1,16 +1,14 @@
 /// <reference path="../env.d.ts" />
 import { tool } from "@opencode-ai/plugin"
+
 const TEAM = {
-  desktop: ["adamdotdevin", "iamdavidhill", "Brendonovich", "nexxeln"],
-  zen: ["fwang", "MrMushrooooom"],
-  tui: ["kommander", "rekram1-node", "simonklee"],
-  core: ["kitlangton", "rekram1-node", "jlongster"],
-  docs: ["R44VC0RP"],
+  tui: ["kommander", "simonklee"],
+  desktop_web: ["Hona", "Brendonovich"],
+  core: ["jlongster", "rekram1-node", "nexxeln", "kitlangton"],
+  inference: ["fwang", "MrMushrooooom"],
   windows: ["Hona"],
 } as const
 
-const ASSIGNEES = [...new Set(Object.values(TEAM).flat())]
-
 function pick<T>(items: readonly T[]) {
   return items[Math.floor(Math.random() * items.length)]!
 }
@@ -38,79 +36,25 @@ async function githubFetch(endpoint: string, options: RequestInit = {}) {
 }
 
 export default tool({
-  description: `Use this tool to assign and/or label a GitHub issue.
+  description: `Use this tool to assign a GitHub issue.
 
-Choose labels and assignee using the current triage policy and ownership rules.
-Pick the most fitting labels for the issue and assign one owner.
-
-If unsure, choose the team/section with the most overlap with the issue and assign a member from that team at random.`,
+Provide the team that should own the issue. This tool picks a random assignee from that team and does not apply labels.`,
   args: {
-    assignee: tool.schema
-      .enum(ASSIGNEES as [string, ...string[]])
-      .describe("The username of the assignee")
-      .default("rekram1-node"),
-    labels: tool.schema
-      .array(tool.schema.enum(["nix", "opentui", "perf", "web", "desktop", "zen", "docs", "windows", "core"]))
-      .describe("The labels(s) to add to the issue")
-      .default([]),
+    team: tool.schema
+      .enum(Object.keys(TEAM) as [keyof typeof TEAM, ...(keyof typeof TEAM)[]])
+      .describe("The owning team"),
   },
   async execute(args) {
     const issue = getIssueNumber()
     const owner = "anomalyco"
     const repo = "opencode"
-
-    const results: string[] = []
-    let labels = [...new Set(args.labels.map((x) => (x === "desktop" ? "web" : x)))]
-    const web = labels.includes("web")
-    const text = `${process.env.ISSUE_TITLE ?? ""}\n${process.env.ISSUE_BODY ?? ""}`.toLowerCase()
-    const zen = /\bzen\b/.test(text) || text.includes("opencode black")
-    const nix = /\bnix(os)?\b/.test(text)
-
-    if (labels.includes("nix") && !nix) {
-      labels = labels.filter((x) => x !== "nix")
-      results.push("Dropped label: nix (issue does not mention nix)")
-    }
-
-    const assignee = nix ? "rekram1-node" : web ? pick(TEAM.desktop) : args.assignee
-
-    if (labels.includes("zen") && !zen) {
-      throw new Error("Only add the zen label when issue title/body contains 'zen'")
-    }
-
-    if (web && !nix && !(TEAM.desktop as readonly string[]).includes(assignee)) {
-      throw new Error("Web issues must be assigned to adamdotdevin, iamdavidhill, Brendonovich, or nexxeln")
-    }
-
-    if ((TEAM.zen as readonly string[]).includes(assignee) && !labels.includes("zen")) {
-      throw new Error("Only zen issues should be assigned to fwang or MrMushrooooom")
-    }
-
-    if (assignee === "Hona" && !labels.includes("windows")) {
-      throw new Error("Only windows issues should be assigned to Hona")
-    }
-
-    if (assignee === "R44VC0RP" && !labels.includes("docs")) {
-      throw new Error("Only docs issues should be assigned to R44VC0RP")
-    }
-
-    if (assignee === "kommander" && !labels.includes("opentui")) {
-      throw new Error("Only opentui issues should be assigned to kommander")
-    }
+    const assignee = pick(TEAM[args.team])
 
     await githubFetch(`/repos/${owner}/${repo}/issues/${issue}/assignees`, {
       method: "POST",
       body: JSON.stringify({ assignees: [assignee] }),
     })
-    results.push(`Assigned @${assignee} to issue #${issue}`)
 
-    if (labels.length > 0) {
-      await githubFetch(`/repos/${owner}/${repo}/issues/${issue}/labels`, {
-        method: "POST",
-        body: JSON.stringify({ labels }),
-      })
-      results.push(`Added labels: ${labels.join(", ")}`)
-    }
-
-    return results.join("\n")
+    return `Assigned @${assignee} from ${args.team} to issue #${issue}`
   },
 })

README.md

@@ -132,7 +132,7 @@ It's very similar to Claude Code in terms of capability. Here are the key differ
 
 - 100% open source
 - Not coupled to any provider. Although we recommend the models we provide through [OpenCode Zen](https://opencode.ai/zen), OpenCode can be used with Claude, OpenAI, Google, or even local models. As models evolve, the gaps between them will close and pricing will drop, so being provider-agnostic is important.
-- Out-of-the-box LSP support
+- Built-in opt-in LSP support
 - A focus on TUI. OpenCode is built by neovim users and the creators of [terminal.shop](https://terminal.shop); we are going to push the limits of what's possible in the terminal.
 - A client/server architecture. This, for example, can allow OpenCode to run on your computer while you drive it remotely from a mobile app, meaning that the TUI frontend is just one of the possible clients.
 

bun.lock

@@ -29,7 +29,7 @@
     },
     "packages/app": {
       "name": "@opencode-ai/app",
-      "version": "1.14.31",
+      "version": "1.14.33",
       "dependencies": {
         "@kobalte/core": "catalog:",
         "@opencode-ai/core": "workspace:*",
@@ -85,7 +85,7 @@
     },
     "packages/console/app": {
       "name": "@opencode-ai/console-app",
-      "version": "1.14.31",
+      "version": "1.14.33",
       "dependencies": {
         "@cloudflare/vite-plugin": "1.15.2",
         "@ibm/plex": "6.4.1",
@@ -119,7 +119,7 @@
     },
     "packages/console/core": {
       "name": "@opencode-ai/console-core",
-      "version": "1.14.31",
+      "version": "1.14.33",
       "dependencies": {
         "@aws-sdk/client-sts": "3.782.0",
         "@jsx-email/render": "1.1.1",
@@ -146,7 +146,7 @@
     },
     "packages/console/function": {
       "name": "@opencode-ai/console-function",
-      "version": "1.14.31",
+      "version": "1.14.33",
       "dependencies": {
         "@ai-sdk/anthropic": "3.0.64",
         "@ai-sdk/openai": "3.0.48",
@@ -170,7 +170,7 @@
     },
     "packages/console/mail": {
       "name": "@opencode-ai/console-mail",
-      "version": "1.14.31",
+      "version": "1.14.33",
       "dependencies": {
         "@jsx-email/all": "2.2.3",
         "@jsx-email/cli": "1.4.3",
@@ -194,7 +194,7 @@
     },
     "packages/core": {
       "name": "@opencode-ai/core",
-      "version": "1.14.31",
+      "version": "1.14.33",
       "bin": {
         "opencode": "./bin/opencode",
       },
@@ -228,7 +228,7 @@
     },
     "packages/desktop": {
       "name": "@opencode-ai/desktop",
-      "version": "1.14.31",
+      "version": "1.14.33",
       "dependencies": {
         "@opencode-ai/app": "workspace:*",
         "@opencode-ai/ui": "workspace:*",
@@ -263,7 +263,7 @@
     },
     "packages/desktop-electron": {
       "name": "@opencode-ai/desktop-electron",
-      "version": "1.14.31",
+      "version": "1.14.33",
       "dependencies": {
         "drizzle-orm": "catalog:",
         "effect": "catalog:",
@@ -309,7 +309,7 @@
     },
     "packages/enterprise": {
       "name": "@opencode-ai/enterprise",
-      "version": "1.14.31",
+      "version": "1.14.33",
       "dependencies": {
         "@opencode-ai/core": "workspace:*",
         "@opencode-ai/ui": "workspace:*",
@@ -338,7 +338,7 @@
     },
     "packages/function": {
       "name": "@opencode-ai/function",
-      "version": "1.14.31",
+      "version": "1.14.33",
       "dependencies": {
         "@octokit/auth-app": "8.0.1",
         "@octokit/rest": "catalog:",
@@ -354,7 +354,7 @@
     },
     "packages/opencode": {
       "name": "opencode",
-      "version": "1.14.31",
+      "version": "1.14.33",
       "bin": {
         "opencode": "./bin/opencode",
       },
@@ -496,7 +496,7 @@
     },
     "packages/plugin": {
       "name": "@opencode-ai/plugin",
-      "version": "1.14.31",
+      "version": "1.14.33",
       "dependencies": {
         "@opencode-ai/sdk": "workspace:*",
         "effect": "catalog:",
@@ -531,7 +531,7 @@
     },
     "packages/sdk/js": {
       "name": "@opencode-ai/sdk",
-      "version": "1.14.31",
+      "version": "1.14.33",
       "dependencies": {
         "cross-spawn": "catalog:",
       },
@@ -546,7 +546,7 @@
     },
     "packages/slack": {
       "name": "@opencode-ai/slack",
-      "version": "1.14.31",
+      "version": "1.14.33",
       "dependencies": {
         "@opencode-ai/sdk": "workspace:*",
         "@slack/bolt": "^3.17.1",
@@ -581,7 +581,7 @@
     },
     "packages/ui": {
       "name": "@opencode-ai/ui",
-      "version": "1.14.31",
+      "version": "1.14.33",
       "dependencies": {
         "@kobalte/core": "catalog:",
         "@opencode-ai/core": "workspace:*",
@@ -630,7 +630,7 @@
     },
     "packages/web": {
       "name": "@opencode-ai/web",
-      "version": "1.14.31",
+      "version": "1.14.33",
       "dependencies": {
         "@astrojs/cloudflare": "12.6.3",
         "@astrojs/markdown-remark": "6.3.1",
@@ -715,7 +715,7 @@
     "dompurify": "3.3.1",
     "drizzle-kit": "1.0.0-beta.19-d95b7a4",
     "drizzle-orm": "1.0.0-beta.19-d95b7a4",
-    "effect": "4.0.0-beta.57",
+    "effect": "4.0.0-beta.59",
     "fuzzysort": "3.1.0",
     "hono": "4.10.7",
     "hono-openapi": "1.1.2",
@@ -3078,7 +3078,7 @@
 
     "ee-first": ["ee-first@1.1.1", "", {}, "sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow=="],
 
-    "effect": ["effect@4.0.0-beta.57", "", { "dependencies": { "@standard-schema/spec": "^1.1.0", "fast-check": "^4.6.0", "find-my-way-ts": "^0.1.6", "ini": "^6.0.0", "kubernetes-types": "^1.30.0", "msgpackr": "^1.11.9", "multipasta": "^0.2.7", "toml": "^4.1.1", "uuid": "^13.0.0", "yaml": "^2.8.3" } }, "sha512-rg32VgXnLKaPRs9tbRDaZ5jxmzNY7ojXt85gSHGUTwdlbWH5Ik+OCUY2q14TXliygPGoHwCAvNWS4bQJOqf00g=="],
+    "effect": ["effect@4.0.0-beta.59", "", { "dependencies": { "@standard-schema/spec": "^1.1.0", "fast-check": "^4.6.0", "find-my-way-ts": "^0.1.6", "ini": "^6.0.0", "kubernetes-types": "^1.30.0", "msgpackr": "^1.11.9", "multipasta": "^0.2.7", "toml": "^4.1.1", "uuid": "^13.0.0", "yaml": "^2.8.3" } }, "sha512-xyUDLeHSe8d6lWGOvR6Fgn2HL6gYeTZ/S4Jzk9uc4ZUxMPPsNZlNXrvk0C7/utQFzeX7uAWcVnG2BjbA0SRoAA=="],
 
     "ejs": ["ejs@3.1.10", "", { "dependencies": { "jake": "^10.8.5" }, "bin": { "ejs": "bin/cli.js" } }, "sha512-UeJmFfOrAQS8OJWPZ4qtgHyWExa088/MtK5UEyoJGFH67cDEXkZSviOiKRCZ4Xij0zxI3JECgYs3oKx+AizQBA=="],
 

nix/hashes.json

@@ -1,8 +1,8 @@
 {
   "nodeModules": {
-    "x86_64-linux": "sha256-SLWRe4uPSRWgU+NPa1BywmrUtNVIC0Oy2mjmxclxk+s=",
-    "aarch64-linux": "sha256-toHEeIqMzrmThoV0B52juGKm4pa/aJN3gBFFtrSZp2Q=",
-    "aarch64-darwin": "sha256-lYUsUxq5zR2RXjqZTEdjduOncnlwvTlxDJVKWXJuKPY=",
-    "x86_64-darwin": "sha256-77XmuEYqGwb1mkEHfnghq1VtukFTneohA0FW6WDOk1U="
+    "x86_64-linux": "sha256-9wTDLZsuGjkWyVOb6AG2VRYPiaSj/lnXwVkSwNeDcns=",
+    "aarch64-linux": "sha256-gmKlL2fQxY8bo+//8m9e1TNYJK3RXa4i8xsgtd046bc=",
+    "aarch64-darwin": "sha256-ENSJK+7rZi3m342mjtGg9N0P6zWEypXMpI7QdFMydbc=",
+    "x86_64-darwin": "sha256-gkxCxGh5dlwj03vZdz20pbiAwFEDpAlu/5iU8cwZOGI="
   }
 }

nix/node_modules.nix

@@ -55,7 +55,6 @@ stdenvNoCC.mkDerivation {
       --filter './packages/opencode' \
       --filter './packages/desktop' \
       --filter './packages/app' \
-      --filter './packages/shared' \
       --frozen-lockfile \
       --ignore-scripts \
       --no-progress

package.json

@@ -53,7 +53,7 @@
       "dompurify": "3.3.1",
       "drizzle-kit": "1.0.0-beta.19-d95b7a4",
       "drizzle-orm": "1.0.0-beta.19-d95b7a4",
-      "effect": "4.0.0-beta.57",
+      "effect": "4.0.0-beta.59",
       "ai": "6.0.168",
       "cross-spawn": "7.0.6",
       "hono": "4.10.7",

packages/app/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@opencode-ai/app",
-  "version": "1.14.31",
+  "version": "1.14.33",
   "description": "",
   "type": "module",
   "exports": {

packages/app/src/components/terminal.tsx

@@ -15,6 +15,7 @@ import { terminalFontFamily, useSettings } from "@/context/settings"
 import type { LocalPTY } from "@/context/terminal"
 import { disposeIfDisposable, getHoveredLinkText, setOptionIfSupported } from "@/utils/runtime-adapters"
 import { terminalWriter } from "@/utils/terminal-writer"
+import { terminalWebSocketURL } from "@/utils/terminal-websocket-url"
 
 const TOGGLE_TERMINAL_ID = "terminal.toggle"
 const DEFAULT_TOGGLE_TERMINAL_KEYBIND = "ctrl+`"
@@ -67,13 +68,6 @@ const debugTerminal = (...values: unknown[]) => {
   console.debug("[terminal]", ...values)
 }
 
-const errorName = (err: unknown) => {
-  if (!err || typeof err !== "object") return
-  if (!("name" in err)) return
-  const errorName = err.name
-  return typeof errorName === "string" ? errorName : undefined
-}
-
 const useTerminalUiBindings = (input: {
   container: HTMLDivElement
   term: Term
@@ -478,10 +472,9 @@ export const Terminal = (props: TerminalProps) => {
 
       const gone = () =>
         client.pty
-          .get({ ptyID: id })
-          .then(() => false)
+          .get({ ptyID: id }, { throwOnError: false })
+          .then((result) => result.response.status === 404)
           .catch((err) => {
-            if (errorName(err) === "NotFoundError") return true
             debugTerminal("failed to inspect terminal session", err)
             return false
           })
@@ -509,18 +502,18 @@ export const Terminal = (props: TerminalProps) => {
         if (disposed) return
         drop?.()
 
-        const next = new URL(url + `/pty/${id}/connect`)
-        next.searchParams.set("directory", directory)
-        next.searchParams.set("cursor", String(seek))
-        next.protocol = next.protocol === "https:" ? "wss:" : "ws:"
-        if (!sameOrigin && password) {
-          next.searchParams.set("auth_token", btoa(`${username}:${password}`))
-          // For same-origin requests, let the browser reuse the page's existing auth.
-          next.username = username
-          next.password = password
-        }
-
-        const socket = new WebSocket(next)
+        const socket = new WebSocket(
+          terminalWebSocketURL({
+            url,
+            id,
+            directory,
+            cursor: seek,
+            sameOrigin,
+            username,
+            password,
+            authToken: server.current?.type === "http" ? server.current.authToken : false,
+          }),
+        )
         socket.binaryType = "arraybuffer"
         ws = socket
 

packages/app/src/context/server.test.ts

@@ -0,0 +1,53 @@
+import { describe, expect, test } from "bun:test"
+import { resolveServerList, ServerConnection } from "./server"
+
+describe("resolveServerList", () => {
+  test("lets startup auth_token credentials override a persisted same-url server", () => {
+    const list = resolveServerList({
+      stored: [{ url: "https://server.example.test" }],
+      props: [
+        {
+          type: "http",
+          authToken: true,
+          http: {
+            url: "https://server.example.test",
+            username: "opencode",
+            password: "secret",
+          },
+        },
+      ],
+    })
+
+    expect(list).toHaveLength(1)
+    expect(list[0]?.type).toBe("http")
+    expect(list[0]?.http).toEqual({
+      url: "https://server.example.test",
+      username: "opencode",
+      password: "secret",
+    })
+    expect(list[0]?.type === "http" ? list[0].authToken : false).toBe(true)
+    expect(ServerConnection.key(list[0]!) as string).toBe("https://server.example.test")
+  })
+
+  test("keeps persisted credentials when startup has no auth_token", () => {
+    const list = resolveServerList({
+      stored: [
+        {
+          url: "https://server.example.test",
+          username: "opencode",
+          password: "saved",
+        },
+      ],
+      props: [{ type: "http", http: { url: "https://server.example.test" } }],
+    })
+
+    expect(list).toHaveLength(1)
+    expect(list[0]?.type).toBe("http")
+    expect(list[0]?.http).toEqual({
+      url: "https://server.example.test",
+      username: "opencode",
+      password: "saved",
+    })
+    expect(list[0]?.type === "http" ? list[0].authToken : true).toBeUndefined()
+  })
+})

packages/app/src/context/server.tsx

@@ -33,6 +33,33 @@ function isLocalHost(url: string) {
   if (host === "localhost" || host === "127.0.0.1") return "local"
 }
 
+export function resolveServerList(input: {
+  props?: Array<ServerConnection.Any>
+  stored: StoredServer[]
+}): Array<ServerConnection.Any> {
+  const servers = [
+    ...input.stored.map((value) =>
+      typeof value === "string"
+        ? {
+            type: "http" as const,
+            http: { url: value },
+          }
+        : value,
+    ),
+    ...(input.props ?? []),
+  ]
+
+  const deduped = new Map<ServerConnection.Key, ServerConnection.Any>()
+  for (const value of servers) {
+    const conn: ServerConnection.Any = "type" in value ? value : { type: "http", http: value }
+    const key = ServerConnection.key(conn)
+    if (deduped.has(key) && conn.type === "http" && !conn.authToken) continue
+    deduped.set(key, conn)
+  }
+
+  return [...deduped.values()]
+}
+
 export namespace ServerConnection {
   type Base = { displayName?: string }
 
@@ -46,6 +73,7 @@ export namespace ServerConnection {
   export type Http = {
     type: "http"
     http: HttpBase
+    authToken?: boolean
   } & Base
 
   export type Sidecar = {
@@ -113,26 +141,7 @@ export const { use: useServer, provider: ServerProvider } = createSimpleContext(
     const url = (x: StoredServer) => (typeof x === "string" ? x : "type" in x ? x.http.url : x.url)
 
     const allServers = createMemo((): Array<ServerConnection.Any> => {
-      const servers = [
-        ...(props.servers ?? []),
-        ...store.list.map((value) =>
-          typeof value === "string"
-            ? {
-                type: "http" as const,
-                http: { url: value },
-              }
-            : value,
-        ),
-      ]
-
-      const deduped = new Map(
-        servers.map((value) => {
-          const conn: ServerConnection.Any = "type" in value ? value : { type: "http", http: value }
-          return [ServerConnection.key(conn), conn]
-        }),
-      )
-
-      return [...deduped.values()]
+      return resolveServerList({ stored: store.list, props: props.servers })
     })
 
     const [state, setState] = createStore({
@@ -174,7 +183,7 @@ export const { use: useServer, provider: ServerProvider } = createSimpleContext(
     function add(input: ServerConnection.Http) {
       const url_ = normalizeServerUrl(input.http.url)
       if (!url_) return
-      const conn = { ...input, http: { ...input.http, url: url_ } }
+      const conn: ServerConnection.Http = { ...input, authToken: undefined, http: { ...input.http, url: url_ } }
       return batch(() => {
         const existing = store.list.findIndex((x) => url(x) === url_)
         if (existing !== -1) {

packages/app/src/entry.tsx

@@ -7,6 +7,7 @@ import { type Platform, PlatformProvider } from "@/context/platform"
 import { dict as en } from "@/i18n/en"
 import { dict as zh } from "@/i18n/zh"
 import { handleNotificationClick } from "@/utils/notification-click"
+import { authFromToken } from "@/utils/server"
 import pkg from "../package.json"
 import { ServerConnection } from "./context/server"
 
@@ -111,6 +112,13 @@ const getDefaultUrl = () => {
   return getCurrentUrl()
 }
 
+const clearAuthToken = () => {
+  const params = new URLSearchParams(location.search)
+  if (!params.has("auth_token")) return
+  params.delete("auth_token")
+  history.replaceState(null, "", location.pathname + (params.size ? `?${params}` : "") + location.hash)
+}
+
 const platform: Platform = {
   platform: "web",
   version: pkg.version,
@@ -146,7 +154,16 @@ if (import.meta.env.VITE_SENTRY_DSN) {
 }
 
 if (root instanceof HTMLElement) {
-  const server: ServerConnection.Http = { type: "http", http: { url: getCurrentUrl() } }
+  const auth = authFromToken(new URLSearchParams(location.search).get("auth_token"))
+  clearAuthToken()
+  const server: ServerConnection.Http = {
+    type: "http",
+    authToken: !!auth,
+    http: {
+      url: getCurrentUrl(),
+      ...auth,
+    },
+  }
   render(
     () => (
       <PlatformProvider value={platform}>

packages/app/src/utils/server.test.ts

@@ -0,0 +1,23 @@
+import { describe, expect, test } from "bun:test"
+import { authFromToken, authTokenFromCredentials } from "./server"
+
+describe("authFromToken", () => {
+  test("decodes basic auth credentials from auth_token", () => {
+    expect(authFromToken(btoa("kit:secret"))).toEqual({ username: "kit", password: "secret" })
+  })
+
+  test("defaults blank username to opencode", () => {
+    expect(authFromToken(btoa(":secret"))).toEqual({ username: "opencode", password: "secret" })
+  })
+
+  test("ignores malformed tokens", () => {
+    expect(authFromToken("not base64")).toBeUndefined()
+    expect(authFromToken(btoa("missing-separator"))).toBeUndefined()
+  })
+})
+
+describe("authTokenFromCredentials", () => {
+  test("encodes credentials with the default username", () => {
+    expect(authTokenFromCredentials({ password: "secret" })).toBe(btoa("opencode:secret"))
+  })
+})

packages/app/src/utils/server.ts

@@ -1,5 +1,21 @@
 import { createOpencodeClient } from "@opencode-ai/sdk/v2/client"
 import type { ServerConnection } from "@/context/server"
+import { decode64 } from "@/utils/base64"
+
+export function authTokenFromCredentials(input: { username?: string; password: string }) {
+  return btoa(`${input.username ?? "opencode"}:${input.password}`)
+}
+
+export function authFromToken(token: string | null) {
+  const decoded = decode64(token ?? undefined)
+  if (!decoded) return
+  const separator = decoded.indexOf(":")
+  if (separator === -1) return
+  return {
+    username: decoded.slice(0, separator) || "opencode",
+    password: decoded.slice(separator + 1),
+  }
+}
 
 export function createSdkForServer({
   server,
@@ -10,7 +26,7 @@ export function createSdkForServer({
   const auth = (() => {
     if (!server.password) return
     return {
-      Authorization: `Basic ${btoa(`${server.username ?? "opencode"}:${server.password}`)}`,
+      Authorization: `Basic ${authTokenFromCredentials({ username: server.username, password: server.password })}`,
     }
   })()
 

packages/app/src/utils/terminal-websocket-url.test.ts

@@ -0,0 +1,52 @@
+import { describe, expect, test } from "bun:test"
+import { terminalWebSocketURL } from "./terminal-websocket-url"
+
+describe("terminalWebSocketURL", () => {
+  test("uses query auth without embedding credentials in websocket URL", () => {
+    const url = terminalWebSocketURL({
+      url: "http://127.0.0.1:49365",
+      id: "pty_test",
+      directory: "/tmp/project",
+      cursor: 0,
+      sameOrigin: false,
+      username: "opencode",
+      password: "secret",
+    })
+
+    expect(url.protocol).toBe("ws:")
+    expect(url.username).toBe("")
+    expect(url.password).toBe("")
+    expect(url.searchParams.get("auth_token")).toBe(btoa("opencode:secret"))
+  })
+
+  test("omits query auth for same-origin saved credentials", () => {
+    const url = terminalWebSocketURL({
+      url: "https://app.example.test",
+      id: "pty_test",
+      directory: "/tmp/project",
+      cursor: 10,
+      sameOrigin: true,
+      username: "opencode",
+      password: "secret",
+    })
+
+    expect(url.protocol).toBe("wss:")
+    expect(url.searchParams.has("auth_token")).toBe(false)
+  })
+
+  test("uses query auth for same-origin credentials from auth_token", () => {
+    const url = terminalWebSocketURL({
+      url: "https://app.example.test",
+      id: "pty_test",
+      directory: "/tmp/project",
+      cursor: 10,
+      sameOrigin: true,
+      username: "opencode",
+      password: "secret",
+      authToken: true,
+    })
+
+    expect(url.protocol).toBe("wss:")
+    expect(url.searchParams.get("auth_token")).toBe(btoa("opencode:secret"))
+  })
+})

packages/app/src/utils/terminal-websocket-url.ts

@@ -0,0 +1,23 @@
+import { authTokenFromCredentials } from "@/utils/server"
+
+export function terminalWebSocketURL(input: {
+  url: string
+  id: string
+  directory: string
+  cursor: number
+  sameOrigin: boolean
+  username: string
+  password?: string
+  authToken?: boolean
+}) {
+  const next = new URL(`${input.url}/pty/${input.id}/connect`)
+  next.searchParams.set("directory", input.directory)
+  next.searchParams.set("cursor", String(input.cursor))
+  next.protocol = next.protocol === "https:" ? "wss:" : "ws:"
+  if (input.password && (!input.sameOrigin || input.authToken))
+    next.searchParams.set(
+      "auth_token",
+      authTokenFromCredentials({ username: input.username, password: input.password }),
+    )
+  return next
+}

packages/console/app/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@opencode-ai/console-app",
-  "version": "1.14.31",
+  "version": "1.14.33",
   "type": "module",
   "license": "MIT",
   "scripts": {

packages/console/core/package.json

@@ -1,7 +1,7 @@
 {
   "$schema": "https://json.schemastore.org/package.json",
   "name": "@opencode-ai/console-core",
-  "version": "1.14.31",
+  "version": "1.14.33",
   "private": true,
   "type": "module",
   "license": "MIT",

packages/console/function/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@opencode-ai/console-function",
-  "version": "1.14.31",
+  "version": "1.14.33",
   "$schema": "https://json.schemastore.org/package.json",
   "private": true,
   "type": "module",

packages/console/mail/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@opencode-ai/console-mail",
-  "version": "1.14.31",
+  "version": "1.14.33",
   "dependencies": {
     "@jsx-email/all": "2.2.3",
     "@jsx-email/cli": "1.4.3",

packages/core/package.json

@@ -1,6 +1,6 @@
 {
   "$schema": "https://json.schemastore.org/package.json",
-  "version": "1.14.31",
+  "version": "1.14.33",
   "name": "@opencode-ai/core",
   "type": "module",
   "license": "MIT",

packages/core/src/filesystem.ts

@@ -24,6 +24,7 @@ export namespace AppFileSystem {
     readonly isDir: (path: string) => Effect.Effect<boolean>
     readonly isFile: (path: string) => Effect.Effect<boolean>
     readonly existsSafe: (path: string) => Effect.Effect<boolean>
+    readonly readFileStringSafe: (path: string) => Effect.Effect<string | undefined, Error>
     readonly readJson: (path: string) => Effect.Effect<unknown, Error>
     readonly writeJson: (path: string, data: unknown, mode?: number) => Effect.Effect<void, Error>
     readonly ensureDir: (path: string) => Effect.Effect<void, Error>
@@ -47,6 +48,12 @@ export namespace AppFileSystem {
         return yield* fs.exists(path).pipe(Effect.orElseSucceed(() => false))
       })
 
+      const readFileStringSafe = Effect.fn("FileSystem.readFileStringSafe")(function* (path: string) {
+        return yield* fs
+          .readFileString(path)
+          .pipe(Effect.catchReason("PlatformError", "NotFound", () => Effect.succeed(undefined)))
+      })
+
       const isDir = Effect.fn("FileSystem.isDir")(function* (path: string) {
         const info = yield* fs.stat(path).pipe(Effect.catch(() => Effect.void))
         return info?.type === "Directory"
@@ -163,6 +170,7 @@ export namespace AppFileSystem {
       return Service.of({
         ...fs,
         existsSafe,
+        readFileStringSafe,
         isDir,
         isFile,
         readDirectoryEntries,

packages/core/src/flag/flag.ts

@@ -1,4 +1,5 @@
 import { Config } from "effect"
+import { InstallationChannel } from "../installation/version"
 
 function truthy(key: string) {
   const value = process.env[key]?.toLowerCase()
@@ -10,6 +11,10 @@ function falsy(key: string) {
   return value === "false" || value === "0"
 }
 
+// Channels that default to the new effect-httpapi server backend. The legacy
+// hono backend remains the default for stable (`prod`/`latest`) installs.
+const HTTPAPI_DEFAULT_ON_CHANNELS = new Set(["dev", "beta", "local"])
+
 function number(key: string) {
   const value = process.env[key]
   if (!value) return undefined
@@ -81,8 +86,16 @@ export const Flag = {
   OPENCODE_STRICT_CONFIG_DEPS: truthy("OPENCODE_STRICT_CONFIG_DEPS"),
 
   OPENCODE_WORKSPACE_ID: process.env["OPENCODE_WORKSPACE_ID"],
-  OPENCODE_EXPERIMENTAL_HTTPAPI: truthy("OPENCODE_EXPERIMENTAL_HTTPAPI"),
+  // Defaults to true on dev/beta/local channels so internal users exercise the
+  // new effect-httpapi server backend. Stable (`prod`/`latest`) installs stay
+  // on the legacy hono backend until the rollout is complete. An explicit env
+  // var ("true"/"1" or "false"/"0") always wins, providing an opt-in for
+  // stable users and an escape hatch for dev/beta users.
+  OPENCODE_EXPERIMENTAL_HTTPAPI:
+    truthy("OPENCODE_EXPERIMENTAL_HTTPAPI") ||
+    (!falsy("OPENCODE_EXPERIMENTAL_HTTPAPI") && HTTPAPI_DEFAULT_ON_CHANNELS.has(InstallationChannel)),
   OPENCODE_EXPERIMENTAL_WORKSPACES: OPENCODE_EXPERIMENTAL || truthy("OPENCODE_EXPERIMENTAL_WORKSPACES"),
+  OPENCODE_EXPERIMENTAL_EVENT_SYSTEM: OPENCODE_EXPERIMENTAL || truthy("OPENCODE_EXPERIMENTAL_EVENT_SYSTEM"),
 
   // Evaluated at access time (not module load) because tests, the CLI, and
   // external tooling set these env vars at runtime.

packages/core/src/util/log.ts

@@ -1,3 +1,5 @@
+export * as Log from "./log"
+
 import path from "path"
 import fs from "fs/promises"
 import { createWriteStream } from "fs"

packages/core/test/filesystem/filesystem.test.ts

@@ -65,6 +65,34 @@ describe("AppFileSystem", () => {
     )
   })
 
+  describe("readFileStringSafe", () => {
+    it(
+      "returns file contents when file exists",
+      Effect.gen(function* () {
+        const fs = yield* AppFileSystem.Service
+        const filesys = yield* FileSystem.FileSystem
+        const tmp = yield* filesys.makeTempDirectoryScoped()
+        const file = path.join(tmp, "exists.txt")
+        yield* filesys.writeFileString(file, "hello")
+
+        const result = yield* fs.readFileStringSafe(file)
+        expect(result).toBe("hello")
+      }),
+    )
+
+    it(
+      "returns undefined for missing file (NotFound)",
+      Effect.gen(function* () {
+        const fs = yield* AppFileSystem.Service
+        const filesys = yield* FileSystem.FileSystem
+        const tmp = yield* filesys.makeTempDirectoryScoped()
+
+        const result = yield* fs.readFileStringSafe(path.join(tmp, "does-not-exist.txt"))
+        expect(result).toBeUndefined()
+      }),
+    )
+  })
+
   describe("readJson / writeJson", () => {
     it(
       "round-trips JSON data",

packages/desktop-electron/electron-builder.config.ts

@@ -27,7 +27,7 @@ const channel = (() => {
 })()
 
 const getBase = (): Configuration => ({
-  artifactName: "opencode-electron-${os}-${arch}.${ext}",
+  artifactName: "opencode-desktop-${os}-${arch}.${ext}",
   directories: {
     output: "dist",
     buildResources: "resources",

packages/desktop-electron/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@opencode-ai/desktop-electron",
   "private": true,
-  "version": "1.14.31",
+  "version": "1.14.33",
   "type": "module",
   "license": "MIT",
   "homepage": "https://opencode.ai",

packages/desktop-electron/src/renderer/webview-zoom.ts

@@ -26,13 +26,20 @@ const applyZoom = (next: number) => {
 window.addEventListener("keydown", (event) => {
   if (!(OS_NAME === "macos" ? event.metaKey : event.ctrlKey)) return
 
