Apply PR #24229 : fix: lazy session error schema

Apply PR #22753 : core: move plugin intialisation to config layer override
Apply PR #21537 : fix(app): remove pierre diff virtualization
2026-05-04 15:50:44 +08:00 · 2026-05-04 07:25:31 +00:00 · 2026-05-04 07:25:30 +00:00 · 2026-05-04 07:22:59 +00:00 · 2026-05-04 07:21:59 +00:00 · 2026-05-04 07:17:31 +00:00
53 changed files with 1225 additions and 1097 deletions
--- a/packages/app/src/components/terminal.tsx
+++ b/packages/app/src/components/terminal.tsx
@@ -479,6 +479,21 @@ export const Terminal = (props: TerminalProps) => {
            return false
          })

+      const connectToken = async () => {
+        const result = await client.pty.connectToken(
+          { ptyID: id },
+          {
+            throwOnError: false,
+            headers: { "x-opencode-ticket": "1" },
+          },
+        )
+        if (result.response.status === 200 && result.data?.ticket) return result.data.ticket
+        if ((result.response.status === 404 || result.response.status === 405) && password) return
+        if (result.response.status === 403)
+          throw new Error("PTY connect ticket rejected by origin or CSRF checks. Check the server CORS config.")
+        throw new Error(`PTY connect ticket failed with ${result.response.status}`)
+      }
+
      const retry = (err: unknown) => {
        if (disposed) return
        if (reconn !== undefined) return
@@ -498,12 +513,29 @@ export const Terminal = (props: TerminalProps) => {
        }, ms)
      }

-      const open = () => {
+      const open = async () => {
        if (disposed) return
        drop?.()

+        const ticket = await connectToken().catch((err) => {
+          fail(err)
+          return undefined
+        })
+        if (once.value) return
+        if (disposed) return
+
        const socket = new WebSocket(
-          terminalWebSocketURL({ url, id, directory, cursor: seek, sameOrigin, username, password }),
+          terminalWebSocketURL({
+            url,
+            id,
+            directory,
+            cursor: seek,
+            ticket,
+            sameOrigin,
+            username,
+            password,
+            authToken: server.current?.type === "http" ? server.current.authToken : false,
+          }),
        )
        socket.binaryType = "arraybuffer"
        ws = socket
--- a/packages/app/src/context/server.test.ts
+++ b/packages/app/src/context/server.test.ts
@@ -0,0 +1,53 @@
+import { describe, expect, test } from "bun:test"
+import { resolveServerList, ServerConnection } from "./server"
+
+describe("resolveServerList", () => {
+  test("lets startup auth_token credentials override a persisted same-url server", () => {
+    const list = resolveServerList({
+      stored: [{ url: "https://server.example.test" }],
+      props: [
+        {
+          type: "http",
+          authToken: true,
+          http: {
+            url: "https://server.example.test",
+            username: "opencode",
+            password: "secret",
+          },
+        },
+      ],
+    })
+
+    expect(list).toHaveLength(1)
+    expect(list[0]?.type).toBe("http")
+    expect(list[0]?.http).toEqual({
+      url: "https://server.example.test",
+      username: "opencode",
+      password: "secret",
+    })
+    expect(list[0]?.type === "http" ? list[0].authToken : false).toBe(true)
+    expect(ServerConnection.key(list[0]!) as string).toBe("https://server.example.test")
+  })
+
+  test("keeps persisted credentials when startup has no auth_token", () => {
+    const list = resolveServerList({
+      stored: [
+        {
+          url: "https://server.example.test",
+          username: "opencode",
+          password: "saved",
+        },
+      ],
+      props: [{ type: "http", http: { url: "https://server.example.test" } }],
+    })
+
+    expect(list).toHaveLength(1)
+    expect(list[0]?.type).toBe("http")
+    expect(list[0]?.http).toEqual({
+      url: "https://server.example.test",
+      username: "opencode",
+      password: "saved",
+    })
+    expect(list[0]?.type === "http" ? list[0].authToken : true).toBeUndefined()
+  })
+})
--- a/packages/app/src/context/server.tsx
+++ b/packages/app/src/context/server.tsx
@@ -33,6 +33,33 @@ function isLocalHost(url: string) {
  if (host === "localhost" || host === "127.0.0.1") return "local"
 }