-  let newZoom = webviewZoom()
-
-  if (event.key === "-") newZoom -= 0.2
-  if (event.key === "=" || event.key === "+") newZoom += 0.2
-  if (event.key === "0") newZoom = 1
-
-  applyZoom(clamp(newZoom))
+  if (event.key === "-") {
+    event.preventDefault()
+    applyZoom(clamp(webviewZoom() - 0.2))
+    return
+  }
+  if (event.key === "=" || event.key === "+") {
+    event.preventDefault()
+    applyZoom(clamp(webviewZoom() + 0.2))
+    return
+  }
+  if (event.key === "0") {
+    event.preventDefault()
+    applyZoom(1)
+  }
 })
 
 export { webviewZoom }

packages/desktop/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@opencode-ai/desktop",
   "private": true,
-  "version": "1.14.31",
+  "version": "1.14.33",
   "type": "module",
   "license": "MIT",
   "scripts": {

packages/desktop/scripts/finalize-latest-json.ts

@@ -1,7 +1,8 @@
 #!/usr/bin/env bun
 
-import { Buffer } from "node:buffer"
 import { $ } from "bun"
+import path from "node:path"
+import { parseArgs } from "node:util"
 
 const { values } = parseArgs({
   args: Bun.argv.slice(2),
@@ -12,8 +13,6 @@ const { values } = parseArgs({
 
 const dryRun = values["dry-run"]
 
-import { parseArgs } from "node:util"
-
 const repo = process.env.GH_REPO
 if (!repo) throw new Error("GH_REPO is required")
 
@@ -23,20 +22,22 @@ if (!releaseId) throw new Error("OPENCODE_RELEASE is required")
 const version = process.env.OPENCODE_VERSION
 if (!version) throw new Error("OPENCODE_VERSION is required")
 
+const dir = process.env.LATEST_YML_DIR
+if (!dir) throw new Error("LATEST_YML_DIR is required")
+const root = dir
+
 const token = process.env.GH_TOKEN ?? process.env.GITHUB_TOKEN
 if (!token) throw new Error("GH_TOKEN or GITHUB_TOKEN is required")
 
-const apiHeaders = {
-  Authorization: `token ${token}`,
-  Accept: "application/vnd.github+json",
-}
-
-const releaseRes = await fetch(`https://api.github.com/repos/${repo}/releases/${releaseId}`, {
-  headers: apiHeaders,
+const rel = await fetch(`https://api.github.com/repos/${repo}/releases/${releaseId}`, {
+  headers: {
+    Authorization: `token ${token}`,
+    Accept: "application/vnd.github+json",
+  },
 })
 
-if (!releaseRes.ok) {
-  throw new Error(`Failed to fetch release: ${releaseRes.status} ${releaseRes.statusText}`)
+if (!rel.ok) {
+  throw new Error(`Failed to fetch release: ${rel.status} ${rel.statusText}`)
 }
 
 type Asset = {
@@ -45,115 +46,169 @@ type Asset = {
 }
 
 type Release = {
-  tag_name?: string
   assets?: Asset[]
 }
 
-const release = (await releaseRes.json()) as Release
-const assets = release.assets ?? []
-const assetByName = new Map(assets.map((asset) => [asset.name, asset]))
+const assets = ((await rel.json()) as Release).assets ?? []
+const amap = new Map(assets.map((item) => [item.name, item]))
 
-const latestAsset = assetByName.get("latest.json")
-if (!latestAsset) {
-  console.log("latest.json not found, skipping tauri finalization")
-  process.exit(0)
+type Item = {
+  url: string
 }
 
-const latestRes = await fetch(latestAsset.url, {
-  headers: {
-    Authorization: `token ${token}`,
-    Accept: "application/octet-stream",
-  },
-})
-
-if (!latestRes.ok) {
-  throw new Error(`Failed to fetch latest.json: ${latestRes.status} ${latestRes.statusText}`)
+type Yml = {
+  version: string
+  files: Item[]
 }
 
-const latestText = new TextDecoder().decode(await latestRes.arrayBuffer())
-const latest = JSON.parse(latestText)
-const base = { ...latest }
-delete base.platforms
+function parse(text: string): Yml {
+  const lines = text.split("\n")
+  let version = ""
+  const files: Item[] = []
+  let url = ""
 
-const fetchSignature = async (asset: Asset) => {
-  const res = await fetch(asset.url, {
+  const flush = () => {
+    if (!url) return
+    files.push({ url })
+    url = ""
+  }
+
+  for (const line of lines) {
+    const trim = line.trim()
+    if (line.startsWith("version:")) {
+      version = line.slice("version:".length).trim()
+      continue
+    }
+    if (trim.startsWith("- url:")) {
+      flush()
+      url = trim.slice("- url:".length).trim()
+      continue
+    }
+    const indented = line.startsWith("  ") || line.startsWith("\t")
+    if (!indented) flush()
+  }
+  flush()
+
+  return { version, files }
+}
+
+async function read(sub: string, file: string) {
+  const item = Bun.file(path.join(root, sub, file))
+  if (!(await item.exists())) return undefined
+  return parse(await item.text())
+}
+
+function pick(list: Item[], exts: string[]) {
+  for (const ext of exts) {
+    const found = list.find((item) => item.url.split("?")[0]?.toLowerCase().endsWith(ext))
+    if (found) return found.url
+  }
+}
+
+function link(raw: string) {
+  if (raw.startsWith("https://") || raw.startsWith("http://")) return raw
+  return `https://github.com/${repo}/releases/download/v${version}/${raw}`
+}
+
+async function sign(url: string, key: string) {
+  const name = decodeURIComponent(new URL(url).pathname.split("/").pop() ?? key)
+  const asset = amap.get(name)
+  const res = await fetch(asset?.url ?? url, {
     headers: {
       Authorization: `token ${token}`,
-      Accept: "application/octet-stream",
+      ...(asset ? { Accept: "application/octet-stream" } : {}),
     },
   })
-
   if (!res.ok) {
-    throw new Error(`Failed to fetch signature: ${res.status} ${res.statusText}`)
+    throw new Error(`Failed to fetch file ${name}: ${res.status} ${res.statusText} (${asset?.url ?? url})`)
   }
 
-  return Buffer.from(await res.arrayBuffer()).toString()
+  const tmp = process.env.RUNNER_TEMP ?? "/tmp"
+  const file = path.join(tmp, name)
+  await Bun.write(file, await res.arrayBuffer())
+  await $`bunx @tauri-apps/cli signer sign ${file}`
+  const sigFile = Bun.file(`${file}.sig`)
+  if (!(await sigFile.exists())) throw new Error(`Signature file not found for ${name}`)
+  return (await sigFile.text()).trim()
 }
 
-const entries: Record<string, { url: string; signature: string }> = {}
-const add = (key: string, asset: Asset, signature: string) => {
-  if (entries[key]) return
-  entries[key] = {
-    url: `https://github.com/${repo}/releases/download/v${version}/${asset.name}`,
-    signature,
-  }
+const add = async (data: Record<string, { url: string; signature: string }>, key: string, raw: string | undefined) => {
+  if (!raw) return
+  if (data[key]) return
+  const url = link(raw)
+  data[key] = { url, signature: await sign(url, key) }
 }
 
-const targets = [
-  { key: "linux-x86_64-deb", asset: "opencode-desktop-linux-amd64.deb" },
-  { key: "linux-x86_64-rpm", asset: "opencode-desktop-linux-x86_64.rpm" },
-  { key: "linux-aarch64-deb", asset: "opencode-desktop-linux-arm64.deb" },
-  { key: "linux-aarch64-rpm", asset: "opencode-desktop-linux-aarch64.rpm" },
-  { key: "windows-aarch64-nsis", asset: "opencode-desktop-windows-arm64.exe" },
-  { key: "windows-x86_64-nsis", asset: "opencode-desktop-windows-x64.exe" },
-  { key: "darwin-x86_64-app", asset: "opencode-desktop-darwin-x64.app.tar.gz" },
-  {
-    key: "darwin-aarch64-app",
-    asset: "opencode-desktop-darwin-aarch64.app.tar.gz",
-  },
-]
-
-for (const target of targets) {
-  const asset = assetByName.get(target.asset)
-  if (!asset) continue
-
-  const sig = assetByName.get(`${target.asset}.sig`)
-  if (!sig) continue
-
-  const signature = await fetchSignature(sig)
-  add(target.key, asset, signature)
+const alias = (data: Record<string, { url: string; signature: string }>, key: string, src: string) => {
+  if (data[key]) return
+  if (!data[src]) return
+  data[key] = data[src]
 }
 
-const alias = (key: string, source: string) => {
-  if (entries[key]) return
-  const entry = entries[source]
-  if (!entry) return
-  entries[key] = entry
-}
+const winx = await read("latest-yml-x86_64-pc-windows-msvc", "latest.yml")
+const wina = await read("latest-yml-aarch64-pc-windows-msvc", "latest.yml")
+const macx = await read("latest-yml-x86_64-apple-darwin", "latest-mac.yml")
+const maca = await read("latest-yml-aarch64-apple-darwin", "latest-mac.yml")
+const linx = await read("latest-yml-x86_64-unknown-linux-gnu", "latest-linux.yml")
+const lina = await read("latest-yml-aarch64-unknown-linux-gnu", "latest-linux-arm64.yml")
 
-alias("linux-x86_64", "linux-x86_64-deb")
-alias("linux-aarch64", "linux-aarch64-deb")
-alias("windows-aarch64", "windows-aarch64-nsis")
-alias("windows-x86_64", "windows-x86_64-nsis")
-alias("darwin-x86_64", "darwin-x86_64-app")
-alias("darwin-aarch64", "darwin-aarch64-app")
+const yver = winx?.version ?? wina?.version ?? macx?.version ?? maca?.version ?? linx?.version ?? lina?.version
+if (yver && yver !== version) throw new Error(`latest.yml version mismatch: expected ${version}, got ${yver}`)
+
+const out: Record<string, { url: string; signature: string }> = {}
+
+const winxexe = pick(winx?.files ?? [], [".exe"])
+const winaexe = pick(wina?.files ?? [], [".exe"])
+
+const macxTarGz = "opencode-desktop-mac-x64.app.tar.gz"
+const macaTarGz = "opencode-desktop-mac-arm64.app.tar.gz"
+
+const linxDeb = pick(linx?.files ?? [], [".deb"])
+const linxRpm = pick(linx?.files ?? [], [".rpm"])
+const linxAppImage = pick(linx?.files ?? [], [".appimage"])
+const linaDeb = pick(lina?.files ?? [], [".deb"])
+const linaRpm = pick(lina?.files ?? [], [".rpm"])
+const linaAppImage = pick(lina?.files ?? [], [".appimage"])
+
+await add(out, "windows-x86_64-nsis", winxexe)
+await add(out, "windows-aarch64-nsis", winaexe)
+await add(out, "darwin-x86_64-app", macxTarGz)
+await add(out, "darwin-aarch64-app", macaTarGz)
+
+await add(out, "linux-x86_64-deb", linxDeb)
+await add(out, "linux-x86_64-rpm", linxRpm)
+await add(out, "linux-x86_64-appimage", linxAppImage)
+await add(out, "linux-aarch64-deb", linaDeb)
+await add(out, "linux-aarch64-rpm", linaRpm)
+await add(out, "linux-aarch64-appimage", linaAppImage)
+
+alias(out, "windows-x86_64", "windows-x86_64-nsis")
+alias(out, "windows-aarch64", "windows-aarch64-nsis")
+alias(out, "darwin-x86_64", "darwin-x86_64-app")
+alias(out, "darwin-aarch64", "darwin-aarch64-app")
+alias(out, "linux-x86_64", "linux-x86_64-deb")
+alias(out, "linux-aarch64", "linux-aarch64-deb")
 
 const platforms = Object.fromEntries(
-  Object.keys(entries)
+  Object.keys(out)
     .sort()
-    .map((key) => [key, entries[key]]),
+    .map((key) => [key, out[key]]),
 )
-const output = {
-  ...base,
+
+if (!Object.keys(platforms).length) throw new Error("No updater files found in latest.yml artifacts")
+
+const data = {
+  version,
+  notes: "",
+  pub_date: new Date().toISOString(),
   platforms,
 }
 
-const dir = process.env.RUNNER_TEMP ?? "/tmp"
-const file = `${dir}/latest.json`
-await Bun.write(file, JSON.stringify(output, null, 2))
+const tmp = process.env.RUNNER_TEMP ?? "/tmp"
+const file = path.join(tmp, "latest.json")
+await Bun.write(file, JSON.stringify(data, null, 2))
 
-const tag = release.tag_name
-if (!tag) throw new Error("Release tag not found")
+const tag = `v${version}`
 
 if (dryRun) {
   console.log(`dry-run: wrote latest.json for ${tag} to ${file}`)

packages/enterprise/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@opencode-ai/enterprise",
-  "version": "1.14.31",
+  "version": "1.14.33",
   "private": true,
   "type": "module",
   "license": "MIT",

packages/extensions/zed/extension.toml

@@ -1,7 +1,7 @@
 id = "opencode"
 name = "OpenCode"
 description = "The open source coding agent."
-version = "1.14.31"
+version = "1.14.33"
 schema_version = 1
 authors = ["Anomaly"]
 repository = "https://github.com/anomalyco/opencode"
@@ -11,26 +11,26 @@ name = "OpenCode"
 icon = "./icons/opencode.svg"
 
 [agent_servers.opencode.targets.darwin-aarch64]
-archive = "https://github.com/anomalyco/opencode/releases/download/v1.14.31/opencode-darwin-arm64.zip"
+archive = "https://github.com/anomalyco/opencode/releases/download/v1.14.33/opencode-darwin-arm64.zip"
 cmd = "./opencode"
 args = ["acp"]
 
 [agent_servers.opencode.targets.darwin-x86_64]
-archive = "https://github.com/anomalyco/opencode/releases/download/v1.14.31/opencode-darwin-x64.zip"
+archive = "https://github.com/anomalyco/opencode/releases/download/v1.14.33/opencode-darwin-x64.zip"
 cmd = "./opencode"
 args = ["acp"]
 
 [agent_servers.opencode.targets.linux-aarch64]
-archive = "https://github.com/anomalyco/opencode/releases/download/v1.14.31/opencode-linux-arm64.tar.gz"
+archive = "https://github.com/anomalyco/opencode/releases/download/v1.14.33/opencode-linux-arm64.tar.gz"
 cmd = "./opencode"
 args = ["acp"]
 
 [agent_servers.opencode.targets.linux-x86_64]
-archive = "https://github.com/anomalyco/opencode/releases/download/v1.14.31/opencode-linux-x64.tar.gz"
+archive = "https://github.com/anomalyco/opencode/releases/download/v1.14.33/opencode-linux-x64.tar.gz"
 cmd = "./opencode"
 args = ["acp"]
 
 [agent_servers.opencode.targets.windows-x86_64]
-archive = "https://github.com/anomalyco/opencode/releases/download/v1.14.31/opencode-windows-x64.zip"
+archive = "https://github.com/anomalyco/opencode/releases/download/v1.14.33/opencode-windows-x64.zip"
 cmd = "./opencode.exe"
 args = ["acp"]

packages/function/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@opencode-ai/function",
-  "version": "1.14.31",
+  "version": "1.14.33",
   "$schema": "https://json.schemastore.org/package.json",
   "private": true,
   "type": "module",

packages/opencode/migration/20260427172553_slow_nightmare/migration.sql

@@ -0,0 +1,17 @@
+CREATE TABLE `session_message` (
+	`id` text PRIMARY KEY,
+	`session_id` text NOT NULL,
+	`type` text NOT NULL,
+	`time_created` integer NOT NULL,
+	`time_updated` integer NOT NULL,
+	`data` text NOT NULL,
+	CONSTRAINT `fk_session_message_session_id_session_id_fk` FOREIGN KEY (`session_id`) REFERENCES `session`(`id`) ON DELETE CASCADE
+);
+--> statement-breakpoint
+DROP INDEX IF EXISTS `session_entry_session_idx`;--> statement-breakpoint
+DROP INDEX IF EXISTS `session_entry_session_type_idx`;--> statement-breakpoint
+DROP INDEX IF EXISTS `session_entry_time_created_idx`;--> statement-breakpoint
+CREATE INDEX `session_message_session_idx` ON `session_message` (`session_id`);--> statement-breakpoint
+CREATE INDEX `session_message_session_type_idx` ON `session_message` (`session_id`,`type`);--> statement-breakpoint
+CREATE INDEX `session_message_time_created_idx` ON `session_message` (`time_created`);--> statement-breakpoint
+DROP TABLE `session_entry`;

packages/opencode/migration/20260428004200_add_session_path/snapshot.json

@@ -2,7 +2,7 @@
   "version": "7",
   "dialect": "sqlite",
   "id": "aaa2ebeb-caa4-478d-8365-4fc595d16856",
-  "prevIds": ["66cbe0d7-def0-451b-b88a-7608513a9b44"],
+  "prevIds": ["61f807f9-6398-4067-be05-804acc2561bc"],
   "ddl": [
     {
       "name": "account_state",
@@ -37,7 +37,7 @@
       "entityType": "tables"
     },
     {
-      "name": "session_entry",
+      "name": "session_message",
       "entityType": "tables"
     },
     {
@@ -598,7 +598,7 @@
       "generated": null,
       "name": "id",
       "entityType": "columns",
-      "table": "session_entry"
+      "table": "session_message"
     },
     {
       "type": "text",
@@ -608,7 +608,7 @@
       "generated": null,
       "name": "session_id",
       "entityType": "columns",
-      "table": "session_entry"
+      "table": "session_message"
     },
     {
       "type": "text",
@@ -618,7 +618,7 @@
       "generated": null,
       "name": "type",
       "entityType": "columns",
-      "table": "session_entry"
+      "table": "session_message"
     },
     {
       "type": "integer",
@@ -628,7 +628,7 @@
       "generated": null,
       "name": "time_created",
       "entityType": "columns",
-      "table": "session_entry"
+      "table": "session_message"
     },
     {
       "type": "integer",
@@ -638,7 +638,7 @@
       "generated": null,
       "name": "time_updated",
       "entityType": "columns",
-      "table": "session_entry"
+      "table": "session_message"
     },
     {
       "type": "text",
@@ -648,7 +648,7 @@
       "generated": null,
       "name": "data",
       "entityType": "columns",
-      "table": "session_entry"
+      "table": "session_message"
     },
     {
       "type": "text",
@@ -1112,9 +1112,9 @@
       "onUpdate": "NO ACTION",
       "onDelete": "CASCADE",
       "nameExplicit": false,
-      "name": "fk_session_entry_session_id_session_id_fk",
+      "name": "fk_session_message_session_id_session_id_fk",
       "entityType": "fks",
-      "table": "session_entry"
+      "table": "session_message"
     },
     {
       "columns": ["project_id"],
@@ -1226,8 +1226,8 @@
     {
       "columns": ["id"],
       "nameExplicit": false,
-      "name": "session_entry_pk",
-      "table": "session_entry",
+      "name": "session_message_pk",
+      "table": "session_message",
       "entityType": "pks"
     },
     {
@@ -1322,9 +1322,9 @@
       "isUnique": false,
       "where": null,
       "origin": "manual",
-      "name": "session_entry_session_idx",
+      "name": "session_message_session_idx",
       "entityType": "indexes",
-      "table": "session_entry"
+      "table": "session_message"
     },
     {
       "columns": [
@@ -1340,9 +1340,9 @@
       "isUnique": false,
       "where": null,
       "origin": "manual",
-      "name": "session_entry_session_type_idx",
+      "name": "session_message_session_type_idx",
       "entityType": "indexes",
-      "table": "session_entry"
+      "table": "session_message"
     },
     {
       "columns": [
@@ -1354,9 +1354,9 @@
       "isUnique": false,
       "where": null,
       "origin": "manual",
-      "name": "session_entry_time_created_idx",
+      "name": "session_message_time_created_idx",
       "entityType": "indexes",
-      "table": "session_entry"
+      "table": "session_message"
     },
     {
       "columns": [

packages/opencode/migration/20260501142318_next_venus/migration.sql

@@ -0,0 +1,2 @@
+ALTER TABLE `session` ADD `agent` text;--> statement-breakpoint
+ALTER TABLE `session` ADD `model` text;

packages/opencode/package.json

@@ -1,6 +1,6 @@
 {
   "$schema": "https://json.schemastore.org/package.json",
-  "version": "1.14.31",
+  "version": "1.14.33",
   "name": "opencode",
   "type": "module",
   "license": "MIT",
@@ -37,6 +37,11 @@
       "bun": "./src/server/adapter.bun.ts",
       "node": "./src/server/adapter.node.ts",
       "default": "./src/server/adapter.bun.ts"
+    },
+    "#httpapi-server": {
+      "bun": "./src/server/httpapi-server.node.ts",
+      "node": "./src/server/httpapi-server.node.ts",
+      "default": "./src/server/httpapi-server.node.ts"
     }
   },
   "devDependencies": {

packages/opencode/script/build.ts

@@ -61,6 +61,7 @@ const createEmbeddedWebUIBundle = async () => {
   await $`bun run --cwd ${appDir} build`
   const files = (await Array.fromAsync(new Bun.Glob("**/*").scan({ cwd: dist })))
     .map((file) => file.replaceAll("\\", "/"))
+    .filter((file) => !file.endsWith(".map"))
     .sort()
   const imports = files.map((file, i) => {
     const spec = path.relative(dir, path.join(dist, file)).replaceAll("\\", "/")

packages/opencode/src/acp/agent.ts

@@ -51,6 +51,7 @@ import { LoadAPIKeyError } from "ai"
 import type { AssistantMessage, Event, OpencodeClient, SessionMessageResponse, ToolPart } from "@opencode-ai/sdk/v2"
 import { applyPatch } from "diff"
 import { InstallationVersion } from "@opencode-ai/core/installation/version"
+import { ShellID } from "@/tool/shell/id"
 
 type ModeOption = { id: string; name: string; description?: string }
 type ModelOption = { modelId: string; name: string }
@@ -129,7 +130,7 @@ async function sendUsageUpdate(
     })
 }
 
-export async function init({ sdk: _sdk }: { sdk: OpencodeClient }) {
+export function init({ sdk: _sdk }: { sdk: OpencodeClient }) {
   return {
     create: (connection: AgentSideConnection, fullConfig: ACPConfig) => {
       return new Agent(connection, fullConfig)
@@ -144,7 +145,7 @@ export class Agent implements ACPAgent {
   private sessionManager: ACPSessionManager
   private eventAbort = new AbortController()
   private eventStarted = false
-  private bashSnapshots = new Map<string, string>()
+  private shellSnapshots = new Map<string, string>()
   private toolStarts = new Set<string>()
   private permissionQueues = new Map<string, Promise<void>>()
   private permissionOptions: PermissionOption[] = [
@@ -283,16 +284,16 @@ export class Agent implements ACPAgent {
 
           switch (part.state.status) {
             case "pending":
-              this.bashSnapshots.delete(part.callID)
+              this.shellSnapshots.delete(part.callID)
               return
 
             case "running":
-              const output = this.bashOutput(part)
+              const output = this.shellOutput(part)
               const content: ToolCallContent[] = []
               if (output) {
                 const hash = Hash.fast(output)
-                if (part.tool === "bash") {
-                  if (this.bashSnapshots.get(part.callID) === hash) {
+                if (part.tool === ShellID.ToolID) {
+                  if (this.shellSnapshots.get(part.callID) === hash) {
                     await this.connection
                       .sessionUpdate({
                         sessionId,
@@ -311,7 +312,7 @@ export class Agent implements ACPAgent {
                       })
                     return
                   }
-                  this.bashSnapshots.set(part.callID, hash)
+                  this.shellSnapshots.set(part.callID, hash)
                 }
                 content.push({
                   type: "content",
@@ -342,7 +343,7 @@ export class Agent implements ACPAgent {
 
             case "completed": {
               this.toolStarts.delete(part.callID)
-              this.bashSnapshots.delete(part.callID)
+              this.shellSnapshots.delete(part.callID)
               const kind = toToolKind(part.tool)
               const content: ToolCallContent[] = [
                 {
@@ -423,7 +424,7 @@ export class Agent implements ACPAgent {
             }
             case "error":
               this.toolStarts.delete(part.callID)
-              this.bashSnapshots.delete(part.callID)
+              this.shellSnapshots.delete(part.callID)
               await this.connection
                 .sessionUpdate({
                   sessionId,
@@ -837,10 +838,10 @@ export class Agent implements ACPAgent {
         await this.toolStart(sessionId, part)
         switch (part.state.status) {
           case "pending":
-            this.bashSnapshots.delete(part.callID)
+            this.shellSnapshots.delete(part.callID)
             break
           case "running":
-            const output = this.bashOutput(part)
+            const output = this.shellOutput(part)
             const runningContent: ToolCallContent[] = []
             if (output) {
               runningContent.push({
@@ -871,7 +872,7 @@ export class Agent implements ACPAgent {
             break
           case "completed":
             this.toolStarts.delete(part.callID)
-            this.bashSnapshots.delete(part.callID)
+            this.shellSnapshots.delete(part.callID)
             const kind = toToolKind(part.tool)
             const content: ToolCallContent[] = [
               {
@@ -951,7 +952,7 @@ export class Agent implements ACPAgent {
             break
           case "error":
             this.toolStarts.delete(part.callID)
-            this.bashSnapshots.delete(part.callID)
+            this.shellSnapshots.delete(part.callID)
             await this.connection
               .sessionUpdate({
                 sessionId,
@@ -1105,8 +1106,8 @@ export class Agent implements ACPAgent {
     }
   }
 
-  private bashOutput(part: ToolPart) {
-    if (part.tool !== "bash") return
+  private shellOutput(part: ToolPart) {
+    if (part.tool !== ShellID.ToolID) return
     if (!("metadata" in part.state) || !part.state.metadata || typeof part.state.metadata !== "object") return
     const output = part.state.metadata["output"]
     if (typeof output !== "string") return
@@ -1549,9 +1550,11 @@ export class Agent implements ACPAgent {
 
 function toToolKind(toolName: string): ToolKind {
   const tool = toolName.toLocaleLowerCase()
+
   switch (tool) {
-    case "bash":
+    case ShellID.ToolID:
       return "execute"
+
     case "webfetch":
       return "fetch"
 
@@ -1576,6 +1579,7 @@ function toToolKind(toolName: string): ToolKind {
 
 function toLocations(toolName: string, input: Record<string, any>): { path: string }[] {
   const tool = toolName.toLocaleLowerCase()
+
   switch (tool) {
     case "read":
     case "edit":
@@ -1584,7 +1588,7 @@ function toLocations(toolName: string, input: Record<string, any>): { path: stri
     case "glob":
     case "grep":
       return input["path"] ? [{ path: input["path"] }] : []
-    case "bash":
+    case ShellID.ToolID:
       return []
     default:
       return []

packages/opencode/src/bus/bus-event.ts

@@ -24,6 +24,7 @@ export function payloads() {
     .map(([type, def]) => {
       return z
         .object({
+          id: z.string(),
           type: z.literal(type),
           properties: zodObject(def.properties),
         })
@@ -39,6 +40,7 @@ export function effectPayloads() {
     .entries()
     .map(([type, def]) =>
       Schema.Struct({
+        id: Schema.String,
         type: Schema.Literal(type),
         properties: def.properties,
       }).annotate({ identifier: `Event.${type}` }),

packages/opencode/src/bus/global.ts

@@ -1,4 +1,5 @@
 import { EventEmitter } from "events"
+import { Identifier } from "@/id/id"
 
 export type GlobalEvent = {
   directory?: string
@@ -7,6 +8,15 @@ export type GlobalEvent = {
   payload: any
 }
 
-export const GlobalBus = new EventEmitter<{
+class GlobalBusEmitter extends EventEmitter<{
   event: [GlobalEvent]
-}>()
+}> {
+  override emit(eventName: "event", event: GlobalEvent): boolean {
+    if (event.payload && typeof event.payload === "object" && !("id" in event.payload)) {
+      event.payload.id = event.payload.syncEvent?.id ?? Identifier.create("evt", "ascending")
+    }
+    return super.emit(eventName, event)
+  }
+}
+
+export const GlobalBus = new GlobalBusEmitter()

packages/opencode/src/bus/index.ts

@@ -5,6 +5,7 @@ import { BusEvent } from "./bus-event"
 import { GlobalBus } from "./global"
 import { InstanceState } from "@/effect/instance-state"
 import { makeRuntime } from "@/effect/run-service"
+import { Identifier } from "@/id/id"
 
 const log = Log.create({ service: "bus" })
 
@@ -18,6 +19,7 @@ export const InstanceDisposed = BusEvent.define(
 )
 
 type Payload<D extends BusEvent.Definition = BusEvent.Definition> = {
+  id: string
   type: D["type"]
   properties: BusProperties<D>
 }
@@ -28,7 +30,11 @@ type State = {
 }
 
 export interface Interface {
-  readonly publish: <D extends BusEvent.Definition>(def: D, properties: BusProperties<D>) => Effect.Effect<void>
+  readonly publish: <D extends BusEvent.Definition>(
+    def: D,
+    properties: BusProperties<D>,
+    options?: { id?: string },
+  ) => Effect.Effect<void>
   readonly subscribe: <D extends BusEvent.Definition>(def: D) => Stream.Stream<Payload<D>>
   readonly subscribeAll: () => Stream.Stream<Payload>
   readonly subscribeCallback: <D extends BusEvent.Definition>(
@@ -53,6 +59,7 @@ export const layer = Layer.effect(
             // Publish InstanceDisposed before shutting down so subscribers see it
             yield* PubSub.publish(wildcard, {
               type: InstanceDisposed.type,
+              id: createID(),
               properties: { directory: ctx.directory },
             })
             yield* PubSub.shutdown(wildcard)
@@ -77,10 +84,10 @@ export const layer = Layer.effect(
       })
     }
 
-    function publish<D extends BusEvent.Definition>(def: D, properties: BusProperties<D>) {
+    function publish<D extends BusEvent.Definition>(def: D, properties: BusProperties<D>, options?: { id?: string }) {
       return Effect.gen(function* () {
         const s = yield* InstanceState.get(state)
-        const payload: Payload = { type: def.type, properties }
+        const payload: Payload = { id: options?.id ?? createID(), type: def.type, properties }
         log.info("publishing", { type: def.type })
 
         const ps = s.typed.get(def.type)
@@ -173,8 +180,16 @@ const { runPromise, runSync } = makeRuntime(Service, layer)
 
 // runSync is safe here because the subscribe chain (InstanceState.get, PubSub.subscribe,
 // Scope.make, Effect.forkScoped) is entirely synchronous. If any step becomes async, this will throw.
-export async function publish<D extends BusEvent.Definition>(def: D, properties: BusProperties<D>) {
-  return runPromise((svc) => svc.publish(def, properties))
+export function createID() {
+  return Identifier.create("evt", "ascending")
+}
+
+export async function publish<D extends BusEvent.Definition>(
+  def: D,
+  properties: BusProperties<D>,
+  options?: { id?: string },
+) {
+  return runPromise((svc) => svc.publish(def, properties, options))
 }
 
 export function subscribe<D extends BusEvent.Definition>(def: D, callback: (event: Payload<D>) => unknown) {

packages/opencode/src/cli/bootstrap.ts

@@ -1,15 +1,16 @@
 import { Instance } from "../project/instance"
-import { InstanceStore } from "../project/instance-store"
+import { InstanceRuntime } from "../project/instance-runtime"
+import { WithInstance } from "../project/with-instance"
 
 export async function bootstrap<T>(directory: string, cb: () => Promise<T>) {
-  return Instance.provide({
+  return WithInstance.provide({
     directory,
     fn: async () => {
       try {
         const result = await cb()
         return result
       } finally {
-        await InstanceStore.disposeInstance(Instance.current)
+        await InstanceRuntime.disposeInstance(Instance.current)
       }
     },
   })

packages/opencode/src/cli/cmd/account.ts

@@ -3,7 +3,7 @@ import { Duration, Effect, Match, Option } from "effect"
 import { UI } from "../ui"
 import { Account } from "@/account/account"
 import { AccountID, OrgID, PollExpired, type PollResult, type AccountError } from "@/account/schema"
-import { AppRuntime } from "@/effect/app-runtime"
+import { effectCmd } from "../effect-cmd"
 import * as Prompt from "../effect/prompt"
 import open from "open"
 
@@ -172,60 +172,65 @@ const openEffect = Effect.fn("open")(function* () {
   yield* Prompt.outro("Opened " + url)
 })
 
-export const LoginCommand = cmd({
+export const LoginCommand = effectCmd({
   command: "login <url>",
   describe: false,
+  instance: false,
   builder: (yargs) =>
     yargs.positional("url", {
       describe: "server URL",
       type: "string",
       demandOption: true,
     }),
-  async handler(args) {
+  handler: Effect.fn("Cli.account.login")(function* (args) {
     UI.empty()
-    await AppRuntime.runPromise(loginEffect(args.url))
-  },
+    yield* Effect.orDie(loginEffect(args.url))
+  }),
 })
 
-export const LogoutCommand = cmd({
+export const LogoutCommand = effectCmd({
   command: "logout [email]",
   describe: false,
+  instance: false,
   builder: (yargs) =>
     yargs.positional("email", {
       describe: "account email to log out from",
       type: "string",
     }),
-  async handler(args) {
+  handler: Effect.fn("Cli.account.logout")(function* (args) {
     UI.empty()
-    await AppRuntime.runPromise(logoutEffect(args.email))
-  },
+    yield* Effect.orDie(logoutEffect(args.email))
+  }),
 })
 
-export const SwitchCommand = cmd({
+export const SwitchCommand = effectCmd({
   command: "switch",
   describe: false,
-  async handler() {
+  instance: false,
+  handler: Effect.fn("Cli.account.switch")(function* () {
     UI.empty()
-    await AppRuntime.runPromise(switchEffect())
-  },
+    yield* Effect.orDie(switchEffect())
+  }),
 })
 
-export const OrgsCommand = cmd({
+export const OrgsCommand = effectCmd({
   command: "orgs",
   describe: false,
-  async handler() {
+  instance: false,
+  handler: Effect.fn("Cli.account.orgs")(function* () {
     UI.empty()
-    await AppRuntime.runPromise(orgsEffect())
-  },
+    yield* Effect.orDie(orgsEffect())
+  }),
 })
 
-export const OpenCommand = cmd({
+export const OpenCommand = effectCmd({
   command: "open",
   describe: false,
-  async handler() {
+  instance: false,
+  handler: Effect.fn("Cli.account.open")(function* () {
     UI.empty()
-    await AppRuntime.runPromise(openEffect())
-  },
+    yield* Effect.orDie(openEffect())
+  }),
 })
 
 export const ConsoleCommand = cmd({

packages/opencode/src/cli/cmd/acp.ts

@@ -1,15 +1,16 @@
 import * as Log from "@opencode-ai/core/util/log"
-import { bootstrap } from "../bootstrap"
-import { cmd } from "./cmd"
+import { Effect } from "effect"
+import { effectCmd } from "../effect-cmd"
 import { AgentSideConnection, ndJsonStream } from "@agentclientprotocol/sdk"
 import { ACP } from "@/acp/agent"
 import { Server } from "@/server/server"
+import { ServerAuth } from "@/server/auth"
 import { createOpencodeClient } from "@opencode-ai/sdk/v2"
 import { withNetworkOptions, resolveNetworkOptions } from "../network"
 
 const log = Log.create({ service: "acp-command" })
 