+export function resolveServerList(input: {
+  props?: Array<ServerConnection.Any>
+  stored: StoredServer[]
+}): Array<ServerConnection.Any> {
+  const servers = [
+    ...input.stored.map((value) =>
+      typeof value === "string"
+        ? {
+            type: "http" as const,
+            http: { url: value },
+          }
+        : value,
+    ),
+    ...(input.props ?? []),
+  ]
+
+  const deduped = new Map<ServerConnection.Key, ServerConnection.Any>()
+  for (const value of servers) {
+    const conn: ServerConnection.Any = "type" in value ? value : { type: "http", http: value }
+    const key = ServerConnection.key(conn)
+    if (deduped.has(key) && conn.type === "http" && !conn.authToken) continue
+    deduped.set(key, conn)
+  }
+
+  return [...deduped.values()]
+}
+
 export namespace ServerConnection {
  type Base = { displayName?: string }

@@ -46,6 +73,7 @@ export namespace ServerConnection {
  export type Http = {
    type: "http"
    http: HttpBase
+    authToken?: boolean
  } & Base

  export type Sidecar = {
@@ -113,26 +141,7 @@ export const { use: useServer, provider: ServerProvider } = createSimpleContext(
    const url = (x: StoredServer) => (typeof x === "string" ? x : "type" in x ? x.http.url : x.url)

    const allServers = createMemo((): Array<ServerConnection.Any> => {
-      const servers = [
-        ...(props.servers ?? []),
-        ...store.list.map((value) =>
-          typeof value === "string"
-            ? {
-                type: "http" as const,
-                http: { url: value },
-              }
-            : value,
-        ),
-      ]
-
-      const deduped = new Map(
-        servers.map((value) => {
-          const conn: ServerConnection.Any = "type" in value ? value : { type: "http", http: value }
-          return [ServerConnection.key(conn), conn]
-        }),
-      )
-
-      return [...deduped.values()]
+      return resolveServerList({ stored: store.list, props: props.servers })
    })

    const [state, setState] = createStore({
@@ -174,7 +183,7 @@ export const { use: useServer, provider: ServerProvider } = createSimpleContext(
    function add(input: ServerConnection.Http) {
      const url_ = normalizeServerUrl(input.http.url)
      if (!url_) return
-      const conn = { ...input, http: { ...input.http, url: url_ } }
+      const conn: ServerConnection.Http = { ...input, authToken: undefined, http: { ...input.http, url: url_ } }
      return batch(() => {
        const existing = store.list.findIndex((x) => url(x) === url_)
        if (existing !== -1) {
--- a/packages/app/src/entry.tsx
+++ b/packages/app/src/entry.tsx
@@ -7,6 +7,7 @@ import { type Platform, PlatformProvider } from "@/context/platform"
 import { dict as en } from "@/i18n/en"
 import { dict as zh } from "@/i18n/zh"
 import { handleNotificationClick } from "@/utils/notification-click"
+import { authFromToken } from "@/utils/server"
 import pkg from "../package.json"
 import { ServerConnection } from "./context/server"

@@ -111,6 +112,13 @@ const getDefaultUrl = () => {
  return getCurrentUrl()
 }

+const clearAuthToken = () => {
+  const params = new URLSearchParams(location.search)
+  if (!params.has("auth_token")) return
+  params.delete("auth_token")
+  history.replaceState(null, "", location.pathname + (params.size ? `?${params}` : "") + location.hash)
+}
+
 const platform: Platform = {
  platform: "web",
  version: pkg.version,
@@ -146,7 +154,16 @@ if (import.meta.env.VITE_SENTRY_DSN) {
 }

 if (root instanceof HTMLElement) {
-  const server: ServerConnection.Http = { type: "http", http: { url: getCurrentUrl() } }
+  const auth = authFromToken(new URLSearchParams(location.search).get("auth_token"))
+  clearAuthToken()
+  const server: ServerConnection.Http = {
+    type: "http",
+    authToken: !!auth,
+    http: {
+      url: getCurrentUrl(),
+      ...auth,
+    },
+  }
  render(
    () => (
      <PlatformProvider value={platform}>
--- a/packages/app/src/utils/server.test.ts
+++ b/packages/app/src/utils/server.test.ts
@@ -0,0 +1,23 @@
+import { describe, expect, test } from "bun:test"
+import { authFromToken, authTokenFromCredentials } from "./server"
+
+describe("authFromToken", () => {
+  test("decodes basic auth credentials from auth_token", () => {
+    expect(authFromToken(btoa("kit:secret"))).toEqual({ username: "kit", password: "secret" })
+  })
+
+  test("defaults blank username to opencode", () => {
+    expect(authFromToken(btoa(":secret"))).toEqual({ username: "opencode", password: "secret" })
+  })
+
+  test("ignores malformed tokens", () => {
+    expect(authFromToken("not base64")).toBeUndefined()
+    expect(authFromToken(btoa("missing-separator"))).toBeUndefined()
+  })
+})
+
+describe("authTokenFromCredentials", () => {
+  test("encodes credentials with the default username", () => {
+    expect(authTokenFromCredentials({ password: "secret" })).toBe(btoa("opencode:secret"))
+  })
+})
--- a/packages/app/src/utils/server.ts
+++ b/packages/app/src/utils/server.ts
@@ -1,5 +1,21 @@
 import { createOpencodeClient } from "@opencode-ai/sdk/v2/client"
 import type { ServerConnection } from "@/context/server"
+import { decode64 } from "@/utils/base64"
+
+export function authTokenFromCredentials(input: { username?: string; password: string }) {
+  return btoa(`${input.username ?? "opencode"}:${input.password}`)
+}
+
+export function authFromToken(token: string | null) {
+  const decoded = decode64(token ?? undefined)
+  if (!decoded) return
+  const separator = decoded.indexOf(":")
+  if (separator === -1) return
+  return {
+    username: decoded.slice(0, separator) || "opencode",
+    password: decoded.slice(separator + 1),
+  }
+}

 export function createSdkForServer({
  server,
@@ -10,7 +26,7 @@ export function createSdkForServer({
  const auth = (() => {
    if (!server.password) return
    return {
-      Authorization: `Basic ${btoa(`${server.username ?? "opencode"}:${server.password}`)}`,
+      Authorization: `Basic ${authTokenFromCredentials({ username: server.username, password: server.password })}`,
    }
  })()

--- a/packages/app/src/utils/terminal-websocket-url.test.ts
+++ b/packages/app/src/utils/terminal-websocket-url.test.ts
@@ -19,7 +19,7 @@ describe("terminalWebSocketURL", () => {
    expect(url.searchParams.get("auth_token")).toBe(btoa("opencode:secret"))
  })