-export const AcpCommand = cmd({
+export const AcpCommand = effectCmd({
   command: "acp",
   describe: "start ACP (Agent Client Protocol) server",
   builder: (yargs) => {
@@ -19,52 +20,54 @@ export const AcpCommand = cmd({
       default: process.cwd(),
     })
   },
-  handler: async (args) => {
+  handler: Effect.fn("Cli.acp")(function* (args) {
     process.env.OPENCODE_CLIENT = "acp"
-    await bootstrap(process.cwd(), async () => {
-      const opts = await resolveNetworkOptions(args)
-      const server = await Server.listen(opts)
+    const opts = yield* Effect.promise(() => resolveNetworkOptions(args))
+    const server = yield* Effect.promise(() => Server.listen(opts))
 
-      const sdk = createOpencodeClient({
-        baseUrl: `http://${server.hostname}:${server.port}`,
-      })
-
-      const input = new WritableStream<Uint8Array>({
-        write(chunk) {
-          return new Promise<void>((resolve, reject) => {
-            process.stdout.write(chunk, (err) => {
-              if (err) {
-                reject(err)
-              } else {
-                resolve()
-              }
-            })
-          })
-        },
-      })
-      const output = new ReadableStream<Uint8Array>({
-        start(controller) {
-          process.stdin.on("data", (chunk: Buffer) => {
-            controller.enqueue(new Uint8Array(chunk))
-          })
-          process.stdin.on("end", () => controller.close())
-          process.stdin.on("error", (err) => controller.error(err))
-        },
-      })
-
-      const stream = ndJsonStream(input, output)
-      const agent = await ACP.init({ sdk })
-
-      new AgentSideConnection((conn) => {
-        return agent.create(conn, { sdk })
-      }, stream)
-
-      log.info("setup connection")
-      process.stdin.resume()
-      await new Promise((resolve, reject) => {
-        process.stdin.on("end", resolve)
-        process.stdin.on("error", reject)
-      })
+    const sdk = createOpencodeClient({
+      baseUrl: `http://${server.hostname}:${server.port}`,
+      headers: ServerAuth.headers(),
     })
-  },
+
+    const input = new WritableStream<Uint8Array>({
+      write(chunk) {
+        return new Promise<void>((resolve, reject) => {
+          process.stdout.write(chunk, (err) => {
+            if (err) {
+              reject(err)
+            } else {
+              resolve()
+            }
+          })
+        })
+      },
+    })
+    const output = new ReadableStream<Uint8Array>({
+      start(controller) {
+        process.stdin.on("data", (chunk: Buffer) => {
+          controller.enqueue(new Uint8Array(chunk))
+        })
+        process.stdin.on("end", () => controller.close())
+        process.stdin.on("error", (err) => controller.error(err))
+      },
+    })
+
+    const stream = ndJsonStream(input, output)
+    const agent = ACP.init({ sdk })
+
+    new AgentSideConnection((conn) => {
+      return agent.create(conn, { sdk })
+    }, stream)
+
+    log.info("setup connection")
+    process.stdin.resume()
+    yield* Effect.promise(
+      () =>
+        new Promise<void>((resolve, reject) => {
+          process.stdin.on("end", () => resolve())
+          process.stdin.on("error", reject)
+        }),
+    )
+  }),
 })

packages/opencode/src/cli/cmd/agent.ts

@@ -1,6 +1,5 @@
 import { cmd } from "./cmd"
 import * as prompts from "@clack/prompts"
-import { AppRuntime } from "@/effect/app-runtime"
 import { UI } from "../ui"
 import { Global } from "@opencode-ai/core/global"
 import { Agent } from "../../agent/agent"
@@ -9,9 +8,11 @@ import path from "path"
 import fs from "fs/promises"
 import { Filesystem } from "@/util/filesystem"
 import matter from "gray-matter"
-import { Instance } from "../../project/instance"
+import { InstanceRef } from "@/effect/instance-ref"
 import { EOL } from "os"
 import type { Argv } from "yargs"
+import { Effect } from "effect"
+import { effectCmd } from "../effect-cmd"
 
 type AgentMode = "all" | "primary" | "subagent"
 
@@ -32,7 +33,7 @@ const AVAILABLE_PERMISSIONS = [
   "skill",
 ]
 
-const AgentCreateCommand = cmd({
+const AgentCreateCommand = effectCmd({
   command: "create",
   describe: "create a new agent",
   builder: (yargs: Argv) =>
@@ -60,200 +61,191 @@ const AgentCreateCommand = cmd({
         alias: ["m"],
         describe: "model to use in the format of provider/model",
       }),
-  async handler(args) {
-    await Instance.provide({
-      directory: process.cwd(),
-      async fn() {
-        const cliPath = args.path
-        const cliDescription = args.description
-        const cliMode = args.mode as AgentMode | undefined
-        const perms = args.permissions
+  handler: Effect.fn("Cli.agent.create")(function* (args) {
+    const maybeCtx = yield* InstanceRef
+    if (!maybeCtx) return yield* Effect.die("InstanceRef not provided")
+    const ctx = maybeCtx
+    const agentSvc = yield* Agent.Service
+    yield* Effect.promise(async () => {
+      const cliPath = args.path
+      const cliDescription = args.description
+      const cliMode = args.mode as AgentMode | undefined
+      const perms = args.permissions
 
-        const isFullyNonInteractive = cliPath && cliDescription && cliMode && perms !== undefined
+      const isFullyNonInteractive = cliPath && cliDescription && cliMode && perms !== undefined
 
-        if (!isFullyNonInteractive) {
-          UI.empty()
-          prompts.intro("Create agent")
-        }
+      if (!isFullyNonInteractive) {
+        UI.empty()
+        prompts.intro("Create agent")
+      }
 
-        const project = Instance.project
+      const project = ctx.project
 
-        // Determine scope/path
-        let targetPath: string
-        if (cliPath) {
-          targetPath = path.join(cliPath, "agent")
-        } else {
-          let scope: "global" | "project" = "global"
-          if (project.vcs === "git") {
-            const scopeResult = await prompts.select({
-              message: "Location",
-              options: [
-                {
-                  label: "Current project",
-                  value: "project" as const,
-                  hint: Instance.worktree,
-                },
-                {
-                  label: "Global",
-                  value: "global" as const,
-                  hint: Global.Path.config,
-                },
-              ],
-            })
-            if (prompts.isCancel(scopeResult)) throw new UI.CancelledError()
-            scope = scopeResult
-          }
-          targetPath = path.join(
-            scope === "global" ? Global.Path.config : path.join(Instance.worktree, ".opencode"),
-            "agent",
-          )
-        }
-
-        // Get description
-        let description: string
-        if (cliDescription) {
-          description = cliDescription
-        } else {
-          const query = await prompts.text({
-            message: "Description",
-            placeholder: "What should this agent do?",
-            validate: (x) => (x && x.length > 0 ? undefined : "Required"),
-          })
-          if (prompts.isCancel(query)) throw new UI.CancelledError()
-          description = query
-        }
-
-        // Generate agent
-        const spinner = prompts.spinner()
-        spinner.start("Generating agent configuration...")
-        const model = args.model ? Provider.parseModel(args.model) : undefined
-        const generated = await AppRuntime.runPromise(
-          Agent.Service.use((svc) => svc.generate({ description, model })),
-        ).catch((error) => {
-          spinner.stop(`LLM failed to generate agent: ${error.message}`, 1)
-          if (isFullyNonInteractive) process.exit(1)
-          throw new UI.CancelledError()
-        })
-        spinner.stop(`Agent ${generated.identifier} generated`)
-
-        // Select permissions to allow
-        let selected: string[]
-        if (perms !== undefined) {
-          selected = perms ? perms.split(",").map((t) => t.trim()) : AVAILABLE_PERMISSIONS
-        } else {
-          const result = await prompts.multiselect({
-            message: "Select permissions to allow (Space to toggle)",
-            options: AVAILABLE_PERMISSIONS.map((permission) => ({
-              label: permission,
-              value: permission,
-            })),
-            initialValues: AVAILABLE_PERMISSIONS,
-          })
-          if (prompts.isCancel(result)) throw new UI.CancelledError()
-          selected = result
-        }
-
-        // Get mode
-        let mode: AgentMode
-        if (cliMode) {
-          mode = cliMode
-        } else {
-          const modeResult = await prompts.select({
-            message: "Agent mode",
+      // Determine scope/path
+      let targetPath: string
+      if (cliPath) {
+        targetPath = path.join(cliPath, "agent")
+      } else {
+        let scope: "global" | "project" = "global"
+        if (project.vcs === "git") {
+          const scopeResult = await prompts.select({
+            message: "Location",
             options: [
               {
-                label: "All",
-                value: "all" as const,
-                hint: "Can function in both primary and subagent roles",
+                label: "Current project",
+                value: "project" as const,
+                hint: ctx.worktree,
               },
               {
-                label: "Primary",
-                value: "primary" as const,
-                hint: "Acts as a primary/main agent",
-              },
-              {
-                label: "Subagent",
-                value: "subagent" as const,
-                hint: "Can be used as a subagent by other agents",
+                label: "Global",
+                value: "global" as const,
+                hint: Global.Path.config,
               },
             ],
-            initialValue: "all" as const,
           })
-          if (prompts.isCancel(modeResult)) throw new UI.CancelledError()
-          mode = modeResult
+          if (prompts.isCancel(scopeResult)) throw new UI.CancelledError()
+          scope = scopeResult
         }
+        targetPath = path.join(scope === "global" ? Global.Path.config : path.join(ctx.worktree, ".opencode"), "agent")
+      }
 
-        // Build permissions config — deny anything not explicitly selected.
-        const permissions: Record<string, "deny"> = {}
-        for (const permission of AVAILABLE_PERMISSIONS) {
-          if (!selected.includes(permission)) {
-            permissions[permission] = "deny"
-          }
+      // Get description
+      let description: string
+      if (cliDescription) {
+        description = cliDescription
+      } else {
+        const query = await prompts.text({
+          message: "Description",
+          placeholder: "What should this agent do?",
+          validate: (x) => (x && x.length > 0 ? undefined : "Required"),
+        })
+        if (prompts.isCancel(query)) throw new UI.CancelledError()
+        description = query
+      }
+
+      // Generate agent
+      const spinner = prompts.spinner()
+      spinner.start("Generating agent configuration...")
+      const model = args.model ? Provider.parseModel(args.model) : undefined
+      const generated = await Effect.runPromise(agentSvc.generate({ description, model })).catch((error) => {
+        spinner.stop(`LLM failed to generate agent: ${error.message}`, 1)
+        if (isFullyNonInteractive) process.exit(1)
+        throw new UI.CancelledError()
+      })
+      spinner.stop(`Agent ${generated.identifier} generated`)
+
+      // Select permissions to allow
+      let selected: string[]
+      if (perms !== undefined) {
+        selected = perms ? perms.split(",").map((t) => t.trim()) : AVAILABLE_PERMISSIONS
+      } else {
+        const result = await prompts.multiselect({
+          message: "Select permissions to allow (Space to toggle)",
+          options: AVAILABLE_PERMISSIONS.map((permission) => ({
+            label: permission,
+            value: permission,
+          })),
+          initialValues: AVAILABLE_PERMISSIONS,
+        })
+        if (prompts.isCancel(result)) throw new UI.CancelledError()
+        selected = result
+      }
+
+      // Get mode
+      let mode: AgentMode
+      if (cliMode) {
+        mode = cliMode
+      } else {
+        const modeResult = await prompts.select({
+          message: "Agent mode",
+          options: [
+            {
+              label: "All",
+              value: "all" as const,
+              hint: "Can function in both primary and subagent roles",
+            },
+            {
+              label: "Primary",
+              value: "primary" as const,
+              hint: "Acts as a primary/main agent",
+            },
+            {
+              label: "Subagent",
+              value: "subagent" as const,
+              hint: "Can be used as a subagent by other agents",
+            },
+          ],
+          initialValue: "all" as const,
+        })
+        if (prompts.isCancel(modeResult)) throw new UI.CancelledError()
+        mode = modeResult
+      }
+
+      // Build permissions config — deny anything not explicitly selected.
+      const permissions: Record<string, "deny"> = {}
+      for (const permission of AVAILABLE_PERMISSIONS) {
+        if (!selected.includes(permission)) {
+          permissions[permission] = "deny"
         }
+      }
 
-        // Build frontmatter
-        const frontmatter: {
-          description: string
-          mode: AgentMode
-          permission?: Record<string, "deny">
-        } = {
-          description: generated.whenToUse,
-          mode,
-        }
-        if (Object.keys(permissions).length > 0) {
-          frontmatter.permission = permissions
-        }
+      // Build frontmatter
+      const frontmatter: {
+        description: string
+        mode: AgentMode
+        permission?: Record<string, "deny">
+      } = {
+        description: generated.whenToUse,
+        mode,
+      }
+      if (Object.keys(permissions).length > 0) {
+        frontmatter.permission = permissions
+      }
 
-        // Write file
-        const content = matter.stringify(generated.systemPrompt, frontmatter)
-        const filePath = path.join(targetPath, `${generated.identifier}.md`)
+      // Write file
+      const content = matter.stringify(generated.systemPrompt, frontmatter)
+      const filePath = path.join(targetPath, `${generated.identifier}.md`)
 
-        await fs.mkdir(targetPath, { recursive: true })
-
-        if (await Filesystem.exists(filePath)) {
-          if (isFullyNonInteractive) {
-            console.error(`Error: Agent file already exists: ${filePath}`)
-            process.exit(1)
-          }
-          prompts.log.error(`Agent file already exists: ${filePath}`)
-          throw new UI.CancelledError()
-        }
-
-        await Filesystem.write(filePath, content)
+      await fs.mkdir(targetPath, { recursive: true })
 
+      if (await Filesystem.exists(filePath)) {
         if (isFullyNonInteractive) {
-          console.log(filePath)
-        } else {
-          prompts.log.success(`Agent created: ${filePath}`)
-          prompts.outro("Done")
+          console.error(`Error: Agent file already exists: ${filePath}`)
+          process.exit(1)
         }
-      },
+        prompts.log.error(`Agent file already exists: ${filePath}`)
+        throw new UI.CancelledError()
+      }
+
+      await Filesystem.write(filePath, content)
+
+      if (isFullyNonInteractive) {
+        console.log(filePath)
+      } else {
+        prompts.log.success(`Agent created: ${filePath}`)
+        prompts.outro("Done")
+      }
     })
-  },
+  }),
 })
 
-const AgentListCommand = cmd({
+const AgentListCommand = effectCmd({
   command: "list",
   describe: "list all available agents",
-  async handler() {
-    await Instance.provide({
-      directory: process.cwd(),
-      async fn() {
-        const agents = await AppRuntime.runPromise(Agent.Service.use((svc) => svc.list()))
-        const sortedAgents = agents.sort((a, b) => {
-          if (a.native !== b.native) {
-            return a.native ? -1 : 1
-          }
-          return a.name.localeCompare(b.name)
-        })
-
-        for (const agent of sortedAgents) {
-          process.stdout.write(`${agent.name} (${agent.mode})` + EOL)
-          process.stdout.write(`  ${JSON.stringify(agent.permission, null, 2)}` + EOL)
-        }
-      },
+  handler: Effect.fn("Cli.agent.list")(function* () {
+    const agents = yield* Agent.Service.use((svc) => svc.list())
+    const sortedAgents = agents.sort((a, b) => {
+      if (a.native !== b.native) {
+        return a.native ? -1 : 1
+      }
+      return a.name.localeCompare(b.name)
     })
-  },
+
+    for (const agent of sortedAgents) {
+      process.stdout.write(`${agent.name} (${agent.mode})` + EOL)
+      process.stdout.write(`  ${JSON.stringify(agent.permission, null, 2)}` + EOL)
+    }
+  }),
 })
 
 export const AgentCommand = cmd({

packages/opencode/src/cli/cmd/cmd.ts

@@ -1,6 +1,6 @@
 import type { CommandModule } from "yargs"
 
-type WithDoubleDash<T> = T & { "--"?: string[] }
+export type WithDoubleDash<T> = T & { "--"?: string[] }
 
 export function cmd<T, U>(input: CommandModule<T, WithDoubleDash<U>>) {
   return input

packages/opencode/src/cli/cmd/debug/agent.ts

@@ -7,14 +7,13 @@ import { Session } from "@/session/session"
 import type { MessageV2 } from "../../../session/message-v2"
 import { MessageID, PartID } from "../../../session/schema"
 import { ToolRegistry } from "@/tool/registry"
-import { Instance } from "../../../project/instance"
 import { Permission } from "../../../permission"
 import { iife } from "../../../util/iife"
-import { bootstrap } from "../../bootstrap"
-import { cmd } from "../cmd"
-import { AppRuntime } from "@/effect/app-runtime"
+import { effectCmd, fail } from "../../effect-cmd"
+import { InstanceRef } from "@/effect/instance-ref"
+import type { InstanceContext } from "@/project/instance"
 
-export const AgentCommand = cmd({
+export const AgentCommand = effectCmd({
   command: "agent <name>",
   describe: "show agent configuration details",
   builder: (yargs) =>
@@ -32,60 +31,60 @@ export const AgentCommand = cmd({
         type: "string",
         description: "Tool params as JSON or a JS object literal",
       }),
-  async handler(args) {
-    await bootstrap(process.cwd(), async () => {
-      const agentName = args.name as string
-      const agent = await AppRuntime.runPromise(Agent.Service.use((svc) => svc.get(agentName)))
-      if (!agent) {
-        process.stderr.write(
-          `Agent ${agentName} not found, run '${basename(process.execPath)} agent list' to get an agent list` + EOL,
-        )
-        process.exit(1)
-      }
-      const availableTools = await getAvailableTools(agent)
-      const resolvedTools = await resolveTools(agent, availableTools)
-      const toolID = args.tool as string | undefined
-      if (toolID) {
-        const tool = availableTools.find((item) => item.id === toolID)
-        if (!tool) {
-          process.stderr.write(`Tool ${toolID} not found for agent ${agentName}` + EOL)
-          process.exit(1)
-        }
-        if (resolvedTools[toolID] === false) {
-          process.stderr.write(`Tool ${toolID} is disabled for agent ${agentName}` + EOL)
-          process.exit(1)
-        }
-        const params = parseToolParams(args.params as string | undefined)
-        const ctx = await createToolContext(agent)
-        const result = await tool.execute(params, ctx)
-        process.stdout.write(JSON.stringify({ tool: toolID, input: params, result }, null, 2) + EOL)
-        return
-      }
-
-      const output = {
-        ...agent,
-        tools: resolvedTools,
-      }
-      process.stdout.write(JSON.stringify(output, null, 2) + EOL)
-    })
-  },
+  handler: Effect.fn("Cli.debug.agent")(function* (args) {
+    const ctx = yield* InstanceRef
+    if (!ctx) return
+    return yield* run(args, ctx)
+  }),
 })
 
-async function getAvailableTools(agent: Agent.Info) {
-  return AppRuntime.runPromise(
-    Effect.gen(function* () {
-      const provider = yield* Provider.Service
-      const registry = yield* ToolRegistry.Service
-      const model = agent.model ?? (yield* provider.defaultModel())
-      return yield* registry.tools({
-        ...model,
-        agent,
-      })
-    }),
-  )
-}
+const run = Effect.fn("Cli.debug.agent.body")(function* (
+  args: { name: string; tool?: string; params?: string },
+  ctx: InstanceContext,
+) {
+  const agentName = args.name
+  const agent = yield* Agent.Service.use((svc) => svc.get(agentName))
+  if (!agent) {
+    process.stderr.write(
+      `Agent ${agentName} not found, run '${basename(process.execPath)} agent list' to get an agent list` + EOL,
+    )
+    return yield* fail("", 1)
+  }
+  const availableTools = yield* getAvailableTools(agent)
+  const resolvedTools = resolveTools(agent, availableTools)
+  const toolID = args.tool
+  if (toolID) {
+    const tool = availableTools.find((item) => item.id === toolID)
+    if (!tool) {
+      process.stderr.write(`Tool ${toolID} not found for agent ${agentName}` + EOL)
+      return yield* fail("", 1)
+    }
+    if (resolvedTools[toolID] === false) {
+      process.stderr.write(`Tool ${toolID} is disabled for agent ${agentName}` + EOL)
+      return yield* fail("", 1)
+    }
+    const params = parseToolParams(args.params)
+    const toolCtx = yield* createToolContext(agent, ctx)
+    const result = yield* tool.execute(params, toolCtx)
+    process.stdout.write(JSON.stringify({ tool: toolID, input: params, result }, null, 2) + EOL)
+    return
+  }
 
-async function resolveTools(agent: Agent.Info, availableTools: Awaited<ReturnType<typeof getAvailableTools>>) {
+  const output = {
+    ...agent,
+    tools: resolvedTools,
+  }
+  process.stdout.write(JSON.stringify(output, null, 2) + EOL)
+})
+
+const getAvailableTools = Effect.fn("Cli.debug.agent.getAvailableTools")(function* (agent: Agent.Info) {
+  const provider = yield* Provider.Service
+  const registry = yield* ToolRegistry.Service
+  const model = agent.model ?? (yield* provider.defaultModel())
+  return yield* registry.tools({ ...model, agent })
+})
+
+function resolveTools(agent: Agent.Info, availableTools: { id: string }[]) {
   const disabled = Permission.disabled(
     availableTools.map((tool) => tool.id),
     agent.permission,
@@ -123,50 +122,38 @@ function parseToolParams(input?: string) {
   return parsed as Record<string, unknown>
 }
 
-async function createToolContext(agent: Agent.Info) {
-  const { session, messageID } = await AppRuntime.runPromise(
-    Effect.gen(function* () {
-      const session = yield* Session.Service
-      const result = yield* session.create({ title: `Debug tool run (${agent.name})` })
-      const messageID = MessageID.ascending()
-      const model = agent.model
-        ? agent.model
-        : yield* Effect.gen(function* () {
-            const provider = yield* Provider.Service
-            return yield* provider.defaultModel()
-          })
-      const now = Date.now()
-      const message: MessageV2.Assistant = {
-        id: messageID,
-        sessionID: result.id,
-        role: "assistant",
-        time: {
-          created: now,
-        },
-        parentID: messageID,
-        modelID: model.modelID,
-        providerID: model.providerID,
-        mode: "debug",
-        agent: agent.name,
-        path: {
-          cwd: Instance.directory,
-          root: Instance.worktree,
-        },
-        cost: 0,
-        tokens: {
-          input: 0,
-          output: 0,
-          reasoning: 0,
-          cache: {
-            read: 0,
-            write: 0,
-          },
-        },
-      }
-      yield* session.updateMessage(message)
-      return { session: result, messageID }
-    }),
-  )
+const createToolContext = Effect.fn("Cli.debug.agent.createToolContext")(function* (
+  agent: Agent.Info,
+  ctx: InstanceContext,
+) {
+  const sessionSvc = yield* Session.Service
+  const session = yield* sessionSvc.create({ title: `Debug tool run (${agent.name})` })
+  const messageID = MessageID.ascending()
+  const model = agent.model
+    ? agent.model
+    : yield* Effect.gen(function* () {
+        const provider = yield* Provider.Service
+        return yield* provider.defaultModel()
+      })
+  const now = Date.now()
+  const message: MessageV2.Assistant = {
+    id: messageID,
+    sessionID: session.id,
+    role: "assistant",
+    time: { created: now },
+    parentID: messageID,
+    modelID: model.modelID,
+    providerID: model.providerID,
+    mode: "debug",
+    agent: agent.name,
+    path: {
+      cwd: ctx.directory,
+      root: ctx.worktree,
+    },
+    cost: 0,
+    tokens: { input: 0, output: 0, reasoning: 0, cache: { read: 0, write: 0 } },
+  }
+  yield* sessionSvc.updateMessage(message)
 
   const ruleset = Permission.merge(agent.permission, session.permission ?? [])
 
@@ -189,4 +176,4 @@ async function createToolContext(agent: Agent.Info) {
       })
     },
   }
-}
+})

packages/opencode/src/cli/cmd/debug/config.ts

@@ -1,17 +1,14 @@
 import { EOL } from "os"
+import { Effect } from "effect"
 import { Config } from "@/config/config"
-import { AppRuntime } from "@/effect/app-runtime"
-import { bootstrap } from "../../bootstrap"
-import { cmd } from "../cmd"
+import { effectCmd } from "../../effect-cmd"
 
-export const ConfigCommand = cmd({
+export const ConfigCommand = effectCmd({
   command: "config",
   describe: "show resolved configuration",
   builder: (yargs) => yargs,
-  async handler() {
-    await bootstrap(process.cwd(), async () => {
-      const config = await AppRuntime.runPromise(Config.Service.use((cfg) => cfg.get()))
-      process.stdout.write(JSON.stringify(config, null, 2) + EOL)
-    })
-  },
+  handler: Effect.fn("Cli.debug.config")(function* () {
+    const config = yield* Config.Service.use((cfg) => cfg.get())
+    process.stdout.write(JSON.stringify(config, null, 2) + EOL)
+  }),
 })

packages/opencode/src/cli/cmd/debug/file.ts

@@ -1,11 +1,11 @@
 import { EOL } from "os"
-import { AppRuntime } from "@/effect/app-runtime"
+import { Effect } from "effect"
 import { File } from "../../../file"
 import { Ripgrep } from "@/file/ripgrep"
-import { bootstrap } from "../../bootstrap"
+import { effectCmd } from "../../effect-cmd"
 import { cmd } from "../cmd"
 
-const FileSearchCommand = cmd({
+const FileSearchCommand = effectCmd({
   command: "search <query>",
   describe: "search files by query",
   builder: (yargs) =>
@@ -14,15 +14,13 @@ const FileSearchCommand = cmd({
       demandOption: true,
       description: "Search query",
     }),
-  async handler(args) {
-    await bootstrap(process.cwd(), async () => {
-      const results = await AppRuntime.runPromise(File.Service.use((svc) => svc.search({ query: args.query })))
-      process.stdout.write(results.join(EOL) + EOL)
-    })
-  },
+  handler: Effect.fn("Cli.debug.file.search")(function* (args) {
+    const results = yield* File.Service.use((svc) => svc.search({ query: args.query }))
+    process.stdout.write(results.join(EOL) + EOL)
+  }),
 })
 
-const FileReadCommand = cmd({
+const FileReadCommand = effectCmd({
   command: "read <path>",
   describe: "read file contents as JSON",
   builder: (yargs) =>
@@ -31,27 +29,23 @@ const FileReadCommand = cmd({
       demandOption: true,
       description: "File path to read",
     }),
-  async handler(args) {
-    await bootstrap(process.cwd(), async () => {
-      const content = await AppRuntime.runPromise(File.Service.use((svc) => svc.read(args.path)))
-      process.stdout.write(JSON.stringify(content, null, 2) + EOL)
-    })
-  },
+  handler: Effect.fn("Cli.debug.file.read")(function* (args) {
+    const content = yield* File.Service.use((svc) => svc.read(args.path))
+    process.stdout.write(JSON.stringify(content, null, 2) + EOL)
+  }),
 })
 
-const FileStatusCommand = cmd({
+const FileStatusCommand = effectCmd({
   command: "status",
   describe: "show file status information",
   builder: (yargs) => yargs,
-  async handler() {
-    await bootstrap(process.cwd(), async () => {
-      const status = await AppRuntime.runPromise(File.Service.use((svc) => svc.status()))
-      process.stdout.write(JSON.stringify(status, null, 2) + EOL)
-    })
-  },
+  handler: Effect.fn("Cli.debug.file.status")(function* () {
+    const status = yield* File.Service.use((svc) => svc.status())
+    process.stdout.write(JSON.stringify(status, null, 2) + EOL)
+  }),
 })
 
-const FileListCommand = cmd({
+const FileListCommand = effectCmd({
   command: "list <path>",
   describe: "list files in a directory",
   builder: (yargs) =>
@@ -60,15 +54,13 @@ const FileListCommand = cmd({
       demandOption: true,
       description: "File path to list",
     }),
-  async handler(args) {
-    await bootstrap(process.cwd(), async () => {
-      const files = await AppRuntime.runPromise(File.Service.use((svc) => svc.list(args.path)))
-      process.stdout.write(JSON.stringify(files, null, 2) + EOL)
-    })
-  },
+  handler: Effect.fn("Cli.debug.file.list")(function* (args) {
+    const files = yield* File.Service.use((svc) => svc.list(args.path))
+    process.stdout.write(JSON.stringify(files, null, 2) + EOL)
+  }),
 })
 
-const FileTreeCommand = cmd({
+const FileTreeCommand = effectCmd({
   command: "tree [dir]",
   describe: "show directory tree",
   builder: (yargs) =>
@@ -77,12 +69,10 @@ const FileTreeCommand = cmd({
       description: "Directory to tree",
       default: process.cwd(),
     }),
-  async handler(args) {
-    await bootstrap(process.cwd(), async () => {
-      const tree = await AppRuntime.runPromise(Ripgrep.Service.use((svc) => svc.tree({ cwd: args.dir, limit: 200 })))
-      console.log(JSON.stringify(tree, null, 2))
-    })
-  },
+  handler: Effect.fn("Cli.debug.file.tree")(function* (args) {
+    const tree = yield* Effect.orDie(Ripgrep.Service.use((svc) => svc.tree({ cwd: args.dir, limit: 200 })))
+    console.log(JSON.stringify(tree, null, 2))
+  }),
 })
 
 export const FileCommand = cmd({

packages/opencode/src/cli/cmd/debug/index.ts

@@ -1,5 +1,11 @@
 import { Global } from "@opencode-ai/core/global"
-import { bootstrap } from "../../bootstrap"
+import { InstallationVersion } from "@opencode-ai/core/installation/version"
+import { Flag } from "@opencode-ai/core/flag/flag"
+import os from "os"
+import { Duration, Effect } from "effect"
+import { Config } from "@/config/config"
+import { ConfigPlugin } from "@/config/plugin"
+import { effectCmd } from "../../effect-cmd"
 import { cmd } from "../cmd"
 import { ConfigCommand } from "./config"
 import { FileCommand } from "./file"
@@ -25,20 +31,49 @@ export const DebugCommand = cmd({
       .command(SnapshotCommand)
       .command(StartupCommand)
       .command(AgentCommand)
+      .command(InfoCommand)
       .command(PathsCommand)
-      .command({
-        command: "wait",
-        describe: "wait indefinitely (for debugging)",
-        async handler() {
-          await bootstrap(process.cwd(), async () => {
-            await new Promise((resolve) => setTimeout(resolve, 1_000 * 60 * 60 * 24))
-          })
-        },
-      })
+      .command(WaitCommand)
       .demandCommand(),
   async handler() {},
 })
 
+const WaitCommand = effectCmd({
+  command: "wait",
+  describe: "wait indefinitely (for debugging)",
+  handler: Effect.fn("Cli.debug.wait")(function* () {
+    yield* Effect.sleep(Duration.days(1))
+  }),
+})
+
+const InfoCommand = effectCmd({
+  command: "info",
+  describe: "show debug information",
+  handler: Effect.fn("Cli.debug.info")(function* () {
+    const config = yield* Config.Service.use((cfg) => cfg.get())
+    const termProgram = process.env.TERM_PROGRAM
+      ? `${process.env.TERM_PROGRAM}${process.env.TERM_PROGRAM_VERSION ? ` ${process.env.TERM_PROGRAM_VERSION}` : ""}`
+      : undefined
+    const terminal = [termProgram, process.env.TERM].filter((item): item is string => Boolean(item)).join(" / ")
+
+    console.log(`opencode version: ${InstallationVersion}`)
+    console.log(`os: ${os.type()} ${os.release()} ${os.arch()}`)
+    console.log(`terminal: ${terminal || "unknown"}`)
+    console.log("plugins:")
+    if (Flag.OPENCODE_PURE) {
+      console.log("external plugins disabled (--pure)")
+      return
+    }
+    if (!config.plugin_origins?.length) {
+      console.log("none")
+      return
+    }
+    for (const plugin of config.plugin_origins) {
+      console.log(`- ${ConfigPlugin.pluginSpecifier(plugin.spec)}`)
+    }
+  }),
+})
+
 const PathsCommand = cmd({
   command: "paths",
   describe: "show global paths (data, config, cache, state)",

packages/opencode/src/cli/cmd/debug/lsp.ts

@@ -1,7 +1,6 @@
 import { LSP } from "@/lsp/lsp"
-import { AppRuntime } from "../../../effect/app-runtime"
 import { Effect } from "effect"
-import { bootstrap } from "../../bootstrap"
+import { effectCmd } from "../../effect-cmd"
 import { cmd } from "../cmd"
 import * as Log from "@opencode-ai/core/util/log"
 import { EOL } from "os"
@@ -14,47 +13,39 @@ export const LSPCommand = cmd({
   async handler() {},
 })
 
-const DiagnosticsCommand = cmd({
+const DiagnosticsCommand = effectCmd({
   command: "diagnostics <file>",
   describe: "get diagnostics for a file",
   builder: (yargs) => yargs.positional("file", { type: "string", demandOption: true }),
-  async handler(args) {
-    await bootstrap(process.cwd(), async () => {
-      const out = await AppRuntime.runPromise(
-        LSP.Service.use((lsp) =>
-          Effect.gen(function* () {
-            yield* lsp.touchFile(args.file, "full")
-            return yield* lsp.diagnostics()
-          }),
-        ),
-      )
-      process.stdout.write(JSON.stringify(out, null, 2) + EOL)
-    })
-  },
+  handler: Effect.fn("Cli.debug.lsp.diagnostics")(function* (args) {
+    const out = yield* LSP.Service.use((lsp) =>
+      Effect.gen(function* () {
+        yield* lsp.touchFile(args.file, "full")
+        return yield* lsp.diagnostics()
+      }),
+    )
+    process.stdout.write(JSON.stringify(out, null, 2) + EOL)
+  }),
 })
 
-export const SymbolsCommand = cmd({
+export const SymbolsCommand = effectCmd({
   command: "symbols <query>",
   describe: "search workspace symbols",
   builder: (yargs) => yargs.positional("query", { type: "string", demandOption: true }),
-  async handler(args) {
-    await bootstrap(process.cwd(), async () => {
-      using _ = Log.Default.time("symbols")
-      const results = await AppRuntime.runPromise(LSP.Service.use((lsp) => lsp.workspaceSymbol(args.query)))
-      process.stdout.write(JSON.stringify(results, null, 2) + EOL)
-    })
-  },
+  handler: Effect.fn("Cli.debug.lsp.symbols")(function* (args) {
+    using _ = Log.Default.time("symbols")
+    const results = yield* LSP.Service.use((lsp) => lsp.workspaceSymbol(args.query))
+    process.stdout.write(JSON.stringify(results, null, 2) + EOL)
+  }),
 })
 
-export const DocumentSymbolsCommand = cmd({
+export const DocumentSymbolsCommand = effectCmd({
   command: "document-symbols <uri>",
   describe: "get symbols from a document",
   builder: (yargs) => yargs.positional("uri", { type: "string", demandOption: true }),
-  async handler(args) {
-    await bootstrap(process.cwd(), async () => {
-      using _ = Log.Default.time("document-symbols")
-      const results = await AppRuntime.runPromise(LSP.Service.use((lsp) => lsp.documentSymbol(args.uri)))
-      process.stdout.write(JSON.stringify(results, null, 2) + EOL)
-    })
-  },
+  handler: Effect.fn("Cli.debug.lsp.documentSymbols")(function* (args) {
+    using _ = Log.Default.time("document-symbols")
+    const results = yield* LSP.Service.use((lsp) => lsp.documentSymbol(args.uri))
+    process.stdout.write(JSON.stringify(results, null, 2) + EOL)
+  }),
 })

packages/opencode/src/cli/cmd/debug/ripgrep.ts

@@ -1,10 +1,9 @@
 import { EOL } from "os"
 import { Effect, Stream } from "effect"
-import { AppRuntime } from "../../../effect/app-runtime"
 import { Ripgrep } from "../../../file/ripgrep"
-import { Instance } from "../../../project/instance"
-import { bootstrap } from "../../bootstrap"
+import { effectCmd } from "../../effect-cmd"
 import { cmd } from "../cmd"
+import { InstanceRef } from "@/effect/instance-ref"
 
 export const RipgrepCommand = cmd({
   command: "rg",
@@ -13,24 +12,22 @@ export const RipgrepCommand = cmd({
   async handler() {},
 })
 
-const TreeCommand = cmd({
+const TreeCommand = effectCmd({
   command: "tree",
   describe: "show file tree using ripgrep",
   builder: (yargs) =>
     yargs.option("limit", {
       type: "number",
     }),
-  async handler(args) {
-    await bootstrap(process.cwd(), async () => {
-      const tree = await AppRuntime.runPromise(
-        Ripgrep.Service.use((svc) => svc.tree({ cwd: Instance.directory, limit: args.limit })),
-      )
-      process.stdout.write(tree + EOL)
-    })
-  },
+  handler: Effect.fn("Cli.debug.rg.tree")(function* (args) {
+    const ctx = yield* InstanceRef
+    if (!ctx) return
+    const tree = yield* Effect.orDie(Ripgrep.Service.use((svc) => svc.tree({ cwd: ctx.directory, limit: args.limit })))
+    process.stdout.write(tree + EOL)
+  }),
 })
 
-const FilesCommand = cmd({
+const FilesCommand = effectCmd({
   command: "files",
   describe: "list files using ripgrep",
   builder: (yargs) =>
@@ -47,29 +44,26 @@ const FilesCommand = cmd({
         type: "number",
         description: "Limit number of results",
       }),
-  async handler(args) {
-    await bootstrap(process.cwd(), async () => {
-      const files = await AppRuntime.runPromise(
-        Effect.gen(function* () {
-          const rg = yield* Ripgrep.Service
-          return yield* rg
-            .files({
-              cwd: Instance.directory,
-              glob: args.glob ? [args.glob] : undefined,
-            })
-            .pipe(
-              Stream.take(args.limit ?? Infinity),
-              Stream.runCollect,
-              Effect.map((c) => [...c]),
-            )
-        }),
+  handler: Effect.fn("Cli.debug.rg.files")(function* (args) {
+    const ctx = yield* InstanceRef
+    if (!ctx) return
+    const rg = yield* Ripgrep.Service
+    const files = yield* rg
+      .files({
+        cwd: ctx.directory,
+        glob: args.glob ? [args.glob] : undefined,
+      })
+      .pipe(
+        Stream.take(args.limit ?? Infinity),
+        Stream.runCollect,
+        Effect.map((c) => [...c]),
+        Effect.orDie,
       )
-      process.stdout.write(files.join(EOL) + EOL)
-    })
-  },
+    process.stdout.write(files.join(EOL) + EOL)
+  }),
 })
 
-const SearchCommand = cmd({
+const SearchCommand = effectCmd({
   command: "search <pattern>",
   describe: "search file contents using ripgrep",
   builder: (yargs) =>
@@ -87,19 +81,19 @@ const SearchCommand = cmd({
         type: "number",
         description: "Limit number of results",
       }),
-  async handler(args) {
-    await bootstrap(process.cwd(), async () => {
-      const results = await AppRuntime.runPromise(
-        Ripgrep.Service.use((svc) =>
-          svc.search({
-            cwd: Instance.directory,
-            pattern: args.pattern,
-            glob: args.glob as string[] | undefined,
-            limit: args.limit,
-          }),
-        ),
-      )
-      process.stdout.write(JSON.stringify(results.items, null, 2) + EOL)
-    })
-  },
+  handler: Effect.fn("Cli.debug.rg.search")(function* (args) {
+    const ctx = yield* InstanceRef
+    if (!ctx) return
+    const results = yield* Effect.orDie(
+      Ripgrep.Service.use((svc) =>
+        svc.search({
+          cwd: ctx.directory,
+          pattern: args.pattern,
+          glob: args.glob as string[] | undefined,
+          limit: args.limit,
+        }),
+      ),
+    )
+    process.stdout.write(JSON.stringify(results.items, null, 2) + EOL)
+  }),
 })

packages/opencode/src/cli/cmd/debug/skill.ts

@@ -1,23 +1,15 @@
 import { EOL } from "os"
 import { Effect } from "effect"
-import { AppRuntime } from "@/effect/app-runtime"
 import { Skill } from "../../../skill"
-import { bootstrap } from "../../bootstrap"
-import { cmd } from "../cmd"
+import { effectCmd } from "../../effect-cmd"
 
-export const SkillCommand = cmd({
+export const SkillCommand = effectCmd({
   command: "skill",
   describe: "list all available skills",
   builder: (yargs) => yargs,
-  async handler() {
-    await bootstrap(process.cwd(), async () => {
-      const skills = await AppRuntime.runPromise(
-        Effect.gen(function* () {
-          const skill = yield* Skill.Service
-          return yield* skill.all()
-        }),
-      )
-      process.stdout.write(JSON.stringify(skills, null, 2) + EOL)
-    })
-  },
+  handler: Effect.fn("Cli.debug.skill")(function* () {
+    const skill = yield* Skill.Service
+    const skills = yield* skill.all()
+    process.stdout.write(JSON.stringify(skills, null, 2) + EOL)
+  }),
 })

packages/opencode/src/cli/cmd/debug/snapshot.ts

@@ -1,6 +1,6 @@
-import { AppRuntime } from "@/effect/app-runtime"
+import { Effect } from "effect"
 import { Snapshot } from "../../../snapshot"
-import { bootstrap } from "../../bootstrap"
+import { effectCmd } from "../../effect-cmd"
 import { cmd } from "../cmd"
 
 export const SnapshotCommand = cmd({
@@ -10,17 +10,16 @@ export const SnapshotCommand = cmd({
   async handler() {},
 })
 
-const TrackCommand = cmd({
+const TrackCommand = effectCmd({
   command: "track",
   describe: "track current snapshot state",
-  async handler() {
-    await bootstrap(process.cwd(), async () => {
-      console.log(await AppRuntime.runPromise(Snapshot.Service.use((svc) => svc.track())))
-    })
-  },
+  handler: Effect.fn("Cli.debug.snapshot.track")(function* () {
+    const out = yield* Snapshot.Service.use((svc) => svc.track())
+    console.log(out)
+  }),
 })
 
-const PatchCommand = cmd({
+const PatchCommand = effectCmd({
   command: "patch <hash>",
   describe: "show patch for a snapshot hash",
   builder: (yargs) =>
@@ -29,14 +28,13 @@ const PatchCommand = cmd({
       description: "hash",
       demandOption: true,
     }),
-  async handler(args) {
-    await bootstrap(process.cwd(), async () => {
-      console.log(await AppRuntime.runPromise(Snapshot.Service.use((svc) => svc.patch(args.hash))))
-    })
-  },
+  handler: Effect.fn("Cli.debug.snapshot.patch")(function* (args) {
+    const out = yield* Snapshot.Service.use((svc) => svc.patch(args.hash))
+    console.log(out)
+  }),
 })
 
-const DiffCommand = cmd({
+const DiffCommand = effectCmd({
   command: "diff <hash>",
   describe: "show diff for a snapshot hash",
   builder: (yargs) =>
@@ -45,9 +43,8 @@ const DiffCommand = cmd({
       description: "hash",
       demandOption: true,
     }),
-  async handler(args) {
-    await bootstrap(process.cwd(), async () => {
-      console.log(await AppRuntime.runPromise(Snapshot.Service.use((svc) => svc.diff(args.hash))))
-    })
-  },
+  handler: Effect.fn("Cli.debug.snapshot.diff")(function* (args) {
+    const out = yield* Snapshot.Service.use((svc) => svc.diff(args.hash))
+    console.log(out)
+  }),
 })

packages/opencode/src/cli/cmd/export.ts

@@ -1,13 +1,11 @@
-import type { Argv } from "yargs"
 import { Session } from "@/session/session"
 import { MessageV2 } from "../../session/message-v2"
 import { SessionID } from "../../session/schema"
-import { cmd } from "./cmd"
-import { bootstrap } from "../bootstrap"
+import { effectCmd, fail } from "../effect-cmd"
 import { UI } from "../ui"
 import * as prompts from "@clack/prompts"
 import { EOL } from "os"
-import { AppRuntime } from "@/effect/app-runtime"
+import { Effect } from "effect"
 
 function redact(kind: string, id: string, value: string) {
   return value.trim() ? `[redacted:${kind}:${id}]` : value
@@ -220,11 +218,11 @@ function sanitize(data: { info: Session.Info; messages: MessageV2.WithParts[] })
   }
 }
 
-export const ExportCommand = cmd({
+export const ExportCommand = effectCmd({
   command: "export [sessionID]",
   describe: "export session data as JSON",
-  builder: (yargs: Argv) => {
-    return yargs
+  builder: (yargs) =>
+    yargs
       .positional("sessionID", {
         describe: "session id to export",
         type: "string",
@@ -232,72 +230,62 @@ export const ExportCommand = cmd({
       .option("sanitize", {
         describe: "redact sensitive transcript and file data",
         type: "boolean",
-      })
-  },
-  handler: async (args) => {
-    await bootstrap(process.cwd(), async () => {
-      let sessionID = args.sessionID ? SessionID.make(args.sessionID) : undefined
-      process.stderr.write(`Exporting session: ${sessionID ?? "latest"}\n`)
-
-      if (!sessionID) {
-        UI.empty()
-        prompts.intro("Export session", {
-          output: process.stderr,
-        })
-
-        const sessions = await AppRuntime.runPromise(Session.Service.use((svc) => svc.list()))
-
-        if (sessions.length === 0) {
-          prompts.log.error("No sessions found", {
-            output: process.stderr,
-          })
-          prompts.outro("Done", {
-            output: process.stderr,
-          })
-          return
-        }
-
-        sessions.sort((a, b) => b.time.updated - a.time.updated)
-
-        const selectedSession = await prompts.autocomplete({
-          message: "Select session to export",
-          maxItems: 10,
-          options: sessions.map((session) => ({
-            label: session.title,
-            value: session.id,
-            hint: `${new Date(session.time.updated).toLocaleString()} • ${session.id.slice(-8)}`,
-          })),
-          output: process.stderr,
-        })
-
-        if (prompts.isCancel(selectedSession)) {
-          throw new UI.CancelledError()
-        }
-
-        sessionID = selectedSession
-
-        prompts.outro("Exporting session...", {
-          output: process.stderr,
-        })
-      }
-
-      try {
-        const sessionInfo = await AppRuntime.runPromise(Session.Service.use((svc) => svc.get(sessionID!)))
-        const messages = await AppRuntime.runPromise(
-          Session.Service.use((svc) => svc.messages({ sessionID: sessionInfo.id })),
-        )
-
-        const exportData = {
-          info: sessionInfo,
-          messages,
-        }
-
-        process.stdout.write(JSON.stringify(args.sanitize ? sanitize(exportData) : exportData, null, 2))
-        process.stdout.write(EOL)
-      } catch {
-        UI.error(`Session not found: ${sessionID!}`)
-        process.exit(1)
-      }
-    })
-  },
+      }),
+  handler: Effect.fn("Cli.export")(function* (args) {
+    return yield* run(args)
+  }),
+})
+
+const run = Effect.fn("Cli.export.body")(function* (args: { sessionID?: string; sanitize?: boolean }) {
+  const svc = yield* Session.Service
+  let sessionID = args.sessionID ? SessionID.make(args.sessionID) : undefined
+  process.stderr.write(`Exporting session: ${sessionID ?? "latest"}\n`)
+
+  if (!sessionID) {
+    UI.empty()
+    prompts.intro("Export session", { output: process.stderr })
+
+    const sessions = yield* svc.list()
+
+    if (sessions.length === 0) {
+      prompts.log.error("No sessions found", { output: process.stderr })
+      prompts.outro("Done", { output: process.stderr })
+      return
+    }
+
+    sessions.sort((a, b) => b.time.updated - a.time.updated)
+
+    const selectedSession = yield* Effect.promise(() =>
+      prompts.autocomplete({
+        message: "Select session to export",
+        maxItems: 10,
+        options: sessions.map((session) => ({
+          label: session.title,
+          value: session.id,
+          hint: `${new Date(session.time.updated).toLocaleString()} • ${session.id.slice(-8)}`,
+        })),
+        output: process.stderr,
+      }),
+    )
+
+    if (prompts.isCancel(selectedSession)) {
+      return yield* Effect.die(new UI.CancelledError())
+    }
+
+    sessionID = selectedSession
+
+    prompts.outro("Exporting session...", { output: process.stderr })
+  }
+
+  // Match legacy try/catch — catches both typed failures and defects
+  // (Session.Service.get throws NotFoundError as a defect, not a typed E).
+  return yield* Effect.gen(function* () {
+    const sessionInfo = yield* svc.get(sessionID!)
+    const messages = yield* svc.messages({ sessionID: sessionInfo.id })
+
+    const exportData = { info: sessionInfo, messages }
+
+    process.stdout.write(JSON.stringify(args.sanitize ? sanitize(exportData) : exportData, null, 2))
+    process.stdout.write(EOL)
+  }).pipe(Effect.catchCause(() => fail(`Session not found: ${sessionID!}`)))
 })

packages/opencode/src/cli/cmd/generate.ts

@@ -1,22 +1,28 @@
 import { Server } from "../../server/server"
-import { PublicApi } from "../../server/routes/instance/httpapi/public"
 import type { CommandModule } from "yargs"
-import { OpenApi } from "effect/unstable/httpapi"
 
 type Args = {
   httpapi: boolean
+  hono: boolean
 }
 
 export const GenerateCommand = {
   command: "generate",
   builder: (yargs) =>
-    yargs.option("httpapi", {
-      type: "boolean",
-      default: false,
-      description: "Generate OpenAPI from the experimental Effect HttpApi contract",
-    }),
+    yargs
+      .option("httpapi", {
+        type: "boolean",
+        default: false,
+        description:
+          "Generate OpenAPI from the Effect HttpApi contract (default; flag retained for backwards compatibility)",
+      })
+      .option("hono", {
+        type: "boolean",
+        default: false,
+        description: "Generate OpenAPI from the legacy Hono backend (parity-diff only; will be removed)",
+      }),
   handler: async (args) => {
-    const specs = args.httpapi ? OpenApi.fromApi(PublicApi) : await Server.openapi()
+    const specs = args.hono ? await Server.openapiHono() : await Server.openapi()
     for (const item of Object.values(specs.paths)) {
       for (const method of ["get", "post", "put", "delete", "patch"] as const) {
         const operation = item[method]

packages/opencode/src/cli/cmd/github.ts

@@ -18,9 +18,9 @@ import type {
 } from "@octokit/webhooks-types"
 import { UI } from "../ui"
 import { cmd } from "./cmd"
+import { effectCmd } from "../effect-cmd"
 import { ModelsDev } from "@/provider/models"
-import { Instance } from "@/project/instance"
-import { bootstrap } from "../bootstrap"
+import { InstanceRef } from "@/effect/instance-ref"
 import { SessionShare } from "@/share/session"
 import { Session } from "@/session/session"
 import type { SessionID } from "../../session/schema"
@@ -29,7 +29,6 @@ import { Provider } from "@/provider/provider"
 import { Bus } from "../../bus"
 import { MessageV2 } from "../../session/message-v2"
 import { SessionPrompt } from "@/session/prompt"
-import { AppRuntime } from "@/effect/app-runtime"
 import { Git } from "@/git"
 import { setTimeout as sleep } from "node:timers/promises"
 import { Process } from "@/util/process"
@@ -199,191 +198,194 @@ export const GithubCommand = cmd({
   async handler() {},
 })
 
-export const GithubInstallCommand = cmd({
+export const GithubInstallCommand = effectCmd({
   command: "install",
   describe: "install the GitHub agent",
-  async handler() {
-    await Instance.provide({
-      directory: process.cwd(),
-      async fn() {
-        {
-          UI.empty()
-          prompts.intro("Install GitHub agent")
-          const app = await getAppInfo()
-          await installGitHubApp()
+  handler: Effect.fn("Cli.github.install")(function* () {
+    const maybeCtx = yield* InstanceRef
+    if (!maybeCtx) return yield* Effect.die("InstanceRef not provided")
+    const ctx = maybeCtx
+    const modelsDev = yield* ModelsDev.Service
+    const gitSvc = yield* Git.Service
+    yield* Effect.promise(async () => {
+      {
+        UI.empty()
+        prompts.intro("Install GitHub agent")
+        const app = await getAppInfo()
+        await installGitHubApp()
 
-          const providers = await ModelsDev.get().then((p) => {
-            // TODO: add guide for copilot, for now just hide it
-            delete p["github-copilot"]
-            return p
+        const providers = await Effect.runPromise(modelsDev.get()).then((p) => {
+          // TODO: add guide for copilot, for now just hide it
+          delete p["github-copilot"]
+          return p
+        })
+
+        const provider = await promptProvider()
+        const model = await promptModel()
+        //const key = await promptKey()
+
+        await addWorkflowFiles()
+        printNextSteps()
+
+        function printNextSteps() {
+          let step2
+          if (provider === "amazon-bedrock") {
+            step2 =
+              "Configure OIDC in AWS - https://docs.github.com/en/actions/how-tos/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services"
+          } else {
+            step2 = [
+              `    2. Add the following secrets in org or repo (${app.owner}/${app.repo}) settings`,
+              "",
+              ...providers[provider].env.map((e) => `       - ${e}`),
+            ].join("\n")
+          }
+
+          prompts.outro(
+            [
+              "Next steps:",
+              "",
+              `    1. Commit the \`${WORKFLOW_FILE}\` file and push`,
+              step2,
+              "",
+              "    3. Go to a GitHub issue and comment `/oc summarize` to see the agent in action",
+              "",
+              "   Learn more about the GitHub agent - https://opencode.ai/docs/github/#usage-examples",
+            ].join("\n"),
+          )
+        }
+
+        async function getAppInfo() {
+          const project = ctx.project
+          if (project.vcs !== "git") {
+            prompts.log.error(`Could not find git repository. Please run this command from a git repository.`)
+            throw new UI.CancelledError()
+          }
+
+          // Get repo info
+          const info = await Effect.runPromise(gitSvc.run(["remote", "get-url", "origin"], { cwd: ctx.worktree })).then(
+            (x) => x.text().trim(),
+          )
+          const parsed = parseGitHubRemote(info)
+          if (!parsed) {
+            prompts.log.error(`Could not find git repository. Please run this command from a git repository.`)
+            throw new UI.CancelledError()
+          }
+          return { owner: parsed.owner, repo: parsed.repo, root: ctx.worktree }
+        }
+
+        async function promptProvider() {
+          const priority: Record<string, number> = {
+            opencode: 0,
+            anthropic: 1,
+            openai: 2,
+            google: 3,
+          }
+          let provider = await prompts.select({
+            message: "Select provider",
+            maxItems: 8,
+            options: pipe(
+              providers,
+              values(),
+              sortBy(
+                (x) => priority[x.id] ?? 99,
+                (x) => x.name ?? x.id,
+              ),
+              map((x) => ({
+                label: x.name,
+                value: x.id,
+                hint: priority[x.id] === 0 ? "recommended" : undefined,
+              })),
+            ),
           })
 
-          const provider = await promptProvider()
-          const model = await promptModel()
-          //const key = await promptKey()
+          if (prompts.isCancel(provider)) throw new UI.CancelledError()
 
-          await addWorkflowFiles()
-          printNextSteps()
+          return provider
+        }
 
-          function printNextSteps() {
-            let step2
-            if (provider === "amazon-bedrock") {
-              step2 =
-                "Configure OIDC in AWS - https://docs.github.com/en/actions/how-tos/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services"
-            } else {
-              step2 = [
-                `    2. Add the following secrets in org or repo (${app.owner}/${app.repo}) settings`,
-                "",
-                ...providers[provider].env.map((e) => `       - ${e}`),
-              ].join("\n")
+        async function promptModel() {
+          const providerData = providers[provider]!
+
+          const model = await prompts.select({
+            message: "Select model",
+            maxItems: 8,
+            options: pipe(
+              providerData.models,
+              values(),
+              sortBy((x) => x.name ?? x.id),
+              map((x) => ({
+                label: x.name ?? x.id,
+                value: x.id,
+              })),
+            ),
+          })
+
+          if (prompts.isCancel(model)) throw new UI.CancelledError()
+          return model
+        }
+
+        async function installGitHubApp() {
+          const s = prompts.spinner()
+          s.start("Installing GitHub app")
+
+          // Get installation
+          const installation = await getInstallation()
+          if (installation) return s.stop("GitHub app already installed")
+
+          // Open browser
+          const url = "https://github.com/apps/opencode-agent"
+          const command =
+            process.platform === "darwin"
+              ? `open "${url}"`
+              : process.platform === "win32"
+                ? `start "" "${url}"`
+                : `xdg-open "${url}"`
+
+          exec(command, (error) => {
+            if (error) {
+              prompts.log.warn(`Could not open browser. Please visit: ${url}`)
             }
+          })
 
-            prompts.outro(
-              [
-                "Next steps:",
-                "",
-                `    1. Commit the \`${WORKFLOW_FILE}\` file and push`,
-                step2,
-                "",
-                "    3. Go to a GitHub issue and comment `/oc summarize` to see the agent in action",
-                "",
-                "   Learn more about the GitHub agent - https://opencode.ai/docs/github/#usage-examples",
-              ].join("\n"),
-            )
-          }
-
-          async function getAppInfo() {
-            const project = Instance.project
-            if (project.vcs !== "git") {
-              prompts.log.error(`Could not find git repository. Please run this command from a git repository.`)
-              throw new UI.CancelledError()
-            }
-
-            // Get repo info
-            const info = await AppRuntime.runPromise(
-              Git.Service.use((git) => git.run(["remote", "get-url", "origin"], { cwd: Instance.worktree })),
-            ).then((x) => x.text().trim())
-            const parsed = parseGitHubRemote(info)
-            if (!parsed) {
-              prompts.log.error(`Could not find git repository. Please run this command from a git repository.`)
-              throw new UI.CancelledError()
-            }
-            return { owner: parsed.owner, repo: parsed.repo, root: Instance.worktree }
-          }
-
-          async function promptProvider() {
-            const priority: Record<string, number> = {
-              opencode: 0,
-              anthropic: 1,
-              openai: 2,
-              google: 3,
-            }
-            let provider = await prompts.select({
-              message: "Select provider",
-              maxItems: 8,
-              options: pipe(
-                providers,
-                values(),
-                sortBy(
-                  (x) => priority[x.id] ?? 99,
-                  (x) => x.name ?? x.id,
-                ),
-                map((x) => ({
-                  label: x.name,
-                  value: x.id,
-                  hint: priority[x.id] === 0 ? "recommended" : undefined,
-                })),
-              ),
-            })
-
-            if (prompts.isCancel(provider)) throw new UI.CancelledError()
-
-            return provider
-          }
-
-          async function promptModel() {
-            const providerData = providers[provider]!
-
-            const model = await prompts.select({
-              message: "Select model",
-              maxItems: 8,
-              options: pipe(
-                providerData.models,
-                values(),
-                sortBy((x) => x.name ?? x.id),
-                map((x) => ({
-                  label: x.name ?? x.id,
-                  value: x.id,
-                })),
-              ),
-            })
-
-            if (prompts.isCancel(model)) throw new UI.CancelledError()
-            return model
-          }
-
-          async function installGitHubApp() {
-            const s = prompts.spinner()
-            s.start("Installing GitHub app")
-
-            // Get installation
+          // Wait for installation
+          s.message("Waiting for GitHub app to be installed")
+          const MAX_RETRIES = 120
+          let retries = 0
+          do {
             const installation = await getInstallation()
-            if (installation) return s.stop("GitHub app already installed")
+            if (installation) break
 
-            // Open browser
-            const url = "https://github.com/apps/opencode-agent"
-            const command =
-              process.platform === "darwin"
-                ? `open "${url}"`
-                : process.platform === "win32"
-                  ? `start "" "${url}"`
-                  : `xdg-open "${url}"`
-
-            exec(command, (error) => {
-              if (error) {
-                prompts.log.warn(`Could not open browser. Please visit: ${url}`)
-              }
-            })
-
-            // Wait for installation
-            s.message("Waiting for GitHub app to be installed")
-            const MAX_RETRIES = 120
-            let retries = 0
-            do {
-              const installation = await getInstallation()
-              if (installation) break
-
-              if (retries > MAX_RETRIES) {
-                s.stop(
-                  `Failed to detect GitHub app installation. Make sure to install the app for the \`${app.owner}/${app.repo}\` repository.`,
-                )
-                throw new UI.CancelledError()
-              }
-
-              retries++
-              await sleep(1000)
-            } while (true) // oxlint-disable-line no-constant-condition
-
-            s.stop("Installed GitHub app")
-
-            async function getInstallation() {
-              return await fetch(
-                `https://api.opencode.ai/get_github_app_installation?owner=${app.owner}&repo=${app.repo}`,
+            if (retries > MAX_RETRIES) {
+              s.stop(
+                `Failed to detect GitHub app installation. Make sure to install the app for the \`${app.owner}/${app.repo}\` repository.`,
               )
-                .then((res) => res.json())
-                .then((data) => data.installation)
+              throw new UI.CancelledError()
             }
+
+            retries++
+            await sleep(1000)
+          } while (true) // oxlint-disable-line no-constant-condition
+
+          s.stop("Installed GitHub app")
+
+          async function getInstallation() {
+            return await fetch(
+              `https://api.opencode.ai/get_github_app_installation?owner=${app.owner}&repo=${app.repo}`,
+            )
+              .then((res) => res.json())
+              .then((data) => data.installation)
           }
+        }
 
-          async function addWorkflowFiles() {
-            const envStr =
-              provider === "amazon-bedrock"
-                ? ""
-                : `\n        env:${providers[provider].env.map((e) => `\n          ${e}: \${{ secrets.${e} }}`).join("")}`
+        async function addWorkflowFiles() {
+          const envStr =
+            provider === "amazon-bedrock"
+              ? ""
+              : `\n        env:${providers[provider].env.map((e) => `\n          ${e}: \${{ secrets.${e} }}`).join("")}`
 
-            await Filesystem.write(
-              path.join(app.root, WORKFLOW_FILE),
-              `name: opencode
+          await Filesystem.write(
+            path.join(app.root, WORKFLOW_FILE),
+            `name: opencode
 
 on:
   issue_comment:
@@ -414,17 +416,16 @@ jobs:
         uses: anomalyco/opencode/github@latest${envStr}
         with:
           model: ${provider}/${model}`,
-            )
+          )
 
-            prompts.log.success(`Added workflow file: "${WORKFLOW_FILE}"`)
-          }
+          prompts.log.success(`Added workflow file: "${WORKFLOW_FILE}"`)
         }
-      },
+      }
     })
-  },
+  }),
 })
 
-export const GithubRunCommand = cmd({
+export const GithubRunCommand = effectCmd({
   command: "run",
   describe: "run the GitHub agent",
   builder: (yargs) =>
@@ -437,8 +438,14 @@ export const GithubRunCommand = cmd({
         type: "string",
         describe: "GitHub personal access token (github_pat_********)",
       }),
-  async handler(args) {
-    await bootstrap(process.cwd(), async () => {
+  handler: Effect.fn("Cli.github.run")(function* (args) {
+    const ctx = yield* InstanceRef
+    if (!ctx) return yield* Effect.die("InstanceRef not provided")
+    const gitSvc = yield* Git.Service
+    const sessionSvc = yield* Session.Service
+    const sessionShare = yield* SessionShare.Service
+    const sessionPrompt = yield* SessionPrompt.Service
+    yield* Effect.promise(async () => {
       const isMock = args.token || args.event
 
       const context = isMock ? (JSON.parse(args.event!) as Context) : github.context
@@ -501,21 +508,20 @@ export const GithubRunCommand = cmd({
           : "issue"
         : undefined
       const gitText = async (args: string[]) => {
-        const result = await AppRuntime.runPromise(Git.Service.use((git) => git.run(args, { cwd: Instance.worktree })))
+        const result = await Effect.runPromise(gitSvc.run(args, { cwd: ctx.worktree }))
         if (result.exitCode !== 0) {
           throw new Process.RunFailedError(["git", ...args], result.exitCode, result.stdout, result.stderr)
         }
         return result.text().trim()
       }
       const gitRun = async (args: string[]) => {
-        const result = await AppRuntime.runPromise(Git.Service.use((git) => git.run(args, { cwd: Instance.worktree })))
+        const result = await Effect.runPromise(gitSvc.run(args, { cwd: ctx.worktree }))
         if (result.exitCode !== 0) {
           throw new Process.RunFailedError(["git", ...args], result.exitCode, result.stdout, result.stderr)
         }
         return result
       }
-      const gitStatus = (args: string[]) =>
-        AppRuntime.runPromise(Git.Service.use((git) => git.run(args, { cwd: Instance.worktree })))
+      const gitStatus = (args: string[]) => Effect.runPromise(gitSvc.run(args, { cwd: ctx.worktree }))
       const commitChanges = async (summary: string, actor?: string) => {
         const args = ["commit", "-m", summary]
         if (actor) args.push("-m", `Co-authored-by: ${actor} <${actor}@users.noreply.github.com>`)
@@ -552,24 +558,22 @@ export const GithubRunCommand = cmd({
 
         // Setup opencode session
         const repoData = await fetchRepo()
-        session = await AppRuntime.runPromise(
-          Session.Service.use((svc) =>
-            svc.create({
-              permission: [
-                {
-                  permission: "question",
-                  action: "deny",
-                  pattern: "*",
-                },
-              ],
-            }),
-          ),
+        session = await Effect.runPromise(
+          sessionSvc.create({
+            permission: [
+              {
+                permission: "question",
+                action: "deny",
+                pattern: "*",
+              },
+            ],
+          }),
         )
         subscribeSessionEvents()
         shareId = await (async () => {
           if (share === false) return
           if (!share && repoData.data.private) return
-          await AppRuntime.runPromise(SessionShare.Service.use((svc) => svc.share(session.id)))
+          await Effect.runPromise(sessionShare.share(session.id))
           return session.id.slice(-8)
         })()
         console.log("opencode session", session.id)
@@ -879,7 +883,7 @@ export const GithubRunCommand = cmd({
       function subscribeSessionEvents() {
         const TOOL: Record<string, [string, string]> = {
           todowrite: ["Todo", UI.Style.TEXT_WARNING_BOLD],
-          bash: ["Bash", UI.Style.TEXT_DANGER_BOLD],
+          bash: ["Shell", UI.Style.TEXT_DANGER_BOLD],
           edit: ["Edit", UI.Style.TEXT_SUCCESS_BOLD],
           glob: ["Glob", UI.Style.TEXT_INFO_BOLD],
           grep: ["Grep", UI.Style.TEXT_INFO_BOLD],
@@ -942,9 +946,9 @@ export const GithubRunCommand = cmd({
       async function chat(message: string, files: PromptFiles = []) {
         console.log("Sending message to opencode...")
 