-  test("omits query auth for same-origin websocket URL", () => {
+  test("omits query auth for same-origin saved credentials", () => {
    const url = terminalWebSocketURL({
      url: "https://app.example.test",
      id: "pty_test",
@@ -33,4 +33,20 @@ describe("terminalWebSocketURL", () => {
    expect(url.protocol).toBe("wss:")
    expect(url.searchParams.has("auth_token")).toBe(false)
  })
+
+  test("uses query auth for same-origin credentials from auth_token", () => {
+    const url = terminalWebSocketURL({
+      url: "https://app.example.test",
+      id: "pty_test",
+      directory: "/tmp/project",
+      cursor: 10,
+      sameOrigin: true,
+      username: "opencode",
+      password: "secret",
+      authToken: true,
+    })
+
+    expect(url.protocol).toBe("wss:")
+    expect(url.searchParams.get("auth_token")).toBe(btoa("opencode:secret"))
+  })
 })
--- a/packages/app/src/utils/terminal-websocket-url.ts
+++ b/packages/app/src/utils/terminal-websocket-url.ts
@@ -1,17 +1,28 @@
+import { authTokenFromCredentials } from "@/utils/server"
+
 export function terminalWebSocketURL(input: {
  url: string
  id: string
  directory: string
  cursor: number
-  sameOrigin: boolean
-  username: string
+  ticket?: string
+  sameOrigin?: boolean
+  username?: string
  password?: string
+  authToken?: boolean
 }) {
  const next = new URL(`${input.url}/pty/${input.id}/connect`)
  next.searchParams.set("directory", input.directory)
  next.searchParams.set("cursor", String(input.cursor))
  next.protocol = next.protocol === "https:" ? "wss:" : "ws:"
-  if (!input.sameOrigin && input.password)
-    next.searchParams.set("auth_token", btoa(`${input.username}:${input.password}`))
+  if (input.ticket) {
+    next.searchParams.set("ticket", input.ticket)
+    return next
+  }
+  if (input.password && (!input.sameOrigin || input.authToken))
+    next.searchParams.set(
+      "auth_token",
+      authTokenFromCredentials({ username: input.username, password: input.password }),
+    )
  return next
 }
--- a/packages/core/src/global.ts
+++ b/packages/core/src/global.ts
@@ -71,8 +71,6 @@ export const layer = Layer.effect(
  Effect.sync(() => Service.of(make())),
 )

-export const defaultLayer = layer
-
 export const layerWith = (input: Partial<Interface>) =>
  Layer.effect(
    Service,
--- a/packages/opencode/src/cli/cmd/providers.ts
+++ b/packages/opencode/src/cli/cmd/providers.ts
@@ -1,9 +1,8 @@
 import { Auth } from "../../auth"
-import { AppRuntime } from "../../effect/app-runtime"
 import { cmd } from "./cmd"
-import { effectCmd } from "../effect-cmd"
-import * as prompts from "@clack/prompts"
+import { CliError, effectCmd, fail } from "../effect-cmd"
 import { UI } from "../ui"
+import * as Prompt from "../effect/prompt"
 import { ModelsDev } from "@/provider/models"

 import { map, pipe, sortBy, values } from "remeda"
@@ -14,44 +13,57 @@ import { Global } from "@opencode-ai/core/global"
 import { Plugin } from "../../plugin"
 import type { Hooks } from "@opencode-ai/plugin"
 import { Process } from "@/util/process"
+import { errorMessage } from "@/util/error"
 import { text } from "node:stream/consumers"
-import { Effect } from "effect"
+import { Effect, Option } from "effect"

 type PluginAuth = NonNullable<Hooks["auth"]>

-const put = (key: string, info: Auth.Info) =>
-  AppRuntime.runPromise(
-    Effect.gen(function* () {
-      const auth = yield* Auth.Service
-      yield* auth.set(key, info)
-    }),
-  )
+const promptValue = <Value>(value: Option.Option<Value>) => {
+  if (Option.isNone(value)) return Effect.die(new UI.CancelledError())
+  return Effect.succeed(value.value)
+}

-async function handlePluginAuth(plugin: { auth: PluginAuth }, provider: string, methodName?: string): Promise<boolean> {
-  let index = 0
-  if (methodName) {
+const put = Effect.fn("Cli.providers.put")(function* (key: string, info: Auth.Info) {
+  const auth = yield* Auth.Service
+  yield* Effect.orDie(auth.set(key, info))
+})
+
+const cliTry = <Value>(message: string, fn: () => PromiseLike<Value>) =>
+  Effect.tryPromise({
+    try: fn,
+    catch: (error) => new CliError({ message: message + errorMessage(error) }),
+  })
+
+const handlePluginAuth = Effect.fn("Cli.providers.pluginAuth")(function* (
+  plugin: { auth: PluginAuth },
+  provider: string,
+  methodName?: string,
+) {
+  const index = yield* Effect.gen(function* () {
+    if (!methodName) {
+      if (plugin.auth.methods.length <= 1) return 0
+      return yield* promptValue(
+        yield* Prompt.select({
+          message: "Login method",
+          options: plugin.auth.methods.map((x, index) => ({
+            label: x.label,
+            value: index,
+          })),
+        }),
+      )
+    }
    const match = plugin.auth.methods.findIndex((x) => x.label.toLowerCase() === methodName.toLowerCase())
    if (match === -1) {
-      prompts.log.error(
+      return yield* fail(
        `Unknown method "${methodName}" for ${provider}. Available: ${plugin.auth.methods.map((x) => x.label).join(", ")}`,
      )
-      process.exit(1)
    }
-    index = match
-  } else if (plugin.auth.methods.length > 1) {
-    const method = await prompts.select({
-      message: "Login method",
-      options: plugin.auth.methods.map((x, index) => ({
-        label: x.label,
-        value: index.toString(),
-      })),
-    })
-    if (prompts.isCancel(method)) throw new UI.CancelledError()
-    index = parseInt(method)
-  }
+    return match
+  })
  const method = plugin.auth.methods[index]

-  await new Promise((r) => setTimeout(r, 10))
+  yield* Effect.sleep("10 millis")
  const inputs: Record<string, string> = {}
  if (method.prompts) {
    for (const prompt of method.prompts) {
@@ -63,46 +75,44 @@ async function handlePluginAuth(plugin: { auth: PluginAuth }, provider: string,
      }
      if (prompt.condition && !prompt.condition(inputs)) continue
      if (prompt.type === "select") {
-        const value = await prompts.select({
+        const value = yield* Prompt.select({
          message: prompt.message,
          options: prompt.options,
        })
-        if (prompts.isCancel(value)) throw new UI.CancelledError()
-        inputs[prompt.key] = value
-      } else {
-        const value = await prompts.text({
-          message: prompt.message,
-          placeholder: prompt.placeholder,
-          validate: prompt.validate ? (v) => prompt.validate!(v ?? "") : undefined,
-        })
-        if (prompts.isCancel(value)) throw new UI.CancelledError()
-        inputs[prompt.key] = value
+        inputs[prompt.key] = yield* promptValue(value)
+        continue
      }
+      const value = yield* Prompt.text({
+        message: prompt.message,
+        placeholder: prompt.placeholder,
+        validate: prompt.validate ? (v) => prompt.validate!(v ?? "") : undefined,
+      })
+      inputs[prompt.key] = yield* promptValue(value)
    }
  }

  if (method.type === "oauth") {
-    const authorize = await method.authorize(inputs)
+    const authorize = yield* cliTry("Failed to authorize: ", () => method.authorize(inputs))

    if (authorize.url) {
-      prompts.log.info("Go to: " + authorize.url)
+      yield* Prompt.log.info("Go to: " + authorize.url)
    }

    if (authorize.method === "auto") {
      if (authorize.instructions) {
-        prompts.log.info(authorize.instructions)
+        yield* Prompt.log.info(authorize.instructions)
      }
-      const spinner = prompts.spinner()
-      spinner.start("Waiting for authorization...")
-      const result = await authorize.callback()
+      const spinner = Prompt.spinner()
+      yield* spinner.start("Waiting for authorization...")
+      const result = yield* cliTry("Failed to authorize: ", () => authorize.callback())
      if (result.type === "failed") {
-        spinner.stop("Failed to authorize", 1)
+        yield* spinner.stop("Failed to authorize", 1)
      }
      if (result.type === "success") {
        const saveProvider = result.provider ?? provider
        if ("refresh" in result) {
          const { type: _, provider: __, refresh, access, expires, ...extraFields } = result
-          await put(saveProvider, {
+          yield* put(saveProvider, {
            type: "oauth",
            refresh,
            access,
@@ -111,30 +121,30 @@ async function handlePluginAuth(plugin: { auth: PluginAuth }, provider: string,
          })
        }
        if ("key" in result) {
-          await put(saveProvider, {
+          yield* put(saveProvider, {
            type: "api",
            key: result.key,
          })
        }
-        spinner.stop("Login successful")
+        yield* spinner.stop("Login successful")
      }
    }