-        return AppRuntime.runPromise(
+        return Effect.runPromise(
           Effect.gen(function* () {
-            const prompt = yield* SessionPrompt.Service
+            const prompt = sessionPrompt
             const result = yield* prompt.prompt({
               sessionID: session.id,
               messageID: MessageID.ascending(),
@@ -1645,5 +1649,5 @@ query($owner: String!, $repo: String!, $number: Int!) {
         })
       }
     })
-  },
+  }),
 })

packages/opencode/src/cli/cmd/import.ts

@@ -1,17 +1,14 @@
-import type { Argv } from "yargs"
 import type { Session as SDKSession, Message, Part } from "@opencode-ai/sdk/v2"
 import { Session } from "@/session/session"
 import { MessageV2 } from "../../session/message-v2"
-import { cmd } from "./cmd"
-import { bootstrap } from "../bootstrap"
+import { CliError, effectCmd } from "../effect-cmd"
 import { Database } from "@/storage/db"
 import { SessionTable, MessageTable, PartTable } from "../../session/session.sql"
-import { Instance } from "../../project/instance"
+import { InstanceRef } from "@/effect/instance-ref"
 import { ShareNext } from "@/share/share-next"
 import { EOL } from "os"
 import { Filesystem } from "@/util/filesystem"
-import { AppRuntime } from "@/effect/app-runtime"
-import { Schema } from "effect"
+import { Effect, Schema } from "effect"
 
 const decodeMessageInfo = Schema.decodeUnknownSync(MessageV2.Info)
 const decodePart = Schema.decodeUnknownSync(MessageV2.Part)
@@ -78,135 +75,143 @@ export function transformShareData(shareData: ShareData[]): {
   }
 }
 
-export const ImportCommand = cmd({
+type ExportData = { info: SDKSession; messages: Array<{ info: Message; parts: Part[] }> }
+
+export const ImportCommand = effectCmd({
   command: "import <file>",
   describe: "import session data from JSON file or URL",
-  builder: (yargs: Argv) => {
-    return yargs.positional("file", {
+  builder: (yargs) =>
+    yargs.positional("file", {
       describe: "path to JSON file or share URL",
       type: "string",
       demandOption: true,
+    }),
+  handler: Effect.fn("Cli.import")(function* (args) {
+    const ctx = yield* InstanceRef
+    if (!ctx) return yield* Effect.die("InstanceRef not provided")
+    return yield* runImport(args.file, ctx.project.id)
+  }),
+})
+
+const runImport = Effect.fn("Cli.import.body")(function* (file: string, projectID: string) {
+  const share = yield* ShareNext.Service
+
+  let exportData: ExportData | undefined
+
+  const isUrl = file.startsWith("http://") || file.startsWith("https://")
+
+  if (isUrl) {
+    const slug = parseShareUrl(file)
+    if (!slug) {
+      const baseUrl = yield* Effect.orDie(share.url())
+      process.stdout.write(`Invalid URL format. Expected: ${baseUrl}/share/<slug>`)
+      process.stdout.write(EOL)
+      return
+    }
+
+    const baseUrl = new URL(file).origin
+    const req = yield* Effect.orDie(share.request())
+    const headers = shouldAttachShareAuthHeaders(file, req.baseUrl) ? req.headers : {}
+
+    const tryFetch = (url: string) =>
+      Effect.tryPromise({
+        try: () => fetch(url, { headers }),
+        catch: (e) =>
+          new CliError({
+            message: `Failed to fetch share data: ${e instanceof Error ? e.message : String(e)}`,
+          }),
+      })
+
+    const dataPath = req.api.data(slug)
+    let response = yield* tryFetch(`${baseUrl}${dataPath}`)
+
+    if (!response.ok && dataPath !== `/api/share/${slug}/data`) {
+      response = yield* tryFetch(`${baseUrl}/api/share/${slug}/data`)
+    }
+
+    if (!response.ok) {
+      process.stdout.write(`Failed to fetch share data: ${response.statusText}`)
+      process.stdout.write(EOL)
+      return
+    }
+
+    const shareData = yield* Effect.tryPromise({
+      try: () => response.json() as Promise<ShareData[]>,
+      catch: () => new CliError({ message: "Share data was not valid JSON" }),
     })
-  },
-  handler: async (args) => {
-    await bootstrap(process.cwd(), async () => {
-      let exportData:
-        | {
-            info: SDKSession
-            messages: Array<{
-              info: Message
-              parts: Part[]
-            }>
-          }
-        | undefined
+    const transformed = transformShareData(shareData)
 
-      const isUrl = args.file.startsWith("http://") || args.file.startsWith("https://")
+    if (!transformed) {
+      process.stdout.write(`Share not found or empty: ${slug}`)
+      process.stdout.write(EOL)
+      return
+    }
 
-      if (isUrl) {
-        const slug = parseShareUrl(args.file)
-        if (!slug) {
-          const baseUrl = await AppRuntime.runPromise(ShareNext.Service.use((svc) => svc.url()))
-          process.stdout.write(`Invalid URL format. Expected: ${baseUrl}/share/<slug>`)
-          process.stdout.write(EOL)
-          return
-        }
+    exportData = transformed
+  } else {
+    exportData = yield* Effect.promise(() =>
+      Filesystem.readJson<NonNullable<typeof exportData>>(file).catch(() => undefined),
+    )
+    if (!exportData) {
+      process.stdout.write(`File not found: ${file}`)
+      process.stdout.write(EOL)
+      return
+    }
+  }
 
-        const parsed = new URL(args.file)
-        const baseUrl = parsed.origin
-        const req = await AppRuntime.runPromise(ShareNext.Service.use((svc) => svc.request()))
-        const headers = shouldAttachShareAuthHeaders(args.file, req.baseUrl) ? req.headers : {}
+  if (!exportData) {
+    process.stdout.write(`Failed to read session data`)
+    process.stdout.write(EOL)
+    return
+  }
 
-        const dataPath = req.api.data(slug)
-        let response = await fetch(`${baseUrl}${dataPath}`, {
-          headers,
+  const info = Schema.decodeUnknownSync(Session.Info)({
+    ...exportData.info,
+    projectID,
+  }) as Session.Info
+  const row = Session.toRow(info)
+  Database.use((db) =>
+    db
+      .insert(SessionTable)
+      .values(row)
+      .onConflictDoUpdate({ target: SessionTable.id, set: { project_id: row.project_id } })
+      .run(),
+  )
+
+  for (const msg of exportData.messages) {
+    const msgInfo = decodeMessageInfo(msg.info) as MessageV2.Info
+    const { id, sessionID: _, ...msgData } = msgInfo
+    Database.use((db) =>
+      db
+        .insert(MessageTable)
+        .values({
+          id,
+          session_id: row.id,
+          time_created: msgInfo.time?.created ?? Date.now(),
+          data: msgData,
         })
+        .onConflictDoNothing()
+        .run(),
+    )
 
-        if (!response.ok && dataPath !== `/api/share/${slug}/data`) {
-          response = await fetch(`${baseUrl}/api/share/${slug}/data`, {
-            headers,
-          })
-        }
-
-        if (!response.ok) {
-          process.stdout.write(`Failed to fetch share data: ${response.statusText}`)
-          process.stdout.write(EOL)
-          return
-        }
-
-        const shareData: ShareData[] = await response.json()
-        const transformed = transformShareData(shareData)
-
-        if (!transformed) {
-          process.stdout.write(`Share not found or empty: ${slug}`)
-          process.stdout.write(EOL)
-          return
-        }
-
-        exportData = transformed
-      } else {
-        exportData = await Filesystem.readJson<NonNullable<typeof exportData>>(args.file).catch(() => undefined)
-        if (!exportData) {
-          process.stdout.write(`File not found: ${args.file}`)
-          process.stdout.write(EOL)
-          return
-        }
-      }
-
-      if (!exportData) {
-        process.stdout.write(`Failed to read session data`)
-        process.stdout.write(EOL)
-        return
-      }
-
-      const info = Schema.decodeUnknownSync(Session.Info)({
-        ...exportData.info,
-        projectID: Instance.project.id,
-      }) as Session.Info
-      const row = Session.toRow(info)
+    for (const part of msg.parts) {
+      const partInfo = decodePart(part) as MessageV2.Part
+      const { id: partId, sessionID: _s, messageID, ...partData } = partInfo
       Database.use((db) =>
         db
-          .insert(SessionTable)
-          .values(row)
-          .onConflictDoUpdate({ target: SessionTable.id, set: { project_id: row.project_id } })
+          .insert(PartTable)
+          .values({
+            id: partId,
+            message_id: messageID,
+            session_id: row.id,
+            data: partData,
+          })
+          .onConflictDoNothing()
           .run(),
       )
+    }
+  }
 
-      for (const msg of exportData.messages) {
-        const msgInfo = decodeMessageInfo(msg.info) as MessageV2.Info
-        const { id, sessionID: _, ...msgData } = msgInfo
-        Database.use((db) =>
-          db
-            .insert(MessageTable)
-            .values({
-              id,
-              session_id: row.id,
-              time_created: msgInfo.time?.created ?? Date.now(),
-              data: msgData,
-            })
-            .onConflictDoNothing()
-            .run(),
-        )
-
-        for (const part of msg.parts) {
-          const partInfo = decodePart(part) as MessageV2.Part
-          const { id: partId, sessionID: _s, messageID, ...partData } = partInfo
-          Database.use((db) =>
-            db
-              .insert(PartTable)
-              .values({
-                id: partId,
-                message_id: messageID,
-                session_id: row.id,
-                data: partData,
-              })
-              .onConflictDoNothing()
-              .run(),
-          )
-        }
-      }
-
-      process.stdout.write(`Imported session: ${exportData.info.id}`)
-      process.stdout.write(EOL)
-    })
-  },
+  process.stdout.write(`Imported session: ${exportData.info.id}`)
+  process.stdout.write(EOL)
 })

packages/opencode/src/cli/cmd/models.ts

@@ -1,19 +1,16 @@
-import type { Argv } from "yargs"
-import { Instance } from "../../project/instance"
+import { EOL } from "os"
+import { Effect } from "effect"
 import { Provider } from "@/provider/provider"
 import { ProviderID } from "../../provider/schema"
 import { ModelsDev } from "@/provider/models"
-import { cmd } from "./cmd"
+import { effectCmd, fail } from "../effect-cmd"
 import { UI } from "../ui"
-import { EOL } from "os"
-import { AppRuntime } from "@/effect/app-runtime"
-import { Effect } from "effect"
 
-export const ModelsCommand = cmd({
+export const ModelsCommand = effectCmd({
   command: "models [provider]",
   describe: "list all available models",
-  builder: (yargs: Argv) => {
-    return yargs
+  builder: (yargs) =>
+    yargs
       .positional("provider", {
         describe: "provider ID to filter models by",
         type: "string",
@@ -26,63 +23,44 @@ export const ModelsCommand = cmd({
       .option("refresh", {
         describe: "refresh the models cache from models.dev",
         type: "boolean",
-      })
-  },
-  handler: async (args) => {
+      }),
+  handler: Effect.fn("Cli.models")(function* (args) {
     if (args.refresh) {
-      await ModelsDev.refresh(true)
+      yield* ModelsDev.Service.use((s) => s.refresh(true))
       UI.println(UI.Style.TEXT_SUCCESS_BOLD + "Models cache refreshed" + UI.Style.TEXT_NORMAL)
     }
 
-    await Instance.provide({
-      directory: process.cwd(),
-      async fn() {
-        await AppRuntime.runPromise(
-          Effect.gen(function* () {
-            const svc = yield* Provider.Service
-            const providers = yield* svc.list()
+    const provider = yield* Provider.Service
+    const providers = yield* provider.list()
 
-            const print = (providerID: ProviderID, verbose?: boolean) => {
-              const provider = providers[providerID]
-              const sorted = Object.entries(provider.models).sort(([a], [b]) => a.localeCompare(b))
-              for (const [modelID, model] of sorted) {
-                process.stdout.write(`${providerID}/${modelID}`)
-                process.stdout.write(EOL)
-                if (verbose) {
-                  process.stdout.write(JSON.stringify(model, null, 2))
-                  process.stdout.write(EOL)
-                }
-              }
-            }
+    const print = (providerID: ProviderID, verbose?: boolean) => {
+      const p = providers[providerID]
+      const sorted = Object.entries(p.models).sort(([a], [b]) => a.localeCompare(b))
+      for (const [modelID, model] of sorted) {
+        process.stdout.write(`${providerID}/${modelID}`)
+        process.stdout.write(EOL)
+        if (verbose) {
+          process.stdout.write(JSON.stringify(model, null, 2))
+          process.stdout.write(EOL)
+        }
+      }
+    }
 
-            if (args.provider) {
-              const providerID = ProviderID.make(args.provider)
-              const provider = providers[providerID]
-              if (!provider) {
-                yield* Effect.sync(() => UI.error(`Provider not found: ${args.provider}`))
-                return
-              }
+    if (args.provider) {
+      const providerID = ProviderID.make(args.provider)
+      if (!providers[providerID]) return yield* fail(`Provider not found: ${args.provider}`)
+      print(providerID, args.verbose)
+      return
+    }
 
-              yield* Effect.sync(() => print(providerID, args.verbose))
-              return
-            }
-
-            const ids = Object.keys(providers).sort((a, b) => {
-              const aIsOpencode = a.startsWith("opencode")
-              const bIsOpencode = b.startsWith("opencode")
-              if (aIsOpencode && !bIsOpencode) return -1
-              if (!aIsOpencode && bIsOpencode) return 1
-              return a.localeCompare(b)
-            })
-
-            yield* Effect.sync(() => {
-              for (const providerID of ids) {
-                print(ProviderID.make(providerID), args.verbose)
-              }
-            })
-          }),
-        )
-      },
+    const ids = Object.keys(providers).sort((a, b) => {
+      const aIsOpencode = a.startsWith("opencode")
+      const bIsOpencode = b.startsWith("opencode")
+      if (aIsOpencode && !bIsOpencode) return -1
+      if (!aIsOpencode && bIsOpencode) return 1
+      return a.localeCompare(b)
     })
-  },
+
+    for (const providerID of ids) print(ProviderID.make(providerID), args.verbose)
+  }),
 })

packages/opencode/src/cli/cmd/plug.ts

@@ -1,16 +1,16 @@
 import { intro, log, outro, spinner } from "@clack/prompts"
-import type { Argv } from "yargs"
+import { Effect } from "effect"
 
 import { ConfigPaths } from "@/config/paths"
 import { Global } from "@opencode-ai/core/global"
 import { installPlugin, patchPluginConfig, readPluginManifest } from "../../plugin/install"
 import { resolvePluginTarget } from "../../plugin/shared"
-import { Instance } from "../../project/instance"
 import { errorMessage } from "../../util/error"
 import { Filesystem } from "@/util/filesystem"
 import { Process } from "@/util/process"
 import { UI } from "../ui"
-import { cmd } from "./cmd"
+import { effectCmd } from "../effect-cmd"
+import { InstanceRef } from "@/effect/instance-ref"
 
 type Spin = {
   start: (msg: string) => void
@@ -175,12 +175,12 @@ export function createPlugTask(input: PlugInput, dep: PlugDeps = defaultPlugDeps
   }
 }
 
-export const PluginCommand = cmd({
+export const PluginCommand = effectCmd({
   command: "plugin <module>",
   aliases: ["plug"],
   describe: "install plugin and update config",
-  builder: (yargs: Argv) => {
-    return yargs
+  builder: (yargs) =>
+    yargs
       .positional("module", {
         type: "string",
         describe: "npm module name",
@@ -196,9 +196,8 @@ export const PluginCommand = cmd({
         type: "boolean",
         default: false,
         describe: "replace existing plugin version",
-      })
-  },
-  handler: async (args) => {
+      }),
+  handler: Effect.fn("Cli.plug")(function* (args) {
     const mod = String(args.module ?? "").trim()
     if (!mod) {
       UI.error("module is required")
@@ -214,20 +213,18 @@ export const PluginCommand = cmd({
       global: Boolean(args.global),
       force: Boolean(args.force),
     })
-    let ok = true
 
-    await Instance.provide({
-      directory: process.cwd(),
-      fn: async () => {
-        ok = await run({
-          vcs: Instance.project.vcs,
-          worktree: Instance.worktree,
-          directory: Instance.directory,
-        })
-      },
-    })
+    const ctx = yield* InstanceRef
+    if (!ctx) return
+    const ok = yield* Effect.promise(() =>
+      run({
+        vcs: ctx.project.vcs,
+        worktree: ctx.worktree,
+        directory: ctx.directory,
+      }),
+    )
 
     outro("Done")
     if (!ok) process.exitCode = 1
-  },
+  }),
 })

packages/opencode/src/cli/cmd/pr.ts

@@ -1,11 +1,11 @@
+import { Effect } from "effect"
 import { UI } from "../ui"
-import { cmd } from "./cmd"
-import { AppRuntime } from "@/effect/app-runtime"
+import { effectCmd, fail } from "../effect-cmd"
 import { Git } from "@/git"
-import { Instance } from "@/project/instance"
+import { InstanceRef } from "@/effect/instance-ref"
 import { Process } from "@/util/process"
 
-export const PrCommand = cmd({
+export const PrCommand = effectCmd({
   command: "pr <number>",
   describe: "fetch and checkout a GitHub PR branch, then run opencode",
   builder: (yargs) =>
@@ -14,125 +14,102 @@ export const PrCommand = cmd({
       describe: "PR number to checkout",
       demandOption: true,
     }),
-  async handler(args) {
-    await Instance.provide({
-      directory: process.cwd(),
-      async fn() {
-        const project = Instance.project
-        if (project.vcs !== "git") {
-          UI.error("Could not find git repository. Please run this command from a git repository.")
-          process.exit(1)
+  handler: Effect.fn("Cli.pr")(function* (args) {
+    const ctx = yield* InstanceRef
+    if (!ctx) return yield* fail("Could not load instance context")
+    if (ctx.project.vcs !== "git") {
+      return yield* fail("Could not find git repository. Please run this command from a git repository.")
+    }
+
+    const git = yield* Git.Service
+    const worktree = ctx.worktree
+
+    const prNumber = args.number
+    const localBranchName = `pr/${prNumber}`
+    UI.println(`Fetching and checking out PR #${prNumber}...`)
+
+    const checkout = yield* Effect.promise(() =>
+      Process.run(["gh", "pr", "checkout", `${prNumber}`, "--branch", localBranchName, "--force"], { nothrow: true }),
+    )
+    if (checkout.code !== 0) {
+      return yield* fail(`Failed to checkout PR #${prNumber}. Make sure you have gh CLI installed and authenticated.`)
+    }
+
+    const prInfoResult = yield* Effect.promise(() =>
+      Process.text(
+        [
+          "gh",
+          "pr",
+          "view",
+          `${prNumber}`,
+          "--json",
+          "headRepository,headRepositoryOwner,isCrossRepository,headRefName,body",
+        ],
+        { nothrow: true },
+      ),
+    )
+
+    let sessionId: string | undefined
+
+    if (prInfoResult.code === 0 && prInfoResult.text.trim()) {
+      const prInfo = JSON.parse(prInfoResult.text)
+
+      if (prInfo?.isCrossRepository && prInfo.headRepository && prInfo.headRepositoryOwner) {
+        const forkOwner = prInfo.headRepositoryOwner.login
+        const forkName = prInfo.headRepository.name
+        const remoteName = forkOwner
+
+        const remotes = (yield* git.run(["remote"], { cwd: worktree })).text().trim()
+        if (!remotes.split("\n").includes(remoteName)) {
+          yield* git.run(["remote", "add", remoteName, `https://github.com/${forkOwner}/${forkName}.git`], {
+            cwd: worktree,
+          })
+          UI.println(`Added fork remote: ${remoteName}`)
         }
 
-        const prNumber = args.number
-        const localBranchName = `pr/${prNumber}`
-        UI.println(`Fetching and checking out PR #${prNumber}...`)
+        yield* git.run(["branch", `--set-upstream-to=${remoteName}/${prInfo.headRefName}`, localBranchName], {
+          cwd: worktree,
+        })
+      }
 
-        // Use gh pr checkout with custom branch name
-        const result = await Process.run(
-          ["gh", "pr", "checkout", `${prNumber}`, "--branch", localBranchName, "--force"],
-          {
-            nothrow: true,
-          },
-        )
+      if (prInfo?.body) {
+        const sessionMatch = prInfo.body.match(/https:\/\/opncd\.ai\/s\/([a-zA-Z0-9_-]+)/)
+        if (sessionMatch) {
+          const sessionUrl = sessionMatch[0]
+          UI.println(`Found opencode session: ${sessionUrl}`)
+          UI.println(`Importing session...`)
 
-        if (result.code !== 0) {
-          UI.error(`Failed to checkout PR #${prNumber}. Make sure you have gh CLI installed and authenticated.`)
-          process.exit(1)
-        }
-
-        // Fetch PR info for fork handling and session link detection
-        const prInfoResult = await Process.text(
-          [
-            "gh",
-            "pr",
-            "view",
-            `${prNumber}`,
-            "--json",
-            "headRepository,headRepositoryOwner,isCrossRepository,headRefName,body",
-          ],
-          { nothrow: true },
-        )
-
-        let sessionId: string | undefined
-
-        if (prInfoResult.code === 0) {
-          const prInfoText = prInfoResult.text
-          if (prInfoText.trim()) {
-            const prInfo = JSON.parse(prInfoText)
-
-            // Handle fork PRs
-            if (prInfo && prInfo.isCrossRepository && prInfo.headRepository && prInfo.headRepositoryOwner) {
-              const forkOwner = prInfo.headRepositoryOwner.login
-              const forkName = prInfo.headRepository.name
-              const remoteName = forkOwner
-
-              // Check if remote already exists
-              const remotes = await AppRuntime.runPromise(
-                Git.Service.use((git) => git.run(["remote"], { cwd: Instance.worktree })),
-              ).then((x) => x.text().trim())
-              if (!remotes.split("\n").includes(remoteName)) {
-                await AppRuntime.runPromise(
-                  Git.Service.use((git) =>
-                    git.run(["remote", "add", remoteName, `https://github.com/${forkOwner}/${forkName}.git`], {
-                      cwd: Instance.worktree,
-                    }),
-                  ),
-                )
-                UI.println(`Added fork remote: ${remoteName}`)
-              }
-
-              // Set upstream to the fork so pushes go there
-              const headRefName = prInfo.headRefName
-              await AppRuntime.runPromise(
-                Git.Service.use((git) =>
-                  git.run(["branch", `--set-upstream-to=${remoteName}/${headRefName}`, localBranchName], {
-                    cwd: Instance.worktree,
-                  }),
-                ),
-              )
-            }
-
-            // Check for opencode session link in PR body
-            if (prInfo && prInfo.body) {
-              const sessionMatch = prInfo.body.match(/https:\/\/opncd\.ai\/s\/([a-zA-Z0-9_-]+)/)
-              if (sessionMatch) {
-                const sessionUrl = sessionMatch[0]
-                UI.println(`Found opencode session: ${sessionUrl}`)
-                UI.println(`Importing session...`)
-
-                const importResult = await Process.text(["opencode", "import", sessionUrl], {
-                  nothrow: true,
-                })
-                if (importResult.code === 0) {
-                  const importOutput = importResult.text.trim()
-                  // Extract session ID from the output (format: "Imported session: <session-id>")
-                  const sessionIdMatch = importOutput.match(/Imported session: ([a-zA-Z0-9_-]+)/)
-                  if (sessionIdMatch) {
-                    sessionId = sessionIdMatch[1]
-                    UI.println(`Session imported: ${sessionId}`)
-                  }
-                }
-              }
+          const importResult = yield* Effect.promise(() =>
+            Process.text(["opencode", "import", sessionUrl], { nothrow: true }),
+          )
+          if (importResult.code === 0) {
+            const sessionIdMatch = importResult.text.trim().match(/Imported session: ([a-zA-Z0-9_-]+)/)
+            if (sessionIdMatch) {
+              sessionId = sessionIdMatch[1]
+              UI.println(`Session imported: ${sessionId}`)
             }
           }
         }
+      }
+    }
 
-        UI.println(`Successfully checked out PR #${prNumber} as branch '${localBranchName}'`)
-        UI.println()
-        UI.println("Starting opencode...")
-        UI.println()
+    UI.println(`Successfully checked out PR #${prNumber} as branch '${localBranchName}'`)
+    UI.println()
+    UI.println("Starting opencode...")
+    UI.println()
 
-        const opencodeArgs = sessionId ? ["-s", sessionId] : []
-        const opencodeProcess = Process.spawn(["opencode", ...opencodeArgs], {
+    const opencodeArgs = sessionId ? ["-s", sessionId] : []
+    const code = yield* Effect.promise(
+      () =>
+        Process.spawn(["opencode", ...opencodeArgs], {
           stdin: "inherit",
           stdout: "inherit",
           stderr: "inherit",
           cwd: process.cwd(),
-        })
-        const code = await opencodeProcess.exited
-        if (code !== 0) throw new Error(`opencode exited with code ${code}`)
-      },
-    })
-  },
+        }).exited,
+    )
+    // Match legacy throw semantics — propagate as a defect so the top-level
+    // index.ts catch handles it identically (exit 1, "Unexpected error" banner).
+    if (code !== 0) return yield* Effect.die(new Error(`opencode exited with code ${code}`))
+  }),
 })

packages/opencode/src/cli/cmd/providers.ts

@@ -1,56 +1,69 @@
 import { Auth } from "../../auth"
-import { AppRuntime } from "../../effect/app-runtime"
 import { cmd } from "./cmd"
-import * as prompts from "@clack/prompts"
+import { CliError, effectCmd, fail } from "../effect-cmd"
 import { UI } from "../ui"
+import * as Prompt from "../effect/prompt"
 import { ModelsDev } from "@/provider/models"
+
 import { map, pipe, sortBy, values } from "remeda"
 import path from "path"
 import os from "os"
 import { Config } from "@/config/config"
 import { Global } from "@opencode-ai/core/global"
 import { Plugin } from "../../plugin"
-import { Instance } from "../../project/instance"
 import type { Hooks } from "@opencode-ai/plugin"
 import { Process } from "@/util/process"
+import { errorMessage } from "@/util/error"
 import { text } from "node:stream/consumers"
-import { Effect } from "effect"
+import { Effect, Option } from "effect"
 
 type PluginAuth = NonNullable<Hooks["auth"]>
 
-const put = (key: string, info: Auth.Info) =>
-  AppRuntime.runPromise(
-    Effect.gen(function* () {
-      const auth = yield* Auth.Service
-      yield* auth.set(key, info)
-    }),
-  )
+const promptValue = <Value>(value: Option.Option<Value>) => {
+  if (Option.isNone(value)) return Effect.die(new UI.CancelledError())
+  return Effect.succeed(value.value)
+}
 
-async function handlePluginAuth(plugin: { auth: PluginAuth }, provider: string, methodName?: string): Promise<boolean> {
-  let index = 0
-  if (methodName) {
+const put = Effect.fn("Cli.providers.put")(function* (key: string, info: Auth.Info) {
+  const auth = yield* Auth.Service
+  yield* Effect.orDie(auth.set(key, info))
+})
+
+const cliTry = <Value>(message: string, fn: () => PromiseLike<Value>) =>
+  Effect.tryPromise({
+    try: fn,
+    catch: (error) => new CliError({ message: message + errorMessage(error) }),
+  })
+
+const handlePluginAuth = Effect.fn("Cli.providers.pluginAuth")(function* (
+  plugin: { auth: PluginAuth },
+  provider: string,
+  methodName?: string,
+) {
+  const index = yield* Effect.gen(function* () {
+    if (!methodName) {
+      if (plugin.auth.methods.length <= 1) return 0
+      return yield* promptValue(
+        yield* Prompt.select({
+          message: "Login method",
+          options: plugin.auth.methods.map((x, index) => ({
+            label: x.label,
+            value: index,
+          })),
+        }),
+      )
+    }
     const match = plugin.auth.methods.findIndex((x) => x.label.toLowerCase() === methodName.toLowerCase())
     if (match === -1) {
-      prompts.log.error(
+      return yield* fail(
         `Unknown method "${methodName}" for ${provider}. Available: ${plugin.auth.methods.map((x) => x.label).join(", ")}`,
       )
-      process.exit(1)
     }
-    index = match
-  } else if (plugin.auth.methods.length > 1) {
-    const method = await prompts.select({
-      message: "Login method",
-      options: plugin.auth.methods.map((x, index) => ({
-        label: x.label,
-        value: index.toString(),
-      })),
-    })
-    if (prompts.isCancel(method)) throw new UI.CancelledError()
-    index = parseInt(method)
-  }
+    return match
+  })
   const method = plugin.auth.methods[index]
 
-  await new Promise((r) => setTimeout(r, 10))
+  yield* Effect.sleep("10 millis")
   const inputs: Record<string, string> = {}
   if (method.prompts) {
     for (const prompt of method.prompts) {
@@ -62,46 +75,44 @@ async function handlePluginAuth(plugin: { auth: PluginAuth }, provider: string,
       }
       if (prompt.condition && !prompt.condition(inputs)) continue
       if (prompt.type === "select") {
-        const value = await prompts.select({
+        const value = yield* Prompt.select({
           message: prompt.message,
           options: prompt.options,
         })
-        if (prompts.isCancel(value)) throw new UI.CancelledError()
-        inputs[prompt.key] = value
-      } else {
-        const value = await prompts.text({
-          message: prompt.message,
-          placeholder: prompt.placeholder,
-          validate: prompt.validate ? (v) => prompt.validate!(v ?? "") : undefined,
-        })
-        if (prompts.isCancel(value)) throw new UI.CancelledError()
-        inputs[prompt.key] = value
+        inputs[prompt.key] = yield* promptValue(value)
+        continue
       }
+      const value = yield* Prompt.text({
+        message: prompt.message,
+        placeholder: prompt.placeholder,
+        validate: prompt.validate ? (v) => prompt.validate!(v ?? "") : undefined,
+      })
+      inputs[prompt.key] = yield* promptValue(value)
     }
   }
 
   if (method.type === "oauth") {
-    const authorize = await method.authorize(inputs)
+    const authorize = yield* cliTry("Failed to authorize: ", () => method.authorize(inputs))
 
     if (authorize.url) {
-      prompts.log.info("Go to: " + authorize.url)
+      yield* Prompt.log.info("Go to: " + authorize.url)
     }
 
     if (authorize.method === "auto") {
       if (authorize.instructions) {
-        prompts.log.info(authorize.instructions)
+        yield* Prompt.log.info(authorize.instructions)
       }
-      const spinner = prompts.spinner()
-      spinner.start("Waiting for authorization...")
-      const result = await authorize.callback()
+      const spinner = Prompt.spinner()
+      yield* spinner.start("Waiting for authorization...")
+      const result = yield* cliTry("Failed to authorize: ", () => authorize.callback())
       if (result.type === "failed") {
-        spinner.stop("Failed to authorize", 1)
+        yield* spinner.stop("Failed to authorize", 1)
       }
       if (result.type === "success") {
         const saveProvider = result.provider ?? provider
         if ("refresh" in result) {
           const { type: _, provider: __, refresh, access, expires, ...extraFields } = result
-          await put(saveProvider, {
+          yield* put(saveProvider, {
             type: "oauth",
             refresh,
             access,
@@ -110,30 +121,30 @@ async function handlePluginAuth(plugin: { auth: PluginAuth }, provider: string,
           })
         }
         if ("key" in result) {
-          await put(saveProvider, {
+          yield* put(saveProvider, {
             type: "api",
             key: result.key,
           })
         }
-        spinner.stop("Login successful")
+        yield* spinner.stop("Login successful")
       }
     }
 
     if (authorize.method === "code") {
-      const code = await prompts.text({
+      const code = yield* Prompt.text({
         message: "Paste the authorization code here: ",
         validate: (x) => (x && x.length > 0 ? undefined : "Required"),
       })
-      if (prompts.isCancel(code)) throw new UI.CancelledError()
-      const result = await authorize.callback(code)
+      const authorizationCode = yield* promptValue(code)
+      const result = yield* cliTry("Failed to authorize: ", () => authorize.callback(authorizationCode))
       if (result.type === "failed") {
-        prompts.log.error("Failed to authorize")
+        yield* Prompt.log.error("Failed to authorize")
       }
       if (result.type === "success") {
         const saveProvider = result.provider ?? provider
         if ("refresh" in result) {
           const { type: _, provider: __, refresh, access, expires, ...extraFields } = result
-          await put(saveProvider, {
+          yield* put(saveProvider, {
             type: "oauth",
             refresh,
             access,
@@ -142,56 +153,57 @@ async function handlePluginAuth(plugin: { auth: PluginAuth }, provider: string,
           })
         }
         if ("key" in result) {
-          await put(saveProvider, {
+          yield* put(saveProvider, {
             type: "api",
             key: result.key,
           })
         }
-        prompts.log.success("Login successful")
+        yield* Prompt.log.success("Login successful")
       }
     }
 
-    prompts.outro("Done")
+    yield* Prompt.outro("Done")
     return true
   }
 
   if (method.type === "api") {
-    const key = await prompts.password({
+    const key = yield* Prompt.password({
       message: "Enter your API key",
       validate: (x) => (x && x.length > 0 ? undefined : "Required"),
     })
-    if (prompts.isCancel(key)) throw new UI.CancelledError()
+    const apiKey = yield* promptValue(key)
 
     const metadata = Object.keys(inputs).length ? { metadata: inputs } : {}
-    if (!method.authorize) {
-      await put(provider, {
+    const authorizeApi = method.authorize
+    if (!authorizeApi) {
+      yield* put(provider, {
         type: "api",
-        key,
+        key: apiKey,
         ...metadata,
       })
-      prompts.outro("Done")
+      yield* Prompt.outro("Done")
       return true
     }
 
-    const result = await method.authorize(inputs)
+    const result = yield* cliTry("Failed to authorize: ", () => authorizeApi(inputs))
     if (result.type === "failed") {
-      prompts.log.error("Failed to authorize")
+      yield* Prompt.log.error("Failed to authorize")
     }
     if (result.type === "success") {
       const saveProvider = result.provider ?? provider
-      await put(saveProvider, {
+      yield* put(saveProvider, {
         type: "api",
-        key: result.key ?? key,
+        key: result.key ?? apiKey,
         ...metadata,
       })
-      prompts.log.success("Login successful")
+      yield* Prompt.log.success("Login successful")
     }
-    prompts.outro("Done")
+    yield* Prompt.outro("Done")
     return true
   }
 
   return false
-}
+})
 
 export function resolvePluginProviders(input: {
   hooks: Hooks[]
@@ -229,30 +241,30 @@ export const ProvidersCommand = cmd({
   async handler() {},
 })
 
-export const ProvidersListCommand = cmd({
+export const ProvidersListCommand = effectCmd({
   command: "list",
   aliases: ["ls"],
   describe: "list providers and credentials",
-  async handler(_args) {
+  // Lists global credentials + provider env vars; no project instance needed.
+  instance: false,
+  handler: Effect.fn("Cli.providers.list")(function* (_args) {
+    const authSvc = yield* Auth.Service
+    const modelsDev = yield* ModelsDev.Service
+
     UI.empty()
     const authPath = path.join(Global.Path.data, "auth.json")
     const homedir = os.homedir()
     const displayPath = authPath.startsWith(homedir) ? authPath.replace(homedir, "~") : authPath
-    prompts.intro(`Credentials ${UI.Style.TEXT_DIM}${displayPath}`)
-    const results = await AppRuntime.runPromise(
-      Effect.gen(function* () {
-        const auth = yield* Auth.Service
-        return Object.entries(yield* auth.all())
-      }),
-    )
-    const database = await ModelsDev.get()
+    yield* Prompt.intro(`Credentials ${UI.Style.TEXT_DIM}${displayPath}`)
+    const results = Object.entries(yield* Effect.orDie(authSvc.all()))
+    const database = yield* modelsDev.get()
 
     for (const [providerID, result] of results) {
       const name = database[providerID]?.name || providerID
-      prompts.log.info(`${name} ${UI.Style.TEXT_DIM}${result.type}`)
+      yield* Prompt.log.info(`${name} ${UI.Style.TEXT_DIM}${result.type}`)
     }
 
-    prompts.outro(`${results.length} credentials`)
+    yield* Prompt.outro(`${results.length} credentials`)
 
     const activeEnvVars: Array<{ provider: string; envVar: string }> = []
 
@@ -269,18 +281,18 @@ export const ProvidersListCommand = cmd({
 
     if (activeEnvVars.length > 0) {
       UI.empty()
-      prompts.intro("Environment")
+      yield* Prompt.intro("Environment")
 
       for (const { provider, envVar } of activeEnvVars) {
-        prompts.log.info(`${provider} ${UI.Style.TEXT_DIM}${envVar}`)
+        yield* Prompt.log.info(`${provider} ${UI.Style.TEXT_DIM}${envVar}`)
       }
 