    if (authorize.method === "code") {
-      const code = await prompts.text({
+      const code = yield* Prompt.text({
        message: "Paste the authorization code here: ",
        validate: (x) => (x && x.length > 0 ? undefined : "Required"),
      })
-      if (prompts.isCancel(code)) throw new UI.CancelledError()
-      const result = await authorize.callback(code)
+      const authorizationCode = yield* promptValue(code)
+      const result = yield* cliTry("Failed to authorize: ", () => authorize.callback(authorizationCode))
      if (result.type === "failed") {
-        prompts.log.error("Failed to authorize")
+        yield* Prompt.log.error("Failed to authorize")
      }
      if (result.type === "success") {
        const saveProvider = result.provider ?? provider
        if ("refresh" in result) {
          const { type: _, provider: __, refresh, access, expires, ...extraFields } = result
-          await put(saveProvider, {
+          yield* put(saveProvider, {
            type: "oauth",
            refresh,
            access,
@@ -143,56 +153,57 @@ async function handlePluginAuth(plugin: { auth: PluginAuth }, provider: string,
          })
        }
        if ("key" in result) {
-          await put(saveProvider, {
+          yield* put(saveProvider, {
            type: "api",
            key: result.key,
          })
        }
-        prompts.log.success("Login successful")
+        yield* Prompt.log.success("Login successful")
      }
    }

-    prompts.outro("Done")
+    yield* Prompt.outro("Done")
    return true
  }

  if (method.type === "api") {
-    const key = await prompts.password({
+    const key = yield* Prompt.password({
      message: "Enter your API key",
      validate: (x) => (x && x.length > 0 ? undefined : "Required"),
    })
-    if (prompts.isCancel(key)) throw new UI.CancelledError()
+    const apiKey = yield* promptValue(key)

    const metadata = Object.keys(inputs).length ? { metadata: inputs } : {}
-    if (!method.authorize) {
-      await put(provider, {
+    const authorizeApi = method.authorize
+    if (!authorizeApi) {
+      yield* put(provider, {
        type: "api",
-        key,
+        key: apiKey,
        ...metadata,
      })
-      prompts.outro("Done")
+      yield* Prompt.outro("Done")
      return true
    }

-    const result = await method.authorize(inputs)
+    const result = yield* cliTry("Failed to authorize: ", () => authorizeApi(inputs))
    if (result.type === "failed") {
-      prompts.log.error("Failed to authorize")
+      yield* Prompt.log.error("Failed to authorize")
    }
    if (result.type === "success") {
      const saveProvider = result.provider ?? provider
-      await put(saveProvider, {
+      yield* put(saveProvider, {
        type: "api",
-        key: result.key ?? key,
+        key: result.key ?? apiKey,
        ...metadata,
      })
-      prompts.log.success("Login successful")
+      yield* Prompt.log.success("Login successful")
    }
-    prompts.outro("Done")
+    yield* Prompt.outro("Done")
    return true
  }

  return false
-}
+})

 export function resolvePluginProviders(input: {
  hooks: Hooks[]
@@ -244,16 +255,16 @@ export const ProvidersListCommand = effectCmd({
    const authPath = path.join(Global.Path.data, "auth.json")
    const homedir = os.homedir()
    const displayPath = authPath.startsWith(homedir) ? authPath.replace(homedir, "~") : authPath
-    prompts.intro(`Credentials ${UI.Style.TEXT_DIM}${displayPath}`)
+    yield* Prompt.intro(`Credentials ${UI.Style.TEXT_DIM}${displayPath}`)
    const results = Object.entries(yield* Effect.orDie(authSvc.all()))
    const database = yield* modelsDev.get()

    for (const [providerID, result] of results) {
      const name = database[providerID]?.name || providerID
-      prompts.log.info(`${name} ${UI.Style.TEXT_DIM}${result.type}`)
+      yield* Prompt.log.info(`${name} ${UI.Style.TEXT_DIM}${result.type}`)
    }