-      prompts.outro(`${activeEnvVars.length} environment variable` + (activeEnvVars.length === 1 ? "" : "s"))
+      yield* Prompt.outro(`${activeEnvVars.length} environment variable` + (activeEnvVars.length === 1 ? "" : "s"))
     }
-  },
+  }),
 })
 
-export const ProvidersLoginCommand = cmd({
+export const ProvidersLoginCommand = effectCmd({
   command: "login [url]",
   describe: "log in to a provider",
   builder: (yargs) =>
@@ -299,228 +311,202 @@ export const ProvidersLoginCommand = cmd({
         describe: "login method label (skips method selection)",
         type: "string",
       }),
-  async handler(args) {
-    await Instance.provide({
-      directory: process.cwd(),
-      async fn() {
-        UI.empty()
-        prompts.intro("Add credential")
-        if (args.url) {
-          const url = args.url.replace(/\/+$/, "")
-          const wellknown = (await fetch(`${url}/.well-known/opencode`).then((x) => x.json())) as {
-            auth: { command: string[]; env: string }
-          }
-          prompts.log.info(`Running \`${wellknown.auth.command.join(" ")}\``)
-          const proc = Process.spawn(wellknown.auth.command, {
-            stdout: "pipe",
-          })
-          if (!proc.stdout) {
-            prompts.log.error("Failed")
-            prompts.outro("Done")
-            return
-          }
-          const [exit, token] = await Promise.all([proc.exited, text(proc.stdout)])
-          if (exit !== 0) {
-            prompts.log.error("Failed")
-            prompts.outro("Done")
-            return
-          }
-          await put(url, {
-            type: "wellknown",
-            key: wellknown.auth.env,
-            token: token.trim(),
-          })
-          prompts.log.success("Logged into " + url)
-          prompts.outro("Done")
-          return
-        }
-        await ModelsDev.refresh(true).catch(() => {})
+  handler: Effect.fn("Cli.providers.login")(function* (args) {
+    const authSvc = yield* Auth.Service
 
-        const config = await AppRuntime.runPromise(Config.Service.use((cfg) => cfg.get()))
-
-        const disabled = new Set(config.disabled_providers ?? [])
-        const enabled = config.enabled_providers ? new Set(config.enabled_providers) : undefined
-
-        const providers = await ModelsDev.get().then((x) => {
-          const filtered: Record<string, (typeof x)[string]> = {}
-          for (const [key, value] of Object.entries(x)) {
-            if ((enabled ? enabled.has(key) : true) && !disabled.has(key)) {
-              filtered[key] = value
-            }
-          }
-          return filtered
-        })
-        const hooks = await AppRuntime.runPromise(
-          Effect.gen(function* () {
-            const plugin = yield* Plugin.Service
-            return yield* plugin.list()
-          }),
-        )
-
-        const priority: Record<string, number> = {
-          opencode: 0,
-          openai: 1,
-          "github-copilot": 2,
-          google: 3,
-          anthropic: 4,
-          openrouter: 5,
-          vercel: 6,
-        }
-        const pluginProviders = resolvePluginProviders({
-          hooks,
-          existingProviders: providers,
-          disabled,
-          enabled,
-          providerNames: Object.fromEntries(Object.entries(config.provider ?? {}).map(([id, p]) => [id, p.name])),
-        })
-        const options = [
-          ...pipe(
-            providers,
-            values(),
-            sortBy(
-              (x) => priority[x.id] ?? 99,
-              (x) => x.name ?? x.id,
-            ),
-            map((x) => ({
-              label: x.name,
-              value: x.id,
-              hint: {
-                opencode: "recommended",
-                openai: "ChatGPT Plus/Pro or API key",
-              }[x.id],
-            })),
-          ),
-          ...pluginProviders.map((x) => ({
-            label: x.name,
-            value: x.id,
-            hint: "plugin",
-          })),
-        ]
-
-        let provider: string
-        if (args.provider) {
-          const input = args.provider
-          const byID = options.find((x) => x.value === input)
-          const byName = options.find((x) => x.label.toLowerCase() === input.toLowerCase())
-          const match = byID ?? byName
-          if (!match) {
-            prompts.log.error(`Unknown provider "${input}"`)
-            process.exit(1)
-          }
-          provider = match.value
-        } else {
-          const selected = await prompts.autocomplete({
-            message: "Select provider",
-            maxItems: 8,
-            options: [
-              ...options,
-              {
-                value: "other",
-                label: "Other",
-              },
-            ],
-          })
-          if (prompts.isCancel(selected)) throw new UI.CancelledError()
-          provider = selected as string
-        }
-
-        const plugin = hooks.findLast((x) => x.auth?.provider === provider)
-        if (plugin && plugin.auth) {
-          const handled = await handlePluginAuth({ auth: plugin.auth }, provider, args.method)
-          if (handled) return
-        }
-
-        if (provider === "other") {
-          const custom = await prompts.text({
-            message: "Enter provider id",
-            validate: (x) => (x && x.match(/^[0-9a-z-]+$/) ? undefined : "a-z, 0-9 and hyphens only"),
-          })
-          if (prompts.isCancel(custom)) throw new UI.CancelledError()
-          provider = custom.replace(/^@ai-sdk\//, "")
-
-          const customPlugin = hooks.findLast((x) => x.auth?.provider === provider)
-          if (customPlugin && customPlugin.auth) {
-            const handled = await handlePluginAuth({ auth: customPlugin.auth }, provider, args.method)
-            if (handled) return
-          }
-
-          prompts.log.warn(
-            `This only stores a credential for ${provider} - you will need configure it in opencode.json, check the docs for examples.`,
-          )
-        }
-
-        if (provider === "amazon-bedrock") {
-          prompts.log.info(
-            "Amazon Bedrock authentication priority:\n" +
-              "  1. Bearer token (AWS_BEARER_TOKEN_BEDROCK or /connect)\n" +
-              "  2. AWS credential chain (profile, access keys, IAM roles, EKS IRSA)\n\n" +
-              "Configure via opencode.json options (profile, region, endpoint) or\n" +
-              "AWS environment variables (AWS_PROFILE, AWS_REGION, AWS_ACCESS_KEY_ID, AWS_WEB_IDENTITY_TOKEN_FILE).",
-          )
-        }
-
-        if (provider === "opencode") {
-          prompts.log.info("Create an api key at https://opencode.ai/auth")
-        }
-
-        if (provider === "vercel") {
-          prompts.log.info("You can create an api key at https://vercel.link/ai-gateway-token")
-        }
-
-        if (["cloudflare", "cloudflare-ai-gateway"].includes(provider)) {
-          prompts.log.info(
-            "Cloudflare AI Gateway can be configured with CLOUDFLARE_GATEWAY_ID, CLOUDFLARE_ACCOUNT_ID, and CLOUDFLARE_API_TOKEN environment variables. Read more: https://opencode.ai/docs/providers/#cloudflare-ai-gateway",
-          )
-        }
-
-        const key = await prompts.password({
-          message: "Enter your API key",
-          validate: (x) => (x && x.length > 0 ? undefined : "Required"),
-        })
-        if (prompts.isCancel(key)) throw new UI.CancelledError()
-        await put(provider, {
-          type: "api",
-          key,
-        })
-
-        prompts.outro("Done")
-      },
-    })
-  },
-})
-
-export const ProvidersLogoutCommand = cmd({
-  command: "logout",
-  describe: "log out from a configured provider",
-  async handler(_args) {
     UI.empty()
-    const credentials: Array<[string, Auth.Info]> = await AppRuntime.runPromise(
-      Effect.gen(function* () {
-        const auth = yield* Auth.Service
-        return Object.entries(yield* auth.all())
-      }),
-    )
-    prompts.intro("Remove credential")
-    if (credentials.length === 0) {
-      prompts.log.error("No credentials found")
+    yield* Prompt.intro("Add credential")
+    if (args.url) {
+      const url = args.url.replace(/\/+$/, "")
+      const wellknown = (yield* cliTry(`Failed to load auth provider metadata from ${url}: `, () =>
+        fetch(`${url}/.well-known/opencode`).then((x) => x.json()),
+      )) as {
+        auth: { command: string[]; env: string }
+      }
+      yield* Prompt.log.info(`Running \`${wellknown.auth.command.join(" ")}\``)
+      const abort = new AbortController()
+      const proc = Process.spawn(wellknown.auth.command, { stdout: "pipe", stderr: "inherit", abort: abort.signal })
+      if (!proc.stdout) {
+        yield* Prompt.log.error("Failed")
+        yield* Prompt.outro("Done")
+        return
+      }
+      const [exit, token] = yield* cliTry("Failed to run auth provider command: ", () =>
+        Promise.all([proc.exited, text(proc.stdout!)]),
+      ).pipe(Effect.ensuring(Effect.sync(() => abort.abort())))
+      if (exit !== 0) {
+        yield* Prompt.log.error("Failed")
+        yield* Prompt.outro("Done")
+        return
+      }
+      yield* Effect.orDie(authSvc.set(url, { type: "wellknown", key: wellknown.auth.env, token: token.trim() }))
+      yield* Prompt.log.success("Logged into " + url)
+      yield* Prompt.outro("Done")
       return
     }
-    const database = await ModelsDev.get()
-    const selected = await prompts.select({
+
+    const cfgSvc = yield* Config.Service
+    const pluginSvc = yield* Plugin.Service
+    const modelsDev = yield* ModelsDev.Service
+    yield* Effect.ignore(modelsDev.refresh(true))
+
+    const config = yield* cfgSvc.get()
+
+    const disabled = new Set(config.disabled_providers ?? [])
+    const enabled = config.enabled_providers ? new Set(config.enabled_providers) : undefined
+
+    const allProviders = yield* modelsDev.get()
+    const providers: Record<string, (typeof allProviders)[string]> = {}
+    for (const [key, value] of Object.entries(allProviders)) {
+      if ((enabled ? enabled.has(key) : true) && !disabled.has(key)) providers[key] = value
+    }
+    const hooks = yield* pluginSvc.list()
+
+    const priority: Record<string, number> = {
+      opencode: 0,
+      openai: 1,
+      "github-copilot": 2,
+      google: 3,
+      anthropic: 4,
+      openrouter: 5,
+      vercel: 6,
+    }
+    const pluginProviders = resolvePluginProviders({
+      hooks,
+      existingProviders: providers,
+      disabled,
+      enabled,
+      providerNames: Object.fromEntries(Object.entries(config.provider ?? {}).map(([id, p]) => [id, p.name])),
+    })
+    const options = [
+      ...pipe(
+        providers,
+        values(),
+        sortBy(
+          (x) => priority[x.id] ?? 99,
+          (x) => x.name ?? x.id,
+        ),
+        map((x) => ({
+          label: x.name,
+          value: x.id,
+          hint: {
+            opencode: "recommended",
+            openai: "ChatGPT Plus/Pro or API key",
+          }[x.id],
+        })),
+      ),
+      ...pluginProviders.map((x) => ({
+        label: x.name,
+        value: x.id,
+        hint: "plugin",
+      })),
+    ]
+
+    let provider: string
+    if (args.provider) {
+      const input = args.provider
+      const byID = options.find((x) => x.value === input)
+      const byName = options.find((x) => x.label.toLowerCase() === input.toLowerCase())
+      const match = byID ?? byName
+      if (!match) {
+        return yield* fail(`Unknown provider "${input}"`)
+      }
+      provider = match.value
+    } else {
+      provider = yield* promptValue(
+        yield* Prompt.autocomplete({
+          message: "Select provider",
+          maxItems: 8,
+          options: [...options, { value: "other", label: "Other" }],
+        }),
+      )
+    }
+
+    const plugin = hooks.findLast((x) => x.auth?.provider === provider)
+    if (plugin && plugin.auth) {
+      const handled = yield* handlePluginAuth({ auth: plugin.auth! }, provider, args.method)
+      if (handled) return
+    }
+
+    if (provider === "other") {
+      provider = (yield* promptValue(
+        yield* Prompt.text({
+          message: "Enter provider id",
+          validate: (x) => (x && x.match(/^[0-9a-z-]+$/) ? undefined : "a-z, 0-9 and hyphens only"),
+        }),
+      )).replace(/^@ai-sdk\//, "")
+
+      const customPlugin = hooks.findLast((x) => x.auth?.provider === provider)
+      if (customPlugin && customPlugin.auth) {
+        const handled = yield* handlePluginAuth({ auth: customPlugin.auth! }, provider, args.method)
+        if (handled) return
+      }
+
+      yield* Prompt.log.warn(
+        `This only stores a credential for ${provider} - you will need configure it in opencode.json, check the docs for examples.`,
+      )
+    }
+
+    if (provider === "amazon-bedrock") {
+      yield* Prompt.log.info(
+        "Amazon Bedrock authentication priority:\n" +
+          "  1. Bearer token (AWS_BEARER_TOKEN_BEDROCK or /connect)\n" +
+          "  2. AWS credential chain (profile, access keys, IAM roles, EKS IRSA)\n\n" +
+          "Configure via opencode.json options (profile, region, endpoint) or\n" +
+          "AWS environment variables (AWS_PROFILE, AWS_REGION, AWS_ACCESS_KEY_ID, AWS_WEB_IDENTITY_TOKEN_FILE).",
+      )
+    }
+
+    if (provider === "opencode") {
+      yield* Prompt.log.info("Create an api key at https://opencode.ai/auth")
+    }
+
+    if (provider === "vercel") {
+      yield* Prompt.log.info("You can create an api key at https://vercel.link/ai-gateway-token")
+    }
+
+    if (["cloudflare", "cloudflare-ai-gateway"].includes(provider)) {
+      yield* Prompt.log.info(
+        "Cloudflare AI Gateway can be configured with CLOUDFLARE_GATEWAY_ID, CLOUDFLARE_ACCOUNT_ID, and CLOUDFLARE_API_TOKEN environment variables. Read more: https://opencode.ai/docs/providers/#cloudflare-ai-gateway",
+      )
+    }
+
+    const key = yield* Prompt.password({
+      message: "Enter your API key",
+      validate: (x) => (x && x.length > 0 ? undefined : "Required"),
+    })
+    const apiKey = yield* promptValue(key)
+    yield* Effect.orDie(authSvc.set(provider, { type: "api", key: apiKey }))
+
+    yield* Prompt.outro("Done")
+  }),
+})
+
+export const ProvidersLogoutCommand = effectCmd({
+  command: "logout",
+  describe: "log out from a configured provider",
+  // Removes a global auth credential; no project instance needed.
+  instance: false,
+  handler: Effect.fn("Cli.providers.logout")(function* (_args) {
+    const authSvc = yield* Auth.Service
+    const modelsDev = yield* ModelsDev.Service
+
+    UI.empty()
+    const credentials: Array<[string, Auth.Info]> = Object.entries(yield* Effect.orDie(authSvc.all()))
+    yield* Prompt.intro("Remove credential")
+    if (credentials.length === 0) {
+      yield* Prompt.log.error("No credentials found")
+      return
+    }
+    const database = yield* modelsDev.get()
+    const selected = yield* Prompt.select({
       message: "Select provider",
       options: credentials.map(([key, value]) => ({
         label: (database[key]?.name || key) + UI.Style.TEXT_DIM + " (" + value.type + ")",
         value: key,
       })),
     })
-    if (prompts.isCancel(selected)) throw new UI.CancelledError()
-    const providerID = selected as string
-    await AppRuntime.runPromise(
-      Effect.gen(function* () {
-        const auth = yield* Auth.Service
-        yield* auth.remove(providerID)
-      }),
-    )
-    prompts.outro("Logout successful")
-  },
+    yield* Effect.orDie(authSvc.remove(yield* promptValue(selected)))
+    yield* Prompt.outro("Logout successful")
+  }),
 })

packages/opencode/src/cli/cmd/run.ts

@@ -1,10 +1,11 @@
 import type { Argv } from "yargs"
 import path from "path"
 import { pathToFileURL } from "url"
+import { Effect } from "effect"
 import { UI } from "../ui"
-import { cmd } from "./cmd"
+import { effectCmd } from "../effect-cmd"
 import { Flag } from "@opencode-ai/core/flag/flag"
-import { bootstrap } from "../bootstrap"
+import { ServerAuth } from "@/server/auth"
 import { EOL } from "os"
 import { Filesystem } from "@/util/filesystem"
 import { createOpencodeClient, type OpencodeClient, type ToolPart } from "@opencode-ai/sdk/v2"
@@ -22,10 +23,10 @@ import { WriteTool } from "../../tool/write"
 import { WebSearchTool } from "../../tool/websearch"
 import { TaskTool } from "../../tool/task"
 import { SkillTool } from "../../tool/skill"
-import { BashTool } from "../../tool/bash"
+import { ShellTool } from "../../tool/shell"
+import { ShellID } from "../../tool/shell/id"
 import { TodoWriteTool } from "../../tool/todo"
 import { Locale } from "@/util/locale"
-import { AppRuntime } from "@/effect/app-runtime"
 
 type ToolProps<T> = {
   input: Tool.InferParameters<T>
@@ -175,7 +176,7 @@ function skill(info: ToolProps<typeof SkillTool>) {
   })
 }
 
-function bash(info: ToolProps<typeof BashTool>) {
+function shell(info: ToolProps<typeof ShellTool>) {
   const output = info.part.state.status === "completed" ? info.part.state.output?.trim() : undefined
   block(
     {
@@ -202,11 +203,17 @@ function normalizePath(input?: string) {
   return input
 }
 
-export const RunCommand = cmd({
+export const RunCommand = effectCmd({
   command: "run [message..]",
   describe: "run opencode with a message",
-  builder: (yargs: Argv) => {
-    return yargs
+  // --attach connects to a remote server (no local instance needed); the
+  // default path runs an in-process server and needs the project instance.
+  instance: (args) => !args.attach,
+  // For --dir without --attach, load instance for the resolved target dir.
+  // The handler also chdirs (preserving the legacy order: chdir → file resolution).
+  directory: (args) => (args.dir && !args.attach ? path.resolve(process.cwd(), args.dir) : process.cwd()),
+  builder: (yargs: Argv) =>
+    yargs
       .positional("message", {
         describe: "message to send",
         type: "string",
@@ -269,6 +276,11 @@ export const RunCommand = cmd({
         type: "string",
         describe: "basic auth password (defaults to OPENCODE_SERVER_PASSWORD)",
       })
+      .option("username", {
+        alias: ["u"],
+        type: "string",
+        describe: "basic auth username (defaults to OPENCODE_SERVER_USERNAME or 'opencode')",
+      })
       .option("dir", {
         type: "string",
         describe: "directory to run in, path on remote server if attaching",
@@ -290,291 +302,314 @@ export const RunCommand = cmd({
         type: "boolean",
         describe: "auto-approve permissions that are not explicitly denied (dangerous!)",
         default: false,
-      })
-  },
-  handler: async (args) => {
-    let message = [...args.message, ...(args["--"] || [])]
-      .map((arg) => (arg.includes(" ") ? `"${arg.replace(/"/g, '\\"')}"` : arg))
-      .join(" ")
+      }),
+  handler: Effect.fn("Cli.run")(function* (args) {
+    const agentSvc = yield* Agent.Service
+    yield* Effect.promise(async () => {
+      let message = [...args.message, ...(args["--"] || [])]
+        .map((arg) => (arg.includes(" ") ? `"${arg.replace(/"/g, '\\"')}"` : arg))
+        .join(" ")
 
-    const directory = (() => {
-      if (!args.dir) return undefined
-      if (args.attach) return args.dir
-      try {
-        process.chdir(args.dir)
-        return process.cwd()
-      } catch {
-        UI.error("Failed to change directory to " + args.dir)
-        process.exit(1)
-      }
-    })()
-
-    const files: { type: "file"; url: string; filename: string; mime: string }[] = []
-    if (args.file) {
-      const list = Array.isArray(args.file) ? args.file : [args.file]
-
-      for (const filePath of list) {
-        const resolvedPath = path.resolve(process.cwd(), filePath)
-        if (!(await Filesystem.exists(resolvedPath))) {
-          UI.error(`File not found: ${filePath}`)
+      const directory = (() => {
+        if (!args.dir) return undefined
+        if (args.attach) return args.dir
+        try {
+          process.chdir(args.dir)
+          return process.cwd()
+        } catch {
+          UI.error("Failed to change directory to " + args.dir)
           process.exit(1)
         }
+      })()
 
-        const mime = (await Filesystem.isDir(resolvedPath)) ? "application/x-directory" : "text/plain"
+      const files: { type: "file"; url: string; filename: string; mime: string }[] = []
+      if (args.file) {
+        const list = Array.isArray(args.file) ? args.file : [args.file]
 
-        files.push({
-          type: "file",
-          url: pathToFileURL(resolvedPath).href,
-          filename: path.basename(resolvedPath),
-          mime,
-        })
-      }
-    }
-
-    if (!process.stdin.isTTY) message += "\n" + (await Bun.stdin.text())
-
-    if (message.trim().length === 0 && !args.command) {
-      UI.error("You must provide a message or a command")
-      process.exit(1)
-    }
-
-    if (args.fork && !args.continue && !args.session) {
-      UI.error("--fork requires --continue or --session")
-      process.exit(1)
-    }
-
-    const rules: Permission.Ruleset = [
-      {
-        permission: "question",
-        action: "deny",
-        pattern: "*",
-      },
-      {
-        permission: "plan_enter",
-        action: "deny",
-        pattern: "*",
-      },
-      {
-        permission: "plan_exit",
-        action: "deny",
-        pattern: "*",
-      },
-    ]
-
-    function title() {
-      if (args.title === undefined) return
-      if (args.title !== "") return args.title
-      return message.slice(0, 50) + (message.length > 50 ? "..." : "")
-    }
-
-    async function session(sdk: OpencodeClient) {
-      const baseID = args.continue ? (await sdk.session.list()).data?.find((s) => !s.parentID)?.id : args.session
-
-      if (baseID && args.fork) {
-        const forked = await sdk.session.fork({ sessionID: baseID })
-        return forked.data?.id
-      }
-
-      if (baseID) return baseID
-
-      const name = title()
-      const result = await sdk.session.create({ title: name, permission: rules })
-      return result.data?.id
-    }
-
-    async function share(sdk: OpencodeClient, sessionID: string) {
-      const cfg = await sdk.config.get()
-      if (!cfg.data) return
-      if (cfg.data.share !== "auto" && !Flag.OPENCODE_AUTO_SHARE && !args.share) return
-      const res = await sdk.session.share({ sessionID }).catch((error) => {
-        if (error instanceof Error && error.message.includes("disabled")) {
-          UI.println(UI.Style.TEXT_DANGER_BOLD + "!  " + error.message)
-        }
-        return { error }
-      })
-      if (!res.error && "data" in res && res.data?.share?.url) {
-        UI.println(UI.Style.TEXT_INFO_BOLD + "~  " + res.data.share.url)
-      }
-    }
-
-    async function execute(sdk: OpencodeClient) {
-      function tool(part: ToolPart) {
-        try {
-          if (part.tool === "bash") return bash(props<typeof BashTool>(part))
-          if (part.tool === "glob") return glob(props<typeof GlobTool>(part))
-          if (part.tool === "grep") return grep(props<typeof GrepTool>(part))
-          if (part.tool === "read") return read(props<typeof ReadTool>(part))
-          if (part.tool === "write") return write(props<typeof WriteTool>(part))
-          if (part.tool === "webfetch") return webfetch(props<typeof WebFetchTool>(part))
-          if (part.tool === "edit") return edit(props<typeof EditTool>(part))
-          if (part.tool === "websearch") return websearch(props<typeof WebSearchTool>(part))
-          if (part.tool === "task") return task(props<typeof TaskTool>(part))
-          if (part.tool === "todowrite") return todo(props<typeof TodoWriteTool>(part))
-          if (part.tool === "skill") return skill(props<typeof SkillTool>(part))
-          return fallback(part)
-        } catch {
-          return fallback(part)
-        }
-      }
-
-      function emit(type: string, data: Record<string, unknown>) {
-        if (args.format === "json") {
-          process.stdout.write(JSON.stringify({ type, timestamp: Date.now(), sessionID, ...data }) + EOL)
-          return true
-        }
-        return false
-      }
-
-      const events = await sdk.event.subscribe()
-      let error: string | undefined
-
-      async function loop() {
-        const toggles = new Map<string, boolean>()
-
-        for await (const event of events.stream) {
-          if (
-            event.type === "message.updated" &&
-            event.properties.info.role === "assistant" &&
-            args.format !== "json" &&
-            toggles.get("start") !== true
-          ) {
-            UI.empty()
-            UI.println(`> ${event.properties.info.agent} · ${event.properties.info.modelID}`)
-            UI.empty()
-            toggles.set("start", true)
+        for (const filePath of list) {
+          const resolvedPath = path.resolve(process.cwd(), filePath)
+          if (!(await Filesystem.exists(resolvedPath))) {
+            UI.error(`File not found: ${filePath}`)
+            process.exit(1)
           }
 
-          if (event.type === "message.part.updated") {
-            const part = event.properties.part
-            if (part.sessionID !== sessionID) continue
+          const mime = (await Filesystem.isDir(resolvedPath)) ? "application/x-directory" : "text/plain"
 
-            if (part.type === "tool" && (part.state.status === "completed" || part.state.status === "error")) {
-              if (emit("tool_use", { part })) continue
-              if (part.state.status === "completed") {
-                tool(part)
-                continue
+          files.push({
+            type: "file",
+            url: pathToFileURL(resolvedPath).href,
+            filename: path.basename(resolvedPath),
+            mime,
+          })
+        }
+      }
+
+      if (!process.stdin.isTTY) message += "\n" + (await Bun.stdin.text())
+
+      if (message.trim().length === 0 && !args.command) {
+        UI.error("You must provide a message or a command")
+        process.exit(1)
+      }
+
+      if (args.fork && !args.continue && !args.session) {
+        UI.error("--fork requires --continue or --session")
+        process.exit(1)
+      }
+
+      const rules: Permission.Ruleset = [
+        {
+          permission: "question",
+          action: "deny",
+          pattern: "*",
+        },
+        {
+          permission: "plan_enter",
+          action: "deny",
+          pattern: "*",
+        },
+        {
+          permission: "plan_exit",
+          action: "deny",
+          pattern: "*",
+        },
+      ]
+
+      function title() {
+        if (args.title === undefined) return
+        if (args.title !== "") return args.title
+        return message.slice(0, 50) + (message.length > 50 ? "..." : "")
+      }
+
+      async function session(sdk: OpencodeClient) {
+        const baseID = args.continue ? (await sdk.session.list()).data?.find((s) => !s.parentID)?.id : args.session
+
+        if (baseID && args.fork) {
+          const forked = await sdk.session.fork({ sessionID: baseID })
+          return forked.data?.id
+        }
+
+        if (baseID) return baseID
+
+        const name = title()
+        const result = await sdk.session.create({ title: name, permission: rules })
+        return result.data?.id
+      }
+
+      async function share(sdk: OpencodeClient, sessionID: string) {
+        const cfg = await sdk.config.get()
+        if (!cfg.data) return
+        if (cfg.data.share !== "auto" && !Flag.OPENCODE_AUTO_SHARE && !args.share) return
+        const res = await sdk.session.share({ sessionID }).catch((error) => {
+          if (error instanceof Error && error.message.includes("disabled")) {
+            UI.println(UI.Style.TEXT_DANGER_BOLD + "!  " + error.message)
+          }
+          return { error }
+        })
+        if (!res.error && "data" in res && res.data?.share?.url) {
+          UI.println(UI.Style.TEXT_INFO_BOLD + "~  " + res.data.share.url)
+        }
+      }
+
+      async function execute(sdk: OpencodeClient) {
+        function tool(part: ToolPart) {
+          try {
+            if (part.tool === ShellID.ToolID) return shell(props<typeof ShellTool>(part))
+            if (part.tool === "glob") return glob(props<typeof GlobTool>(part))
+            if (part.tool === "grep") return grep(props<typeof GrepTool>(part))
+            if (part.tool === "read") return read(props<typeof ReadTool>(part))
+            if (part.tool === "write") return write(props<typeof WriteTool>(part))
+            if (part.tool === "webfetch") return webfetch(props<typeof WebFetchTool>(part))
+            if (part.tool === "edit") return edit(props<typeof EditTool>(part))
+            if (part.tool === "websearch") return websearch(props<typeof WebSearchTool>(part))
+            if (part.tool === "task") return task(props<typeof TaskTool>(part))
+            if (part.tool === "todowrite") return todo(props<typeof TodoWriteTool>(part))
+            if (part.tool === "skill") return skill(props<typeof SkillTool>(part))
+            return fallback(part)
+          } catch {
+            return fallback(part)
+          }
+        }
+
+        function emit(type: string, data: Record<string, unknown>) {
+          if (args.format === "json") {
+            process.stdout.write(JSON.stringify({ type, timestamp: Date.now(), sessionID, ...data }) + EOL)
+            return true
+          }
+          return false
+        }
+
+        const events = await sdk.event.subscribe()
+        let error: string | undefined
+
+        async function loop() {
+          const toggles = new Map<string, boolean>()
+
+          for await (const event of events.stream) {
+            if (
+              event.type === "message.updated" &&
+              event.properties.info.role === "assistant" &&
+              args.format !== "json" &&
+              toggles.get("start") !== true
+            ) {
+              UI.empty()
+              UI.println(`> ${event.properties.info.agent} · ${event.properties.info.modelID}`)
+              UI.empty()
+              toggles.set("start", true)
+            }
+
+            if (event.type === "message.part.updated") {
+              const part = event.properties.part
+              if (part.sessionID !== sessionID) continue
+
+              if (part.type === "tool" && (part.state.status === "completed" || part.state.status === "error")) {
+                if (emit("tool_use", { part })) continue
+                if (part.state.status === "completed") {
+                  tool(part)
+                  continue
+                }
+                inline({
+                  icon: "✗",
+                  title: `${part.tool} failed`,
+                })
+                UI.error(part.state.error)
               }
-              inline({
-                icon: "✗",
-                title: `${part.tool} failed`,
-              })
-              UI.error(part.state.error)
+
+              if (
+                part.type === "tool" &&
+                part.tool === "task" &&
+                part.state.status === "running" &&
+                args.format !== "json"
+              ) {
+                if (toggles.get(part.id) === true) continue
+                task(props<typeof TaskTool>(part))
+                toggles.set(part.id, true)
+              }
+
+              if (part.type === "step-start") {
+                if (emit("step_start", { part })) continue
+              }
+
+              if (part.type === "step-finish") {
+                if (emit("step_finish", { part })) continue
+              }
+
+              if (part.type === "text" && part.time?.end) {
+                if (emit("text", { part })) continue
+                const text = part.text.trim()
+                if (!text) continue
+                if (!process.stdout.isTTY) {
+                  process.stdout.write(text + EOL)
+                  continue
+                }
+                UI.empty()
+                UI.println(text)
+                UI.empty()
+              }
+
+              if (part.type === "reasoning" && part.time?.end && args.thinking) {
+                if (emit("reasoning", { part })) continue
+                const text = part.text.trim()
+                if (!text) continue
+                const line = `Thinking: ${text}`
+                if (process.stdout.isTTY) {
+                  UI.empty()
+                  UI.println(`${UI.Style.TEXT_DIM}\u001b[3m${line}\u001b[0m${UI.Style.TEXT_NORMAL}`)
+                  UI.empty()
+                  continue
+                }
+                process.stdout.write(line + EOL)
+              }
+            }
+
+            if (event.type === "session.error") {
+              const props = event.properties
+              if (props.sessionID !== sessionID || !props.error) continue
+              let err = String(props.error.name)
+              if ("data" in props.error && props.error.data && "message" in props.error.data) {
+                err = String(props.error.data.message)
+              }
+              error = error ? error + EOL + err : err
+              if (emit("error", { error: props.error })) continue
+              UI.error(err)
             }
 
             if (
-              part.type === "tool" &&
-              part.tool === "task" &&
-              part.state.status === "running" &&
-              args.format !== "json"
+              event.type === "session.status" &&
+              event.properties.sessionID === sessionID &&
+              event.properties.status.type === "idle"
             ) {
-              if (toggles.get(part.id) === true) continue
-              task(props<typeof TaskTool>(part))
-              toggles.set(part.id, true)
+              break
             }
 
-            if (part.type === "step-start") {
-              if (emit("step_start", { part })) continue
-            }
+            if (event.type === "permission.asked") {
+              const permission = event.properties
+              if (permission.sessionID !== sessionID) continue
 
-            if (part.type === "step-finish") {
-              if (emit("step_finish", { part })) continue
-            }
-
-            if (part.type === "text" && part.time?.end) {
-              if (emit("text", { part })) continue
-              const text = part.text.trim()
-              if (!text) continue
-              if (!process.stdout.isTTY) {
-                process.stdout.write(text + EOL)
-                continue
+              if (args["dangerously-skip-permissions"]) {
+                await sdk.permission.reply({
+                  requestID: permission.id,
+                  reply: "once",
+                })
+              } else {
+                UI.println(
+                  UI.Style.TEXT_WARNING_BOLD + "!",
+                  UI.Style.TEXT_NORMAL +
+                    `permission requested: ${permission.permission} (${permission.patterns.join(", ")}); auto-rejecting`,
+                )
+                await sdk.permission.reply({
+                  requestID: permission.id,
+                  reply: "reject",
+                })
               }
-              UI.empty()
-              UI.println(text)
-              UI.empty()
-            }
-
-            if (part.type === "reasoning" && part.time?.end && args.thinking) {
-              if (emit("reasoning", { part })) continue
-              const text = part.text.trim()
-              if (!text) continue
-              const line = `Thinking: ${text}`
-              if (process.stdout.isTTY) {
-                UI.empty()
-                UI.println(`${UI.Style.TEXT_DIM}\u001b[3m${line}\u001b[0m${UI.Style.TEXT_NORMAL}`)
-                UI.empty()
-                continue
-              }
-              process.stdout.write(line + EOL)
-            }
-          }
-
-          if (event.type === "session.error") {
-            const props = event.properties
-            if (props.sessionID !== sessionID || !props.error) continue
-            let err = String(props.error.name)
-            if ("data" in props.error && props.error.data && "message" in props.error.data) {
-              err = String(props.error.data.message)
-            }
-            error = error ? error + EOL + err : err
-            if (emit("error", { error: props.error })) continue
-            UI.error(err)
-          }
-
-          if (
-            event.type === "session.status" &&
-            event.properties.sessionID === sessionID &&
-            event.properties.status.type === "idle"
-          ) {
-            break
-          }
-
-          if (event.type === "permission.asked") {
-            const permission = event.properties
-            if (permission.sessionID !== sessionID) continue
-
-            if (args["dangerously-skip-permissions"]) {
-              await sdk.permission.reply({
-                requestID: permission.id,
-                reply: "once",
-              })
-            } else {
-              UI.println(
-                UI.Style.TEXT_WARNING_BOLD + "!",
-                UI.Style.TEXT_NORMAL +
-                  `permission requested: ${permission.permission} (${permission.patterns.join(", ")}); auto-rejecting`,
-              )
-              await sdk.permission.reply({
-                requestID: permission.id,
-                reply: "reject",
-              })
             }
           }
         }
-      }
 
-      // Validate agent if specified
-      const agent = await (async () => {
-        if (!args.agent) return undefined
-        const name = args.agent
+        // Validate agent if specified
+        const agent = await (async () => {
+          if (!args.agent) return undefined
+          const name = args.agent
 
-        // When attaching, validate against the running server instead of local Instance state.
-        if (args.attach) {
-          const modes = await sdk.app
-            .agents(undefined, { throwOnError: true })
-            .then((x) => x.data ?? [])
-            .catch(() => undefined)
+          // When attaching, validate against the running server instead of local Instance state.
+          if (args.attach) {
+            const modes = await sdk.app
+              .agents(undefined, { throwOnError: true })
+              .then((x) => x.data ?? [])
+              .catch(() => undefined)
 
-          if (!modes) {
-            UI.println(
-              UI.Style.TEXT_WARNING_BOLD + "!",
-              UI.Style.TEXT_NORMAL,
-              `failed to list agents from ${args.attach}. Falling back to default agent`,
-            )
-            return undefined
+            if (!modes) {
+              UI.println(
+                UI.Style.TEXT_WARNING_BOLD + "!",
+                UI.Style.TEXT_NORMAL,
+                `failed to list agents from ${args.attach}. Falling back to default agent`,
+              )
+              return undefined
+            }
+
+            const agent = modes.find((a) => a.name === name)
+            if (!agent) {
+              UI.println(
+                UI.Style.TEXT_WARNING_BOLD + "!",
+                UI.Style.TEXT_NORMAL,
+                `agent "${name}" not found. Falling back to default agent`,
+              )
+              return undefined
+            }
+
+            if (agent.mode === "subagent") {
+              UI.println(
+                UI.Style.TEXT_WARNING_BOLD + "!",
+                UI.Style.TEXT_NORMAL,
+                `agent "${name}" is a subagent, not a primary agent. Falling back to default agent`,
+              )
+              return undefined
+            }
+
+            return name
           }
 
-          const agent = modes.find((a) => a.name === name)
-          if (!agent) {
+          const entry = await Effect.runPromise(agentSvc.get(name))
+          if (!entry) {
             UI.println(
               UI.Style.TEXT_WARNING_BOLD + "!",
               UI.Style.TEXT_NORMAL,
@@ -582,8 +617,7 @@ export const RunCommand = cmd({
             )
             return undefined
           }
-
-          if (agent.mode === "subagent") {
+          if (entry.mode === "subagent") {
             UI.println(
               UI.Style.TEXT_WARNING_BOLD + "!",
               UI.Style.TEXT_NORMAL,
@@ -591,76 +625,48 @@ export const RunCommand = cmd({
             )
             return undefined
           }
-
           return name
+        })()
+
+        const sessionID = await session(sdk)
+        if (!sessionID) {
+          UI.error("Session not found")
+          process.exit(1)
         }
+        await share(sdk, sessionID)
 
-        const entry = await AppRuntime.runPromise(Agent.Service.use((svc) => svc.get(name)))
-        if (!entry) {
-          UI.println(
-            UI.Style.TEXT_WARNING_BOLD + "!",
-            UI.Style.TEXT_NORMAL,
-            `agent "${name}" not found. Falling back to default agent`,
-          )
-          return undefined
-        }
-        if (entry.mode === "subagent") {
-          UI.println(
-            UI.Style.TEXT_WARNING_BOLD + "!",
-            UI.Style.TEXT_NORMAL,
-            `agent "${name}" is a subagent, not a primary agent. Falling back to default agent`,
-          )
-          return undefined
-        }
-        return name
-      })()
-
-      const sessionID = await session(sdk)
-      if (!sessionID) {
-        UI.error("Session not found")
-        process.exit(1)
-      }
-      await share(sdk, sessionID)
-
-      loop().catch((e) => {
-        console.error(e)
-        process.exit(1)
-      })
-
-      if (args.command) {
-        await sdk.session.command({
-          sessionID,
-          agent,
-          model: args.model,
-          command: args.command,
-          arguments: message,
-          variant: args.variant,
-        })
-      } else {
-        const model = args.model ? Provider.parseModel(args.model) : undefined
-        await sdk.session.prompt({
-          sessionID,
-          agent,
-          model,
-          variant: args.variant,
-          parts: [...files, { type: "text", text: message }],
+        loop().catch((e) => {
+          console.error(e)
+          process.exit(1)
         })
+
+        if (args.command) {
+          await sdk.session.command({
+            sessionID,
+            agent,
+            model: args.model,
+            command: args.command,
+            arguments: message,
+            variant: args.variant,
+          })
+        } else {
+          const model = args.model ? Provider.parseModel(args.model) : undefined
+          await sdk.session.prompt({
+            sessionID,
+            agent,
+            model,
+            variant: args.variant,
+            parts: [...files, { type: "text", text: message }],
+          })
+        }
       }
-    }
 
-    if (args.attach) {
-      const headers = (() => {
-        const password = args.password ?? process.env.OPENCODE_SERVER_PASSWORD
-        if (!password) return undefined
-        const username = process.env.OPENCODE_SERVER_USERNAME ?? "opencode"
-        const auth = `Basic ${Buffer.from(`${username}:${password}`).toString("base64")}`
-        return { Authorization: auth }
-      })()
-      const sdk = createOpencodeClient({ baseUrl: args.attach, directory, headers })
-      return await execute(sdk)
-    }
+      if (args.attach) {
+        const headers = ServerAuth.headers({ password: args.password, username: args.username })
+        const sdk = createOpencodeClient({ baseUrl: args.attach, directory, headers })
+        return await execute(sdk)
+      }
 
-    await bootstrap(process.cwd(), async () => {
       const fetchFn = (async (input: RequestInfo | URL, init?: RequestInit) => {
         const request = new Request(input, init)
         return Server.Default().app.fetch(request)
@@ -668,5 +674,5 @@ export const RunCommand = cmd({
       const sdk = createOpencodeClient({ baseUrl: "http://opencode.internal", fetch: fetchFn })
       await execute(sdk)
     })
-  },
+  }),
 })

packages/opencode/src/cli/cmd/serve.ts

@@ -1,21 +1,24 @@
+import { Effect } from "effect"
 import { Server } from "../../server/server"
-import { cmd } from "./cmd"
+import { effectCmd } from "../effect-cmd"
 import { withNetworkOptions, resolveNetworkOptions } from "../network"
 import { Flag } from "@opencode-ai/core/flag/flag"
 
-export const ServeCommand = cmd({
+export const ServeCommand = effectCmd({
   command: "serve",
   builder: (yargs) => withNetworkOptions(yargs),
   describe: "starts a headless opencode server",
-  handler: async (args) => {
+  // Server loads instances per-request via x-opencode-directory header — no
+  // need for an ambient project InstanceContext at startup.
+  instance: false,
+  handler: Effect.fn("Cli.serve")(function* (args) {
     if (!Flag.OPENCODE_SERVER_PASSWORD) {
       console.log("Warning: OPENCODE_SERVER_PASSWORD is not set; server is unsecured.")
     }
-    const opts = await resolveNetworkOptions(args)
-    const server = await Server.listen(opts)
+    const opts = yield* Effect.promise(() => resolveNetworkOptions(args))
+    const server = yield* Effect.promise(() => Server.listen(opts))
     console.log(`opencode server listening on http://${server.hostname}:${server.port}`)
 
-    await new Promise(() => {})
-    await server.stop()
-  },
+    yield* Effect.never
+  }),
 })

packages/opencode/src/cli/cmd/session.ts

@@ -1,8 +1,9 @@
 import type { Argv } from "yargs"
+import { Effect } from "effect"
 import { cmd } from "./cmd"
+import { effectCmd, fail } from "../effect-cmd"
 import { Session } from "@/session/session"
 import { SessionID } from "../../session/schema"
-import { bootstrap } from "../bootstrap"
 import { UI } from "../ui"
 import { Locale } from "@/util/locale"
 import { Flag } from "@opencode-ai/core/flag/flag"
@@ -11,7 +12,6 @@ import { Process } from "@/util/process"
 import { EOL } from "os"
 import path from "path"
 import { which } from "../../util/which"
-import { AppRuntime } from "@/effect/app-runtime"
 
 function pagerCmd(): string[] {
   const lessOptions = ["-R", "-S"]
@@ -47,36 +47,30 @@ export const SessionCommand = cmd({
   async handler() {},
 })
 
-export const SessionDeleteCommand = cmd({
+export const SessionDeleteCommand = effectCmd({
   command: "delete <sessionID>",
   describe: "delete a session",
-  builder: (yargs: Argv) => {
-    return yargs.positional("sessionID", {
+  builder: (yargs) =>
+    yargs.positional("sessionID", {
       describe: "session ID to delete",
       type: "string",
       demandOption: true,
-    })
-  },
-  handler: async (args) => {
-    await bootstrap(process.cwd(), async () => {
-      const sessionID = SessionID.make(args.sessionID)
-      try {
-        await AppRuntime.runPromise(Session.Service.use((svc) => svc.get(sessionID)))
-      } catch {
-        UI.error(`Session not found: ${args.sessionID}`)
-        process.exit(1)
-      }
-      await AppRuntime.runPromise(Session.Service.use((svc) => svc.remove(sessionID)))
-      UI.println(UI.Style.TEXT_SUCCESS_BOLD + `Session ${args.sessionID} deleted` + UI.Style.TEXT_NORMAL)
-    })
-  },
+    }),
+  handler: Effect.fn("Cli.session.delete")(function* (args) {
+    const svc = yield* Session.Service
+    const sessionID = SessionID.make(args.sessionID)
+    // Match legacy try/catch — Session.get surfaces NotFoundError as a defect.
+    yield* svc.get(sessionID).pipe(Effect.catchCause(() => fail(`Session not found: ${args.sessionID}`)))
+    yield* svc.remove(sessionID)
+    UI.println(UI.Style.TEXT_SUCCESS_BOLD + `Session ${args.sessionID} deleted` + UI.Style.TEXT_NORMAL)
+  }),
 })
 
-export const SessionListCommand = cmd({
+export const SessionListCommand = effectCmd({
   command: "list",
   describe: "list sessions",
-  builder: (yargs: Argv) => {
-    return yargs
+  builder: (yargs) =>
+    yargs
       .option("max-count", {
         alias: "n",
         describe: "limit to N most recent sessions",
@@ -87,28 +81,18 @@ export const SessionListCommand = cmd({
         type: "string",
         choices: ["table", "json"],
         default: "table",
-      })
-  },
-  handler: async (args) => {
-    await bootstrap(process.cwd(), async () => {
-      const sessions = await AppRuntime.runPromise(
-        Session.Service.use((svc) => svc.list({ roots: true, limit: args.maxCount })),
-      )
+      }),
+  handler: Effect.fn("Cli.session.list")(function* (args) {
+    const sessions = yield* Session.Service.use((svc) => svc.list({ roots: true, limit: args.maxCount }))
 
-      if (sessions.length === 0) {
-        return
-      }
+    if (sessions.length === 0) return
 
-      let output: string
-      if (args.format === "json") {
-        output = formatSessionJSON(sessions)
-      } else {
-        output = formatSessionTable(sessions)
-      }
+    const output = args.format === "json" ? formatSessionJSON(sessions) : formatSessionTable(sessions)
 
-      const shouldPaginate = process.stdout.isTTY && !args.maxCount && args.format === "table"
+    const shouldPaginate = process.stdout.isTTY && !args.maxCount && args.format === "table"
 
-      if (shouldPaginate) {
+    if (shouldPaginate) {
+      yield* Effect.promise(async () => {
         const proc = Process.spawn(pagerCmd(), {
           stdin: "pipe",
           stdout: "inherit",
@@ -123,11 +107,11 @@ export const SessionListCommand = cmd({
         proc.stdin.write(output)
         proc.stdin.end()
         await proc.exited
-      } else {
-        console.log(output)
-      }
-    })
-  },
+      })
+    } else {
+      console.log(output)
+    }
+  }),
 })
 
 function formatSessionTable(sessions: Session.Info[]): string {

packages/opencode/src/cli/cmd/stats.ts

@@ -1,12 +1,10 @@
-import type { Argv } from "yargs"
-import { cmd } from "./cmd"
+import { Effect } from "effect"
+import { effectCmd } from "../effect-cmd"
 import { Session } from "@/session/session"
-import { bootstrap } from "../bootstrap"
 import { Database } from "@/storage/db"
 import { SessionTable } from "../../session/session.sql"
 import { Project } from "@/project/project"
-import { Instance } from "../../project/instance"
-import { AppRuntime } from "@/effect/app-runtime"
+import { InstanceRef } from "@/effect/instance-ref"
 
 interface SessionStats {
   totalSessions: number
@@ -47,11 +45,11 @@ interface SessionStats {
   medianTokensPerSession: number
 }
 
-export const StatsCommand = cmd({
+export const StatsCommand = effectCmd({
   command: "stats",
   describe: "show token usage and cost statistics",
-  builder: (yargs: Argv) => {
-    return yargs
+  builder: (yargs) =>
+    yargs
       .option("days", {
         describe: "show stats for the last N days (default: all time)",
         type: "number",
@@ -66,35 +64,32 @@ export const StatsCommand = cmd({
       .option("project", {
         describe: "filter by project (default: all projects, empty string: current project)",
         type: "string",
-      })
-  },
-  handler: async (args) => {
-    await bootstrap(process.cwd(), async () => {
-      const stats = await aggregateSessionStats(args.days, args.project)
-
-      let modelLimit: number | undefined
-      if (args.models === true) {
-        modelLimit = Infinity
-      } else if (typeof args.models === "number") {
-        modelLimit = args.models
-      }
-
-      displayStats(stats, args.tools, modelLimit)
-    })
-  },
+      }),
+  handler: Effect.fn("Cli.stats")(function* (args) {
+    const ctx = yield* InstanceRef
+    if (!ctx) return
+    const stats = yield* aggregateSessionStats(args.days, args.project, ctx.project)
+    let modelLimit: number | undefined
+    if (args.models === true) {
+      modelLimit = Infinity
+    } else if (typeof args.models === "number") {
+      modelLimit = args.models
+    }
+    displayStats(stats, args.tools, modelLimit)
+  }),
 })
 
-async function getCurrentProject(): Promise<Project.Info> {
-  return Instance.project
-}
+const getAllSessions = Effect.sync(() =>
+  Database.use((db) => db.select().from(SessionTable).all()).map((row) => Session.fromRow(row)),
+)
 
-async function getAllSessions(): Promise<Session.Info[]> {
-  const rows = Database.use((db) => db.select().from(SessionTable).all())
-  return rows.map((row) => Session.fromRow(row))
-}
-
-export async function aggregateSessionStats(days?: number, projectFilter?: string): Promise<SessionStats> {
-  const sessions = await getAllSessions()
+const aggregateSessionStats = Effect.fn("Cli.stats.aggregate")(function* (
+  days?: number,
+  projectFilter?: string,
+  currentProject?: Project.Info,
+) {
+  const svc = yield* Session.Service
+  const sessions = yield* getAllSessions
   const MS_IN_DAY = 24 * 60 * 60 * 1000
 
   const cutoffTime = (() => {
@@ -117,7 +112,7 @@ export async function aggregateSessionStats(days?: number, projectFilter?: strin
 
   if (projectFilter !== undefined) {
     if (projectFilter === "") {
-      const currentProject = await getCurrentProject()
+      if (!currentProject) throw new Error("currentProject required when projectFilter is empty string")
       filteredSessions = filteredSessions.filter((session) => session.projectID === currentProject.id)
     } else {
       filteredSessions = filteredSessions.filter((session) => session.projectID === projectFilter)
@@ -163,122 +158,111 @@ export async function aggregateSessionStats(days?: number, projectFilter?: strin
 
   const sessionTotalTokens: number[] = []
 
-  const BATCH_SIZE = 20
-  for (let i = 0; i < filteredSessions.length; i += BATCH_SIZE) {
-    const batch = filteredSessions.slice(i, i + BATCH_SIZE)
+  const results = yield* Effect.forEach(
+    filteredSessions,
+    (session) =>
+      Effect.gen(function* () {
+        const messages = yield* svc.messages({ sessionID: session.id })
 
-    const batchPromises = batch.map(async (session) => {
-      const messages = await AppRuntime.runPromise(
-        Session.Service.use((svc) => svc.messages({ sessionID: session.id })),
-      )
+        let sessionCost = 0
+        let sessionTokens = { input: 0, output: 0, reasoning: 0, cache: { read: 0, write: 0 } }
+        let sessionToolUsage: Record<string, number> = {}
+        let sessionModelUsage: Record<
+          string,
+          {
+            messages: number
+            tokens: { input: number; output: number; cache: { read: number; write: number } }
+            cost: number
+          }
+        > = {}
 
-      let sessionCost = 0
-      let sessionTokens = { input: 0, output: 0, reasoning: 0, cache: { read: 0, write: 0 } }
-      let sessionToolUsage: Record<string, number> = {}
-      let sessionModelUsage: Record<
-        string,
-        {
-          messages: number
-          tokens: {
-            input: number
-            output: number
-            cache: {
-              read: number
-              write: number
+        for (const message of messages) {
+          if (message.info.role === "assistant") {
+            sessionCost += message.info.cost || 0
+
+            const modelKey = `${message.info.providerID}/${message.info.modelID}`
+            if (!sessionModelUsage[modelKey]) {
+              sessionModelUsage[modelKey] = {
+                messages: 0,
+                tokens: { input: 0, output: 0, cache: { read: 0, write: 0 } },
+                cost: 0,
+              }
+            }
+            sessionModelUsage[modelKey].messages++
+            sessionModelUsage[modelKey].cost += message.info.cost || 0
+
+            if (message.info.tokens) {
+              sessionTokens.input += message.info.tokens.input || 0
+              sessionTokens.output += message.info.tokens.output || 0
+              sessionTokens.reasoning += message.info.tokens.reasoning || 0
+              sessionTokens.cache.read += message.info.tokens.cache?.read || 0
+              sessionTokens.cache.write += message.info.tokens.cache?.write || 0
+
+              sessionModelUsage[modelKey].tokens.input += message.info.tokens.input || 0
+              sessionModelUsage[modelKey].tokens.output +=
+                (message.info.tokens.output || 0) + (message.info.tokens.reasoning || 0)
+              sessionModelUsage[modelKey].tokens.cache.read += message.info.tokens.cache?.read || 0
+              sessionModelUsage[modelKey].tokens.cache.write += message.info.tokens.cache?.write || 0
             }
           }
-          cost: number
-        }
-      > = {}
 
-      for (const message of messages) {
-        if (message.info.role === "assistant") {
-          sessionCost += message.info.cost || 0
-
-          const modelKey = `${message.info.providerID}/${message.info.modelID}`
-          if (!sessionModelUsage[modelKey]) {
-            sessionModelUsage[modelKey] = {
-              messages: 0,
-              tokens: { input: 0, output: 0, cache: { read: 0, write: 0 } },
-              cost: 0,
+          for (const part of message.parts) {
+            if (part.type === "tool" && part.tool) {
+              sessionToolUsage[part.tool] = (sessionToolUsage[part.tool] || 0) + 1
             }
           }
-          sessionModelUsage[modelKey].messages++
-          sessionModelUsage[modelKey].cost += message.info.cost || 0
-
-          if (message.info.tokens) {
-            sessionTokens.input += message.info.tokens.input || 0
-            sessionTokens.output += message.info.tokens.output || 0
-            sessionTokens.reasoning += message.info.tokens.reasoning || 0
-            sessionTokens.cache.read += message.info.tokens.cache?.read || 0
-            sessionTokens.cache.write += message.info.tokens.cache?.write || 0
-
-            sessionModelUsage[modelKey].tokens.input += message.info.tokens.input || 0
-            sessionModelUsage[modelKey].tokens.output +=
-              (message.info.tokens.output || 0) + (message.info.tokens.reasoning || 0)
-            sessionModelUsage[modelKey].tokens.cache.read += message.info.tokens.cache?.read || 0
-            sessionModelUsage[modelKey].tokens.cache.write += message.info.tokens.cache?.write || 0
-          }
         }
 
-        for (const part of message.parts) {
-          if (part.type === "tool" && part.tool) {
-            sessionToolUsage[part.tool] = (sessionToolUsage[part.tool] || 0) + 1
-          }
+        return {
+          messageCount: messages.length,
+          sessionCost,
+          sessionTokens,
+          sessionTotalTokens:
+            sessionTokens.input +
+            sessionTokens.output +
+            sessionTokens.reasoning +
+            sessionTokens.cache.read +
+            sessionTokens.cache.write,
+          sessionToolUsage,
+          sessionModelUsage,
+          earliestTime: cutoffTime > 0 ? session.time.updated : session.time.created,
+          latestTime: session.time.updated,
+        }
+      }),
+    { concurrency: 20 },
+  )
+
+  for (const result of results) {
+    earliestTime = Math.min(earliestTime, result.earliestTime)
+    latestTime = Math.max(latestTime, result.latestTime)
+    sessionTotalTokens.push(result.sessionTotalTokens)
+
+    stats.totalMessages += result.messageCount
+    stats.totalCost += result.sessionCost
+    stats.totalTokens.input += result.sessionTokens.input
+    stats.totalTokens.output += result.sessionTokens.output
+    stats.totalTokens.reasoning += result.sessionTokens.reasoning
+    stats.totalTokens.cache.read += result.sessionTokens.cache.read
+    stats.totalTokens.cache.write += result.sessionTokens.cache.write
+
+    for (const [tool, count] of Object.entries(result.sessionToolUsage)) {
+      stats.toolUsage[tool] = (stats.toolUsage[tool] || 0) + count
+    }
+
+    for (const [model, usage] of Object.entries(result.sessionModelUsage)) {
+      if (!stats.modelUsage[model]) {
+        stats.modelUsage[model] = {
+          messages: 0,
+          tokens: { input: 0, output: 0, cache: { read: 0, write: 0 } },
+          cost: 0,
         }
       }
-
-      return {
-        messageCount: messages.length,
-        sessionCost,
-        sessionTokens,
-        sessionTotalTokens:
-          sessionTokens.input +
-          sessionTokens.output +
-          sessionTokens.reasoning +
-          sessionTokens.cache.read +
-          sessionTokens.cache.write,
-        sessionToolUsage,
-        sessionModelUsage,
-        earliestTime: cutoffTime > 0 ? session.time.updated : session.time.created,
-        latestTime: session.time.updated,
-      }
-    })
-
-    const batchResults = await Promise.all(batchPromises)
-
-    for (const result of batchResults) {
-      earliestTime = Math.min(earliestTime, result.earliestTime)
-      latestTime = Math.max(latestTime, result.latestTime)
-      sessionTotalTokens.push(result.sessionTotalTokens)
-
-      stats.totalMessages += result.messageCount
-      stats.totalCost += result.sessionCost
-      stats.totalTokens.input += result.sessionTokens.input
-      stats.totalTokens.output += result.sessionTokens.output
-      stats.totalTokens.reasoning += result.sessionTokens.reasoning
-      stats.totalTokens.cache.read += result.sessionTokens.cache.read
-      stats.totalTokens.cache.write += result.sessionTokens.cache.write
-
-      for (const [tool, count] of Object.entries(result.sessionToolUsage)) {
-        stats.toolUsage[tool] = (stats.toolUsage[tool] || 0) + count
-      }
-
-      for (const [model, usage] of Object.entries(result.sessionModelUsage)) {
-        if (!stats.modelUsage[model]) {
-          stats.modelUsage[model] = {
-            messages: 0,
-            tokens: { input: 0, output: 0, cache: { read: 0, write: 0 } },
-            cost: 0,
-          }
-        }
-        stats.modelUsage[model].messages += usage.messages
-        stats.modelUsage[model].tokens.input += usage.tokens.input
-        stats.modelUsage[model].tokens.output += usage.tokens.output
-        stats.modelUsage[model].tokens.cache.read += usage.tokens.cache.read
-        stats.modelUsage[model].tokens.cache.write += usage.tokens.cache.write
-        stats.modelUsage[model].cost += usage.cost
-      }
+      stats.modelUsage[model].messages += usage.messages
+      stats.modelUsage[model].tokens.input += usage.tokens.input
+      stats.modelUsage[model].tokens.output += usage.tokens.output
+      stats.modelUsage[model].tokens.cache.read += usage.tokens.cache.read
+      stats.modelUsage[model].tokens.cache.write += usage.tokens.cache.write
+      stats.modelUsage[model].cost += usage.cost
     }
   }
 
@@ -307,7 +291,7 @@ export async function aggregateSessionStats(days?: number, projectFilter?: strin
         : sessionTotalTokens[mid]
 
   return stats
-}
+})
 
 export function displayStats(stats: SessionStats, toolLimit?: number, modelLimit?: number) {
   const width = 56

packages/opencode/src/cli/cmd/tui/app.tsx

@@ -28,6 +28,7 @@ import { useEvent } from "@tui/context/event"
 import { SDKProvider, useSDK } from "@tui/context/sdk"
 import { StartupLoading } from "@tui/component/startup-loading"
 import { SyncProvider, useSync } from "@tui/context/sync"
+import { SyncProviderV2 } from "@tui/context/sync-v2"
 import { LocalProvider, useLocal } from "@tui/context/local"
 import { DialogModel } from "@tui/component/dialog-model"
 import { useConnected } from "@tui/component/use-connected"
@@ -168,27 +169,29 @@ export function tui(input: {
                       >
                         <ProjectProvider>
                           <SyncProvider>
-                            <ThemeProvider mode={mode}>
-                              <LocalProvider>
-                                <KeybindProvider>
-                                  <PromptStashProvider>
-                                    <DialogProvider>
-                                      <CommandProvider>
-                                        <FrecencyProvider>
-                                          <PromptHistoryProvider>
-                                            <PromptRefProvider>
-                                              <EditorContextProvider>
-                                                <App onSnapshot={input.onSnapshot} />
-                                              </EditorContextProvider>
-                                            </PromptRefProvider>
-                                          </PromptHistoryProvider>
-                                        </FrecencyProvider>
-                                      </CommandProvider>
-                                    </DialogProvider>
-                                  </PromptStashProvider>
-                                </KeybindProvider>
-                              </LocalProvider>
-                            </ThemeProvider>
+                            <SyncProviderV2>
+                              <ThemeProvider mode={mode}>
+                                <LocalProvider>
+                                  <KeybindProvider>
+                                    <PromptStashProvider>
+                                      <DialogProvider>
+                                        <CommandProvider>
+                                          <FrecencyProvider>
+                                            <PromptHistoryProvider>
+                                              <PromptRefProvider>
+                                                <EditorContextProvider>
+                                                  <App onSnapshot={input.onSnapshot} />
+                                                </EditorContextProvider>
+                                              </PromptRefProvider>
+                                            </PromptHistoryProvider>
+                                          </FrecencyProvider>
+                                        </CommandProvider>
+                                      </DialogProvider>
+                                    </PromptStashProvider>
+                                  </KeybindProvider>
+                                </LocalProvider>
+                              </ThemeProvider>
+                            </SyncProviderV2>
                           </SyncProvider>
                         </ProjectProvider>
                       </SDKProvider>

packages/opencode/src/cli/cmd/tui/attach.ts

@@ -5,6 +5,7 @@ import { win32DisableProcessedInput, win32InstallCtrlCGuard } from "./win32"
 import { TuiConfig } from "@/cli/cmd/tui/config/tui"
 import { errorMessage } from "@/util/error"
 import { validateSession } from "./validate-session"
+import { ServerAuth } from "@/server/auth"
 
 export const AttachCommand = cmd({
   command: "attach <url>",
@@ -38,6 +39,11 @@ export const AttachCommand = cmd({
         alias: ["p"],
         type: "string",
         describe: "basic auth password (defaults to OPENCODE_SERVER_PASSWORD)",
+      })
+      .option("username", {
+        alias: ["u"],
+        type: "string",
+        describe: "basic auth username (defaults to OPENCODE_SERVER_USERNAME or 'opencode')",
       }),
   handler: async (args) => {
     const unguard = win32InstallCtrlCGuard()
@@ -60,12 +66,7 @@ export const AttachCommand = cmd({
           return args.dir
         }
       })()
-      const headers = (() => {
-        const password = args.password ?? process.env.OPENCODE_SERVER_PASSWORD
-        if (!password) return undefined
-        const auth = `Basic ${Buffer.from(`opencode:${password}`).toString("base64")}`
-        return { Authorization: auth }
-      })()
+      const headers = ServerAuth.headers({ password: args.password, username: args.username })
       const config = await TuiConfig.get()
 
       try {

packages/opencode/src/cli/cmd/tui/component/prompt/index.tsx

@@ -750,9 +750,18 @@ export function Prompt(props: PromptProps) {
       return false
     }
 
+    const variant = local.model.variant.current()
     let sessionID = props.sessionID
     if (sessionID == null) {
-      const res = await sdk.client.session.create({ workspace: props.workspaceID })
+      const res = await sdk.client.session.create({
+        workspace: props.workspaceID,
+        agent: agent.name,
+        model: {
+          providerID: selectedModel.providerID,
+          id: selectedModel.modelID,
+          variant,
+        },
+      })
 
       if (res.error) {
         console.log("Creating a session failed:", res.error)
@@ -792,7 +801,6 @@ export function Prompt(props: PromptProps) {
 
     // Capture mode before it gets reset
     const currentMode = store.mode
-    const variant = local.model.variant.current()
     const editorSelection = editorContext()
     const currentEditorSelectionKey = editorSelectionKey(editorSelection)
     const editorParts =

packages/opencode/src/cli/cmd/tui/config/tui.ts

@@ -68,29 +68,73 @@ function normalize(raw: Record<string, unknown>) {
   }
 }
 
-async function resolvePlugins(config: Info, configFilepath: string) {
-  if (!config.plugin) return config
-  for (let i = 0; i < config.plugin.length; i++) {
-    config.plugin[i] = await ConfigPlugin.resolvePluginSpec(config.plugin[i], configFilepath)
-  }
-  return config
-}
-
-async function mergeFile(acc: Acc, file: string, ctx: { directory: string }) {
-  const data = await loadFile(file)
-  acc.result = mergeDeep(acc.result, data)
-  if (!data.plugin?.length) return
-
-  const scope = pluginScope(file, ctx)
-  const plugins = ConfigPlugin.deduplicatePluginOrigins([
-    ...(acc.result.plugin_origins ?? []),
-    ...data.plugin.map((spec) => ({ spec, scope, source: file })),
-  ])
-  acc.result.plugin = plugins.map((item) => item.spec)
-  acc.result.plugin_origins = plugins
-}
-
 const loadState = Effect.fn("TuiConfig.loadState")(function* (ctx: { directory: string }) {
+  const afs = yield* AppFileSystem.Service
+
+  const resolvePlugins = (config: Info, configFilepath: string): Effect.Effect<Info> =>
+    Effect.gen(function* () {
+      const plugins = config.plugin
+      if (!plugins) return config
+      for (let i = 0; i < plugins.length; i++) {
+        plugins[i] = yield* Effect.promise(() => ConfigPlugin.resolvePluginSpec(plugins[i], configFilepath))
+      }
+      return config
+    })
+
+  const load = (text: string, configFilepath: string): Effect.Effect<Info> =>
+    Effect.gen(function* () {
+      const expanded = yield* Effect.promise(() =>
+        ConfigVariable.substitute({ text, type: "path", path: configFilepath, missing: "empty" }),
+      )
+      const data = ConfigParse.jsonc(expanded, configFilepath)
+      if (!isRecord(data)) return {} as Info
+      // Flatten a nested "tui" key so users who wrote `{ "tui": { ... } }` inside tui.json
+      // (mirroring the old opencode.json shape) still get their settings applied.
+      const validated = ConfigParse.schema(Info, normalize(data), configFilepath)
+      return yield* resolvePlugins(validated, configFilepath)
+    }).pipe(
+      // catchCause (not tapErrorCause + orElseSucceed) because ConfigParse.jsonc/.schema
+      // can sync-throw — those become defects, which orElseSucceed wouldn't catch.
+      Effect.catchCause((cause) =>
+        Effect.sync(() => {
+          log.warn("invalid tui config", { path: configFilepath, cause })
+          return {} as Info
+        }),
+      ),
+    )
+
+  const loadFile = (filepath: string): Effect.Effect<Info> =>
+    Effect.gen(function* () {
+      // Silent-swallow non-NotFound read errors (perms, EISDIR, IO) → log + skip.
+      // Matches how parse/schema/plugin failures in load() are handled — every
+      // broken-config path degrades gracefully rather than crashing TUI startup.
+      const text = yield* afs.readFileStringSafe(filepath).pipe(
+        Effect.catchCause((cause) =>
+          Effect.sync(() => {
+            log.warn("failed to read tui config", { path: filepath, cause })
+            return undefined
+          }),
+        ),
+      )
+      if (!text) return {} as Info
+      return yield* load(text, filepath)
+    })
+
+  const mergeFile = (acc: Acc, file: string) =>
+    Effect.gen(function* () {
+      const data = yield* loadFile(file)
+      acc.result = mergeDeep(acc.result, data)
+      if (!data.plugin?.length) return
+
+      const scope = pluginScope(file, ctx)
+      const plugins = ConfigPlugin.deduplicatePluginOrigins([
+        ...(acc.result.plugin_origins ?? []),
+        ...data.plugin.map((spec) => ({ spec, scope, source: file })),
+      ])
+      acc.result.plugin = plugins.map((item) => item.spec)
+      acc.result.plugin_origins = plugins
+    })
+
   // Every config dir we may read from: global config dir, any `.opencode`
   // folders between cwd and home, and OPENCODE_CONFIG_DIR.
   const directories = yield* ConfigPaths.directories(ctx.directory)
@@ -104,19 +148,19 @@ const loadState = Effect.fn("TuiConfig.loadState")(function* (ctx: { directory:
 
   // 1. Global tui config (lowest precedence).
   for (const file of ConfigPaths.fileInDirectory(Global.Path.config, "tui")) {
-    yield* Effect.promise(() => mergeFile(acc, file, ctx)).pipe(Effect.orDie)
+    yield* mergeFile(acc, file)
   }
 
   // 2. Explicit OPENCODE_TUI_CONFIG override, if set.
   if (Flag.OPENCODE_TUI_CONFIG) {
     const configFile = Flag.OPENCODE_TUI_CONFIG
-    yield* Effect.promise(() => mergeFile(acc, configFile, ctx)).pipe(Effect.orDie)
+    yield* mergeFile(acc, configFile)
     log.debug("loaded custom tui config", { path: configFile })
   }
 