-    prompts.outro(`${results.length} credentials`)
+    yield* Prompt.outro(`${results.length} credentials`)

    const activeEnvVars: Array<{ provider: string; envVar: string }> = []

@@ -270,13 +281,13 @@ export const ProvidersListCommand = effectCmd({

    if (activeEnvVars.length > 0) {
      UI.empty()
-      prompts.intro("Environment")
+      yield* Prompt.intro("Environment")

      for (const { provider, envVar } of activeEnvVars) {
-        prompts.log.info(`${provider} ${UI.Style.TEXT_DIM}${envVar}`)
+        yield* Prompt.log.info(`${provider} ${UI.Style.TEXT_DIM}${envVar}`)
      }

-      prompts.outro(`${activeEnvVars.length} environment variable` + (activeEnvVars.length === 1 ? "" : "s"))
+      yield* Prompt.outro(`${activeEnvVars.length} environment variable` + (activeEnvVars.length === 1 ? "" : "s"))
    }
  }),
 })
@@ -301,36 +312,42 @@ export const ProvidersLoginCommand = effectCmd({
        type: "string",
      }),
  handler: Effect.fn("Cli.providers.login")(function* (args) {
-    const cfgSvc = yield* Config.Service
-    const pluginSvc = yield* Plugin.Service
-    const modelsDev = yield* ModelsDev.Service
    const authSvc = yield* Auth.Service

    UI.empty()
-    prompts.intro("Add credential")
+    yield* Prompt.intro("Add credential")
    if (args.url) {
      const url = args.url.replace(/\/+$/, "")
-      const wellknown = (yield* Effect.promise(() => fetch(`${url}/.well-known/opencode`).then((x) => x.json()))) as {
+      const wellknown = (yield* cliTry(`Failed to load auth provider metadata from ${url}: `, () =>
+        fetch(`${url}/.well-known/opencode`).then((x) => x.json()),
+      )) as {
        auth: { command: string[]; env: string }
      }
-      prompts.log.info(`Running \`${wellknown.auth.command.join(" ")}\``)
-      const proc = Process.spawn(wellknown.auth.command, { stdout: "pipe", stderr: "inherit" })
+      yield* Prompt.log.info(`Running \`${wellknown.auth.command.join(" ")}\``)
+      const abort = new AbortController()
+      const proc = Process.spawn(wellknown.auth.command, { stdout: "pipe", stderr: "inherit", abort: abort.signal })
      if (!proc.stdout) {
-        prompts.log.error("Failed")
-        prompts.outro("Done")
+        yield* Prompt.log.error("Failed")
+        yield* Prompt.outro("Done")
        return
      }
-      const [exit, token] = yield* Effect.promise(() => Promise.all([proc.exited, text(proc.stdout!)]))
+      const [exit, token] = yield* cliTry("Failed to run auth provider command: ", () =>
+        Promise.all([proc.exited, text(proc.stdout!)]),
+      ).pipe(Effect.ensuring(Effect.sync(() => abort.abort())))
      if (exit !== 0) {
-        prompts.log.error("Failed")
-        prompts.outro("Done")
+        yield* Prompt.log.error("Failed")
+        yield* Prompt.outro("Done")
        return
      }
      yield* Effect.orDie(authSvc.set(url, { type: "wellknown", key: wellknown.auth.env, token: token.trim() }))
-      prompts.log.success("Logged into " + url)
-      prompts.outro("Done")
+      yield* Prompt.log.success("Logged into " + url)
+      yield* Prompt.outro("Done")
      return
    }
+
+    const cfgSvc = yield* Config.Service
+    const pluginSvc = yield* Plugin.Service
+    const modelsDev = yield* ModelsDev.Service
    yield* Effect.ignore(modelsDev.refresh(true))