   // 3. Project tui files, applied root-first so the closest file wins.
   for (const file of projectFiles) {
-    yield* Effect.promise(() => mergeFile(acc, file, ctx)).pipe(Effect.orDie)
+    yield* mergeFile(acc, file)
   }
 
   // 4. `.opencode` directories (and OPENCODE_CONFIG_DIR) discovered while
@@ -127,7 +171,7 @@ const loadState = Effect.fn("TuiConfig.loadState")(function* (ctx: { directory:
   for (const dir of dirs) {
     if (!dir.endsWith(".opencode") && dir !== Flag.OPENCODE_CONFIG_DIR) continue
     for (const file of ConfigPaths.fileInDirectory(dir, "tui")) {
-      yield* Effect.promise(() => mergeFile(acc, file, ctx)).pipe(Effect.orDie)
+      yield* mergeFile(acc, file)
     }
   }
 
@@ -192,29 +236,3 @@ export async function waitForDependencies() {
 export async function get() {
   return runPromise((svc) => svc.get())
 }
-
-async function loadFile(filepath: string): Promise<Info> {
-  const text = await ConfigPaths.readFile(filepath)
-  if (!text) return {}
-  return load(text, filepath).catch((error) => {
-    log.warn("failed to load tui config", { path: filepath, error })
-    return {}
-  })
-}
-
-async function load(text: string, configFilepath: string): Promise<Info> {
-  return ConfigVariable.substitute({ text, type: "path", path: configFilepath, missing: "empty" })
-    .then((expanded) => ConfigParse.jsonc(expanded, configFilepath))
-    .then((data) => {
-      if (!isRecord(data)) return {}
-
-      // Flatten a nested "tui" key so users who wrote `{ "tui": { ... } }` inside tui.json
-      // (mirroring the old opencode.json shape) still get their settings applied.
-      return ConfigParse.schema(Info, normalize(data), configFilepath)
-    })
-    .then((data) => resolvePlugins(data, configFilepath))
-    .catch((error) => {
-      log.warn("invalid tui config", { path: configFilepath, error })
-      return {}
-    })
-}

packages/opencode/src/cli/cmd/tui/context/sync-v2.tsx

@@ -0,0 +1,307 @@
+import { useEvent } from "@tui/context/event"
+import type {
+  SessionMessage,
+  SessionMessageAssistant,
+  SessionMessageAssistantReasoning,
+  SessionMessageAssistantText,
+  SessionMessageAssistantTool,
+} from "@opencode-ai/sdk/v2"
+import { createStore, produce, reconcile } from "solid-js/store"
+import { createSimpleContext } from "./helper"
+import { useSDK } from "./sdk"
+
+function activeAssistant(messages: SessionMessage[]) {
+  const index = messages.findLastIndex((message) => message.type === "assistant" && !message.time.completed)
+  if (index < 0) return
+  const assistant = messages[index]
+  return assistant?.type === "assistant" ? assistant : undefined
+}
+
+function activeCompaction(messages: SessionMessage[]) {
+  const index = messages.findLastIndex((message) => message.type === "compaction")
+  if (index < 0) return
+  const compaction = messages[index]
+  return compaction?.type === "compaction" ? compaction : undefined
+}
+
+function activeShell(messages: SessionMessage[], callID: string) {
+  const index = messages.findLastIndex((message) => message.type === "shell" && message.callID === callID)
+  if (index < 0) return
+  const shell = messages[index]
+  return shell?.type === "shell" ? shell : undefined
+}
+
+function latestTool(assistant: SessionMessageAssistant | undefined, callID?: string) {
+  return assistant?.content.findLast(
+    (item): item is SessionMessageAssistantTool => item.type === "tool" && (callID === undefined || item.id === callID),
+  )
+}
+
+function latestText(assistant: SessionMessageAssistant | undefined) {
+  return assistant?.content.findLast((item): item is SessionMessageAssistantText => item.type === "text")
+}
+
+function latestReasoning(assistant: SessionMessageAssistant | undefined, reasoningID: string) {
+  return assistant?.content.findLast(
+    (item): item is SessionMessageAssistantReasoning => item.type === "reasoning" && item.id === reasoningID,
+  )
+}
+
+export const { use: useSyncV2, provider: SyncProviderV2 } = createSimpleContext({
+  name: "SyncV2",
+  init: () => {
+    const [store, setStore] = createStore<{
+      messages: {
+        [sessionID: string]: SessionMessage[]
+      }
+    }>({
+      messages: {},
+    })
+
+    const event = useEvent()
+    const sdk = useSDK()
+
+    function update(sessionID: string, fn: (messages: SessionMessage[]) => void) {
+      setStore(
+        "messages",
+        produce((draft) => {
+          fn((draft[sessionID] ??= []))
+        }),
+      )
+    }
+
+    event.subscribe((event) => {
+      switch (event.type) {
+        case "session.next.prompted": {
+          update(event.properties.sessionID, (draft) => {
+            draft.push({
+              id: event.id,
+              type: "user",
+              text: event.properties.prompt.text,
+              files: event.properties.prompt.files,
+              agents: event.properties.prompt.agents,
+              time: { created: event.properties.timestamp },
+            })
+          })
+          break
+        }
+        case "session.next.synthetic":
+          update(event.properties.sessionID, (draft) => {
+            draft.push({
+              id: event.id,
+              type: "synthetic",
+              sessionID: event.properties.sessionID,
+              text: event.properties.text,
+              time: { created: event.properties.timestamp },
+            })
+          })
+          break
+        case "session.next.shell.started":
+          update(event.properties.sessionID, (draft) => {
+            draft.push({
+              id: event.id,
+              type: "shell",
+              callID: event.properties.callID,
+              command: event.properties.command,
+              output: "",
+              time: { created: event.properties.timestamp },
+            })
+          })
+          break
+        case "session.next.shell.ended":
+          update(event.properties.sessionID, (draft) => {
+            const match = activeShell(draft, event.properties.callID)
+            if (!match) return
+            match.output = event.properties.output
+            match.time.completed = event.properties.timestamp
+          })
+          break
+        case "session.next.step.started":
+          update(event.properties.sessionID, (draft) => {
+            const currentAssistant = activeAssistant(draft)
+            if (currentAssistant) currentAssistant.time.completed = event.properties.timestamp
+            draft.push({
+              id: event.id,
+              type: "assistant",
+              agent: event.properties.agent,
+              model: event.properties.model,
+              content: [],
+              snapshot: event.properties.snapshot ? { start: event.properties.snapshot } : undefined,
+              time: { created: event.properties.timestamp },
+            })
+          })
+          break
+        case "session.next.step.ended":
+          update(event.properties.sessionID, (draft) => {
+            const currentAssistant = activeAssistant(draft)
+            if (!currentAssistant) return
+            currentAssistant.time.completed = event.properties.timestamp
+            currentAssistant.finish = event.properties.finish
+            currentAssistant.cost = event.properties.cost
+            currentAssistant.tokens = event.properties.tokens
+            if (event.properties.snapshot)
+              currentAssistant.snapshot = { ...currentAssistant.snapshot, end: event.properties.snapshot }
+          })
+          break
+        case "session.next.step.failed":
+          update(event.properties.sessionID, (draft) => {
+            const currentAssistant = activeAssistant(draft)
+            if (!currentAssistant) return
+            currentAssistant.time.completed = event.properties.timestamp
+            currentAssistant.finish = "error"
+            currentAssistant.error = event.properties.error
+          })
+          break
+        case "session.next.text.started":
+          update(event.properties.sessionID, (draft) => {
+            activeAssistant(draft)?.content.push({ type: "text", text: "" })
+          })
+          break
+        case "session.next.text.delta":
+          update(event.properties.sessionID, (draft) => {
+            const match = latestText(activeAssistant(draft))
+            if (match) match.text += event.properties.delta
+          })
+          break
+        case "session.next.text.ended":
+          update(event.properties.sessionID, (draft) => {
+            const match = latestText(activeAssistant(draft))
+            if (match) match.text = event.properties.text
+          })
+          break
+        case "session.next.tool.input.started":
+          update(event.properties.sessionID, (draft) => {
+            activeAssistant(draft)?.content.push({
+              type: "tool",
+              id: event.properties.callID,
+              name: event.properties.name,
+              time: { created: event.properties.timestamp },
+              state: { status: "pending", input: "" },
+            })
+          })
+          break
+        case "session.next.tool.input.delta":
+          update(event.properties.sessionID, (draft) => {
+            const match = latestTool(activeAssistant(draft), event.properties.callID)
+            if (match?.state.status === "pending") match.state.input += event.properties.delta
+          })
+          break
+        case "session.next.tool.input.ended":
+          break
+        case "session.next.tool.called":
+          update(event.properties.sessionID, (draft) => {
+            const match = latestTool(activeAssistant(draft), event.properties.callID)
+            if (!match) return
+            match.time.ran = event.properties.timestamp
+            match.provider = event.properties.provider
+            match.state = { status: "running", input: event.properties.input, structured: {}, content: [] }
+          })
+          break
+        case "session.next.tool.progress":
+          update(event.properties.sessionID, (draft) => {
+            const match = latestTool(activeAssistant(draft), event.properties.callID)
+            if (match?.state.status !== "running") return
+            match.state.structured = event.properties.structured
+            match.state.content = [...event.properties.content]
+          })
+          break
+        case "session.next.tool.success":
+          update(event.properties.sessionID, (draft) => {
+            const match = latestTool(activeAssistant(draft), event.properties.callID)
+            if (match?.state.status !== "running") return
+            match.state = {
+              status: "completed",
+              input: match.state.input,
+              structured: event.properties.structured,
+              content: [...event.properties.content],
+            }
+            match.provider = event.properties.provider
+            match.time.completed = event.properties.timestamp
+          })
+          break
+        case "session.next.tool.failed":
+          update(event.properties.sessionID, (draft) => {
+            const match = latestTool(activeAssistant(draft), event.properties.callID)
+            if (match?.state.status !== "running") return
+            match.state = {
+              status: "error",
+              error: event.properties.error,
+              input: match.state.input,
+              structured: match.state.structured,
+              content: match.state.content,
+            }
+            match.provider = event.properties.provider
+            match.time.completed = event.properties.timestamp
+          })
+          break
+        case "session.next.reasoning.started":
+          update(event.properties.sessionID, (draft) => {
+            activeAssistant(draft)?.content.push({
+              type: "reasoning",
+              id: event.properties.reasoningID,
+              text: "",
+            })
+          })
+          break
+        case "session.next.reasoning.delta":
+          update(event.properties.sessionID, (draft) => {
+            const match = latestReasoning(activeAssistant(draft), event.properties.reasoningID)
+            if (match) match.text += event.properties.delta
+          })
+          break
+        case "session.next.reasoning.ended":
+          update(event.properties.sessionID, (draft) => {
+            const match = latestReasoning(activeAssistant(draft), event.properties.reasoningID)
+            if (match) match.text = event.properties.text
+          })
+          break
+        case "session.next.retried":
+          break
+        case "session.next.compaction.started":
+          update(event.properties.sessionID, (draft) => {
+            draft.push({
+              id: event.id,
+              type: "compaction",
+              reason: event.properties.reason,
+              summary: "",
+              time: { created: event.properties.timestamp },
+            })
+          })
+          break
+        case "session.next.compaction.delta":
+          update(event.properties.sessionID, (draft) => {
+            const match = activeCompaction(draft)
+            if (match) match.summary += event.properties.text
+          })
+          break
+        case "session.next.compaction.ended":
+          update(event.properties.sessionID, (draft) => {
+            const match = activeCompaction(draft)
+            if (!match) return
+            match.summary = event.properties.text
+            match.include = event.properties.include
+          })
+          break
+      }
+    })
+
+    const result = {
+      data: store,
+      session: {
+        message: {
+          async sync(sessionID: string) {
+            const response = await sdk.client.v2.session.messages({ sessionID })
+            setStore("messages", sessionID, reconcile(response.data?.items ?? []))
+          },
+          fromSession(sessionID: string) {
+            const messages = store.messages[sessionID]
+            if (!messages) return []
+            return messages
+          },
+        },
+      },
+    }
+
+    return result
+  },
+})

packages/opencode/src/cli/cmd/tui/plugin/internal.ts

@@ -7,7 +7,9 @@ import SidebarTodo from "../feature-plugins/sidebar/todo"
 import SidebarFiles from "../feature-plugins/sidebar/files"
 import SidebarFooter from "../feature-plugins/sidebar/footer"
 import PluginManager from "../feature-plugins/system/plugins"
+import SessionV2Debug from "../feature-plugins/system/session-v2"
 import type { TuiPlugin, TuiPluginModule } from "@opencode-ai/plugin/tui"
+import { Flag } from "@opencode-ai/core/flag/flag"
 
 export type InternalTuiPlugin = TuiPluginModule & {
   id: string
@@ -24,4 +26,5 @@ export const INTERNAL_TUI_PLUGINS: InternalTuiPlugin[] = [
   SidebarFiles,
   SidebarFooter,
   PluginManager,
+  ...(Flag.OPENCODE_EXPERIMENTAL_EVENT_SYSTEM ? [SessionV2Debug] : []),
 ]

packages/opencode/src/cli/cmd/tui/plugin/runtime.ts

@@ -16,7 +16,7 @@ import { TuiConfig } from "@/cli/cmd/tui/config/tui"
 import * as Log from "@opencode-ai/core/util/log"
 import { errorData, errorMessage } from "@/util/error"
 import { isRecord } from "@/util/record"
-import { Instance } from "@/project/instance"
+import { WithInstance } from "@/project/with-instance"
 import {
   readPackageThemes,
   readPluginId,
@@ -790,7 +790,7 @@ async function addPluginBySpec(state: RuntimeState | undefined, raw: string) {
     state.pending.delete(spec)
     return true
   }
-  const ready = await Instance.provide({
+  const ready = await WithInstance.provide({
     directory: state.directory,
     fn: () => resolveExternalPlugins([cfg], () => TuiConfig.waitForDependencies()),
   }).catch((error) => {
@@ -986,7 +986,7 @@ async function load(input: { api: Api; config: TuiConfig.Info }) {
   }
   runtime = next
   try {
-    await Instance.provide({
+    await WithInstance.provide({
       directory: cwd,
       fn: async () => {
         const records = Flag.OPENCODE_PURE ? [] : (config.plugin_origins ?? [])

packages/opencode/src/cli/cmd/tui/routes/session/index.tsx

@@ -37,7 +37,8 @@ import { Locale } from "@/util/locale"
 import type { Tool } from "@/tool/tool"
 import type { ReadTool } from "@/tool/read"
 import type { WriteTool } from "@/tool/write"
-import { BashTool } from "@/tool/bash"
+import { ShellTool } from "@/tool/shell"
+import { ShellID } from "@/tool/shell/id"
 import type { GlobTool } from "@/tool/glob"
 import { TodoWriteTool } from "@/tool/todo"
 import type { GrepTool } from "@/tool/grep"
@@ -1552,8 +1553,8 @@ function ToolPart(props: { last: boolean; part: ToolPart; message: AssistantMess
   return (
     <Show when={!shouldHide()}>
       <Switch>
-        <Match when={props.part.tool === "bash"}>
-          <Bash {...toolprops} />
+        <Match when={props.part.tool === ShellID.ToolID}>
+          <Shell {...toolprops} />
         </Match>
         <Match when={props.part.tool === "glob"}>
           <Glob {...toolprops} />
@@ -1784,7 +1785,7 @@ function BlockTool(props: {
   )
 }
 
-function Bash(props: ToolProps<typeof BashTool>) {
+function Shell(props: ToolProps<typeof ShellTool>) {
   const { theme } = useTheme()
   const sync = useSync()
   const isRunning = createMemo(() => props.part.state.status === "running")

packages/opencode/src/cli/cmd/tui/routes/session/permission.tsx

@@ -15,6 +15,7 @@ import { LANGUAGE_EXTENSIONS } from "@/lsp/language"
 import { Keybind } from "@/util/keybind"
 import { Locale } from "@/util/locale"
 import { Global } from "@opencode-ai/core/global"
+import { ShellID } from "@/tool/shell/id"
 import { useDialog } from "../../ui/dialog"
 import { getScrollAcceleration } from "../../util/scroll"
 import { useTuiConfig } from "../../context/tui-config"
@@ -287,7 +288,7 @@ export function PermissionPrompt(props: { request: PermissionRequest }) {
               }
             }
 
-            if (permission === "bash") {
+            if (permission === ShellID.ToolID) {
               const title =
                 typeof data.description === "string" && data.description ? data.description : "Shell command"
               const command = typeof data.command === "string" ? data.command : ""

packages/opencode/src/cli/cmd/tui/worker.ts

@@ -1,17 +1,19 @@
 import { Installation } from "@/installation"
 import { Server } from "@/server/server"
 import * as Log from "@opencode-ai/core/util/log"
-import { Instance } from "@/project/instance"
-import { InstanceStore } from "@/project/instance-store"
+import { InstanceRuntime } from "@/project/instance-runtime"
+import { WithInstance } from "@/project/with-instance"
 import { Rpc } from "@/util/rpc"
 import { upgrade } from "@/cli/upgrade"
 import { Config } from "@/config/config"
 import { GlobalBus } from "@/bus/global"
-import { Flag } from "@opencode-ai/core/flag/flag"
+import { ServerAuth } from "@/server/auth"
 import { writeHeapSnapshot } from "node:v8"
 import { Heap } from "@/cli/heap"
 import { AppRuntime } from "@/effect/app-runtime"
 import { ensureProcessMetadata } from "@opencode-ai/core/util/opencode-process"
+import { Effect } from "effect"
+import { disposeAllInstancesAndEmitGlobalDisposed } from "@/server/global-lifecycle"
 
 ensureProcessMetadata("worker")
 
@@ -48,7 +50,7 @@ let server: Awaited<ReturnType<typeof Server.listen>> | undefined
 export const rpc = {
   async fetch(input: { url: string; method: string; headers: Record<string, string>; body?: string }) {
     const headers = { ...input.headers }
-    const auth = getAuthorizationHeader()
+    const auth = ServerAuth.header()
     if (auth && !headers["authorization"] && !headers["Authorization"]) {
       headers["Authorization"] = auth
     }
@@ -75,7 +77,7 @@ export const rpc = {
     return { url: server.url.toString() }
   },
   async checkUpgrade(input: { directory: string }) {
-    await Instance.provide({
+    await WithInstance.provide({
       directory: input.directory,
       fn: async () => {
         await upgrade().catch(() => {})
@@ -83,21 +85,20 @@ export const rpc = {
     })
   },
   async reload() {
-    await AppRuntime.runPromise(Config.Service.use((cfg) => cfg.invalidate(true)))
+    await AppRuntime.runPromise(
+      Effect.gen(function* () {
+        const cfg = yield* Config.Service
+        yield* cfg.invalidate()
+        yield* disposeAllInstancesAndEmitGlobalDisposed({ swallowErrors: true })
+      }),
+    )
   },
   async shutdown() {
     Log.Default.info("worker shutting down")
 
-    await InstanceStore.disposeAllInstances()
+    await InstanceRuntime.disposeAllInstances()
     if (server) await server.stop(true)
   },
 }
 
 Rpc.listen(rpc)
-
-function getAuthorizationHeader(): string | undefined {
-  const password = Flag.OPENCODE_SERVER_PASSWORD
-  if (!password) return undefined
-  const username = Flag.OPENCODE_SERVER_USERNAME ?? "opencode"
-  return `Basic ${btoa(`${username}:${password}`)}`
-}

packages/opencode/src/cli/cmd/web.ts

@@ -1,6 +1,7 @@
+import { Effect } from "effect"
 import { Server } from "../../server/server"
 import { UI } from "../ui"
-import { cmd } from "./cmd"
+import { effectCmd } from "../effect-cmd"
 import { withNetworkOptions, resolveNetworkOptions } from "../network"
 import { Flag } from "@opencode-ai/core/flag/flag"
 import open from "open"
@@ -28,16 +29,19 @@ function getNetworkIPs() {
   return results
 }
 
-export const WebCommand = cmd({
+export const WebCommand = effectCmd({
   command: "web",
   builder: (yargs) => withNetworkOptions(yargs),
   describe: "start opencode server and open web interface",
-  handler: async (args) => {
+  // Server loads instances per-request via x-opencode-directory header — no
+  // ambient project InstanceContext needed at startup.
+  instance: false,
+  handler: Effect.fn("Cli.web")(function* (args) {
     if (!Flag.OPENCODE_SERVER_PASSWORD) {
       UI.println(UI.Style.TEXT_WARNING_BOLD + "!  OPENCODE_SERVER_PASSWORD is not set; server is unsecured.")
     }
-    const opts = await resolveNetworkOptions(args)
-    const server = await Server.listen(opts)
+    const opts = yield* Effect.promise(() => resolveNetworkOptions(args))
+    const server = yield* Effect.promise(() => Server.listen(opts))
     UI.empty()
     UI.println(UI.logo("  "))
     UI.empty()
@@ -75,7 +79,6 @@ export const WebCommand = cmd({
       open(displayUrl).catch(() => {})
     }
 
-    await new Promise(() => {})
-    await server.stop()
-  },
+    yield* Effect.never
+  }),
 })

packages/opencode/src/cli/effect-cmd.ts

@@ -0,0 +1,103 @@
+import type { Argv } from "yargs"
+import { Effect, Schema } from "effect"
+import { AppRuntime, type AppServices } from "@/effect/app-runtime"
+import { InstanceStore } from "@/project/instance-store"
+import { InstanceRef } from "@/effect/instance-ref"
+import { Instance } from "@/project/instance"
+import { cmd, type WithDoubleDash } from "./cmd/cmd"
+
+/**
+ * User-visible command failure. Throw via `fail("...")` from an effectCmd handler
+ * to surface a printed message + non-zero exit. Recognised by the global error
+ * formatter in `src/cli/error.ts` (FormatError), so the existing top-level
+ * catch + cleanup in `src/index.ts` runs normally.
+ */
+export class CliError extends Schema.TaggedErrorClass<CliError>()("CliError", {
+  message: Schema.String,
+  exitCode: Schema.optional(Schema.Number),
+}) {}
+
+export const fail = (message: string, exitCode = 1) => Effect.fail(new CliError({ message, exitCode }))
+
+interface EffectCmdOpts<Args, A> {
+  command: string | readonly string[]
+  aliases?: string | readonly string[]
+  describe: string | false
+  builder?: (yargs: Argv) => Argv<Args>
+  /**
+   * Whether the command needs a project InstanceContext. Defaults to true.
+   *
+   * `true` (default): wraps the handler in `InstanceStore.Service.provide({directory})`
+   * so `InstanceRef` resolves to a loaded `InstanceContext`. Auto-disposes via
+   * `Effect.ensuring(store.dispose(ctx))` on every Exit (matches the legacy
+   * `bootstrap()` finally-disposal). Runs InstanceBootstrap (config + plugin
+   * init + LSP/File/etc forks) eagerly.
+   *
+   * `false`: skip the instance entirely. Saves the InstanceBootstrap work and
+   * suppresses the `server.instance.disposed` IPC event. The handler runs
+   * directly under AppRuntime — it can yield any `AppServices` but must not
+   * yield `InstanceRef` (it'd be undefined, causing a defect).
+   *
+   * Function form: `(args) => boolean` decides per-invocation. Useful for
+   * commands like `run --attach <url>` where one flag flips between local
+   * (needs instance) and remote (doesn't).
+   *
+   * Use `false` for commands that don't read project state (e.g. `models`,
+   * `serve`, `web`, `account`, `db`, `upgrade`).
+   */
+  instance?: boolean | ((args: Args) => boolean)
+  /** Defaults to process.cwd(). Override for commands that take a directory positional. */
+  directory?: (args: Args) => string
+  handler: (args: WithDoubleDash<Args>) => Effect.Effect<A, CliError, AppServices | InstanceStore.Service>
+}
+
+/**
+ * Effect-native CLI command builder. Wraps yargs `cmd()` so the handler body is
+ * an `Effect` with `InstanceRef` provided and any `AppServices` yieldable.
+ *
+ * The handler is wrapped in `Effect.ensuring(store.dispose(ctx))` so the loaded
+ * InstanceContext is disposed (runDisposers + IPC `server.instance.disposed`)
+ * on every Exit — success, typed failure, defect, or interruption. Matches the
+ * legacy `bootstrap()` finally-disposal semantics without per-handler boilerplate.
+ *
+ * Errors propagate to the existing top-level handler in `src/index.ts`; use
+ * `fail("...")` for user-visible domain failures (clean exit, formatted message).
+ *
+ * Handlers are typically `Effect.fn("Cli.<name>")(function*(args) { ... })`,
+ * which adds a named tracing span per CLI invocation. Once all commands use
+ * `effectCmd`, swapping the underlying `cmd()` factory for effect/cli's
+ * `Command.make(...)` won't touch any handler bodies.
+ */
+export const effectCmd = <Args, A>(opts: EffectCmdOpts<Args, A>) =>
+  cmd<{}, Args>({
+    command: opts.command,
+    aliases: opts.aliases,
+    describe: opts.describe,
+    builder: opts.builder as never,
+    async handler(rawArgs) {
+      // yargs typing wraps Args in ArgumentsCamelCase<WithDoubleDash<...>>; cast at the boundary.
+      const args = rawArgs as unknown as WithDoubleDash<Args>
+      const useInstance = typeof opts.instance === "function" ? opts.instance(args) : opts.instance !== false
+      if (!useInstance) {
+        await AppRuntime.runPromise(opts.handler(args))
+        return
+      }
+      const directory = opts.directory?.(args) ?? process.cwd()
+      // Two-phase: load ctx, then run body inside Instance.current ALS.
+      // Effect's InstanceRef is provided via fiber context, but that context is
+      // lost across `await` inside `Effect.promise(async () => ...)` callbacks
+      // — when handlers re-enter Effect via `AppRuntime.runPromise(svc.method())`
+      // there, attach() falls back to Instance.current ALS, which Node preserves
+      // across awaits. Matches the pre-effectCmd `bootstrap()` behavior.
+      const { store, ctx } = await AppRuntime.runPromise(
+        InstanceStore.Service.use((store) => store.load({ directory }).pipe(Effect.map((ctx) => ({ store, ctx })))),
+      )
+      try {
+        await Instance.restore(ctx, () =>
+          AppRuntime.runPromise(opts.handler(args).pipe(Effect.provideService(InstanceRef, ctx))),
+        )
+      } finally {
+        await AppRuntime.runPromise(store.dispose(ctx))
+      }
+    },
+  })

packages/opencode/src/cli/effect/prompt.ts

@@ -6,15 +6,27 @@ export const outro = (msg: string) => Effect.sync(() => prompts.outro(msg))
 
 export const log = {
   info: (msg: string) => Effect.sync(() => prompts.log.info(msg)),
+  error: (msg: string) => Effect.sync(() => prompts.log.error(msg)),
+  warn: (msg: string) => Effect.sync(() => prompts.log.warn(msg)),
+  success: (msg: string) => Effect.sync(() => prompts.log.success(msg)),
+}
+
+const optional = <Value>(result: Value | symbol) => {
+  if (prompts.isCancel(result)) return Option.none<Value>()
+  return Option.some(result)
 }
 
 export const select = <Value>(opts: Parameters<typeof prompts.select<Value>>[0]) =>
-  Effect.tryPromise(() => prompts.select(opts)).pipe(
-    Effect.map((result) => {
-      if (prompts.isCancel(result)) return Option.none<Value>()
-      return Option.some(result)
-    }),
-  )
+  Effect.promise(() => prompts.select(opts)).pipe(Effect.map((result) => optional(result)))
+
+export const autocomplete = <Value>(opts: Parameters<typeof prompts.autocomplete<Value>>[0]) =>
+  Effect.promise(() => prompts.autocomplete(opts)).pipe(Effect.map((result) => optional(result)))
+
+export const text = (opts: Parameters<typeof prompts.text>[0]) =>
+  Effect.promise(() => prompts.text(opts)).pipe(Effect.map((result) => optional(result)))
+
+export const password = (opts: Parameters<typeof prompts.password>[0]) =>
+  Effect.promise(() => prompts.password(opts)).pipe(Effect.map((result) => optional(result)))
 
 export const spinner = () => {
   const s = prompts.spinner()

packages/opencode/src/cli/error.ts

@@ -15,6 +15,13 @@ function isTaggedError(error: unknown, tag: string): boolean {
 }
 
 export function FormatError(input: unknown) {
+  // CliError: domain failure surfaced from an effectCmd handler via fail("...")
+  if (isTaggedError(input, "CliError")) {
+    const data = input as ErrorLike & { exitCode?: number }
+    if (data.exitCode != null) process.exitCode = data.exitCode
+    return data.message ?? ""
+  }
+
   // MCPFailed: { name: string }
   if (NamedError.hasName(input, "MCPFailed")) {
     return `MCP server "${(input as ErrorLike).data?.name}" failed. Note, opencode does not support MCP authentication yet.`

packages/opencode/src/config/config.ts

@@ -12,11 +12,8 @@ import { Auth } from "../auth"
 import { Env } from "../env"
 import { applyEdits, modify } from "jsonc-parser"
 import { type InstanceContext } from "../project/instance"
-import { InstanceStore } from "../project/instance-store"
 import { InstallationLocal, InstallationVersion } from "@opencode-ai/core/installation/version"
 import { existsSync } from "fs"
-import { GlobalBus } from "@/bus/global"
-import { Event } from "../server/event"
 import { Account } from "@/account/account"
 import { isRecord } from "@/util/record"
 import type { ConsoleState } from "./console-state"
@@ -195,8 +192,14 @@ export const Info = Schema.Struct({
       ]),
     ),
   ).annotate({ description: "MCP (Model Context Protocol) server configurations" }),
-  formatter: Schema.optional(ConfigFormatter.Info),
-  lsp: Schema.optional(ConfigLSP.Info),
+  formatter: Schema.optional(ConfigFormatter.Info).annotate({
+    description:
+      "Enable or configure formatters. Omit or set to false to disable, true to enable built-ins, or an object to enable built-ins with overrides.",
+  }),
+  lsp: Schema.optional(ConfigLSP.Info).annotate({
+    description:
+      "Enable or configure LSP servers. Omit or set to false to disable, true to enable built-ins, or an object to enable built-ins with overrides.",
+  }),
   instructions: Schema.optional(Schema.mutable(Schema.Array(Schema.String))).annotate({
     description: "Additional instruction files or patterns to include",
   }),
@@ -289,9 +292,9 @@ export interface Interface {
   readonly get: () => Effect.Effect<Info>
   readonly getGlobal: () => Effect.Effect<Info>
   readonly getConsoleState: () => Effect.Effect<ConsoleState>
-  readonly update: (config: Info, options?: { dispose?: boolean }) => Effect.Effect<void>
-  readonly updateGlobal: (config: Info) => Effect.Effect<Info>
-  readonly invalidate: (wait?: boolean) => Effect.Effect<void>
+  readonly update: (config: Info) => Effect.Effect<void>
+  readonly updateGlobal: (config: Info) => Effect.Effect<{ info: Info; changed: boolean }>
+  readonly invalidate: () => Effect.Effect<void>
   readonly directories: () => Effect.Effect<string[]>
   readonly waitForDependencies: () => Effect.Effect<void>
 }
@@ -352,15 +355,7 @@ export const layer = Layer.effect(
     const env = yield* Env.Service
     const npmSvc = yield* Npm.Service
 
-    const readConfigFile = Effect.fnUntraced(function* (filepath: string) {
-      return yield* fs.readFileString(filepath).pipe(
-        Effect.catchIf(
-          (e) => e.reason._tag === "NotFound",
-          () => Effect.succeed(undefined),
-        ),
-        Effect.orDie,
-      )
-    })
+    const readConfigFile = (filepath: string) => fs.readFileStringSafe(filepath).pipe(Effect.orDie)
 
     const loadConfig = Effect.fnUntraced(function* (
       text: string,
@@ -730,37 +725,17 @@ export const layer = Layer.effect(
       )
     })
 
-    const update = Effect.fn("Config.update")(function* (config: Info, options?: { dispose?: boolean }) {
+    const update = Effect.fn("Config.update")(function* (config: Info) {
       const dir = yield* InstanceState.directory
       const file = path.join(dir, "config.json")
       const existing = yield* loadFile(file)
       yield* fs
         .writeFileString(file, JSON.stringify(mergeDeep(writable(existing), writable(config)), null, 2))
         .pipe(Effect.orDie)
-      if (options?.dispose !== false) {
-        // Fail loudly if no instance is bound — silently skipping would
-        // mask "config update without an active instance" bugs. The throw
-        // comes from `Instance.current` inside `InstanceState.context`.
-        const ctx = yield* InstanceState.context
-        yield* Effect.promise(() => InstanceStore.disposeInstance(ctx))
-      }
     })
 
-    const invalidate = Effect.fn("Config.invalidate")(function* (wait?: boolean) {
+    const invalidate = Effect.fn("Config.invalidate")(function* () {
       yield* invalidateGlobal
-      const task = InstanceStore.disposeAllInstances()
-        .catch(() => undefined)
-        .finally(() =>
-          GlobalBus.emit("event", {
-            directory: "global",
-            payload: {
-              type: Event.Disposed.type,
-              properties: {},
-            },
-          }),
-        )
-      if (wait) yield* Effect.promise(() => task)
-      else void task
     })
 
     const updateGlobal = Effect.fn("Config.updateGlobal")(function* (config: Info) {
@@ -784,9 +759,8 @@ export const layer = Layer.effect(
         if (changed) yield* fs.writeFileString(file, updated).pipe(Effect.orDie)
       }
 
-      // Only tear down running instances if the config actually changed.
       if (changed) yield* invalidate()
-      return next
+      return { info: next, changed }
     })
 
     return Service.of({

packages/opencode/src/config/paths.ts

@@ -1,11 +1,9 @@
 export * as ConfigPaths from "./paths"
 
 import path from "path"
-import { Filesystem } from "@/util/filesystem"
 import { Flag } from "@opencode-ai/core/flag/flag"
 import { Global } from "@opencode-ai/core/global"
 import { unique } from "remeda"
-import { JsonError } from "./error"
 import * as Effect from "effect/Effect"
 import { AppFileSystem } from "@opencode-ai/core/filesystem"
 
@@ -45,11 +43,3 @@ export const directories = Effect.fn("ConfigPaths.directories")(function* (direc
 export function fileInDirectory(dir: string, name: string) {
   return [path.join(dir, `${name}.json`), path.join(dir, `${name}.jsonc`)]
 }
-
-/** Read a config file, returning undefined for missing files and throwing JsonError for other failures. */
-export async function readFile(filepath: string) {
-  return Filesystem.readText(filepath).catch((err: NodeJS.ErrnoException) => {
-    if (err.code === "ENOENT") return
-    throw new JsonError({ path: filepath }, { cause: err })
-  })
-}