    const config = yield* cfgSvc.get()
@@ -392,53 +409,46 @@ export const ProvidersLoginCommand = effectCmd({
      const byName = options.find((x) => x.label.toLowerCase() === input.toLowerCase())
      const match = byID ?? byName
      if (!match) {
-        prompts.log.error(`Unknown provider "${input}"`)
-        process.exit(1)
+        return yield* fail(`Unknown provider "${input}"`)
      }
      provider = match.value
    } else {
-      const selected = yield* Effect.promise(() =>
-        prompts.autocomplete({
+      provider = yield* promptValue(
+        yield* Prompt.autocomplete({
          message: "Select provider",
          maxItems: 8,
          options: [...options, { value: "other", label: "Other" }],
        }),
      )
-      if (prompts.isCancel(selected)) yield* Effect.die(new UI.CancelledError())
-      provider = selected as string
    }

    const plugin = hooks.findLast((x) => x.auth?.provider === provider)
    if (plugin && plugin.auth) {
-      const handled = yield* Effect.promise(() => handlePluginAuth({ auth: plugin.auth! }, provider, args.method))
+      const handled = yield* handlePluginAuth({ auth: plugin.auth! }, provider, args.method)
      if (handled) return
    }

    if (provider === "other") {
-      const custom = yield* Effect.promise(() =>
-        prompts.text({
+      provider = (yield* promptValue(
+        yield* Prompt.text({
          message: "Enter provider id",
          validate: (x) => (x && x.match(/^[0-9a-z-]+$/) ? undefined : "a-z, 0-9 and hyphens only"),
        }),
-      )
-      if (prompts.isCancel(custom)) yield* Effect.die(new UI.CancelledError())
-      provider = (custom as string).replace(/^@ai-sdk\//, "")
+      )).replace(/^@ai-sdk\//, "")

      const customPlugin = hooks.findLast((x) => x.auth?.provider === provider)
      if (customPlugin && customPlugin.auth) {
-        const handled = yield* Effect.promise(() =>
-          handlePluginAuth({ auth: customPlugin.auth! }, provider, args.method),
-        )
+        const handled = yield* handlePluginAuth({ auth: customPlugin.auth! }, provider, args.method)
        if (handled) return
      }

-      prompts.log.warn(
+      yield* Prompt.log.warn(
        `This only stores a credential for ${provider} - you will need configure it in opencode.json, check the docs for examples.`,
      )
    }

    if (provider === "amazon-bedrock") {
-      prompts.log.info(
+      yield* Prompt.log.info(
        "Amazon Bedrock authentication priority:\n" +
          "  1. Bearer token (AWS_BEARER_TOKEN_BEDROCK or /connect)\n" +
          "  2. AWS credential chain (profile, access keys, IAM roles, EKS IRSA)\n\n" +
@@ -448,29 +458,27 @@ export const ProvidersLoginCommand = effectCmd({
    }

    if (provider === "opencode") {
-      prompts.log.info("Create an api key at https://opencode.ai/auth")
+      yield* Prompt.log.info("Create an api key at https://opencode.ai/auth")
    }

    if (provider === "vercel") {
-      prompts.log.info("You can create an api key at https://vercel.link/ai-gateway-token")
+      yield* Prompt.log.info("You can create an api key at https://vercel.link/ai-gateway-token")
    }

    if (["cloudflare", "cloudflare-ai-gateway"].includes(provider)) {
-      prompts.log.info(
+      yield* Prompt.log.info(
        "Cloudflare AI Gateway can be configured with CLOUDFLARE_GATEWAY_ID, CLOUDFLARE_ACCOUNT_ID, and CLOUDFLARE_API_TOKEN environment variables. Read more: https://opencode.ai/docs/providers/#cloudflare-ai-gateway",
      )
    }

-    const key = yield* Effect.promise(() =>
-      prompts.password({
-        message: "Enter your API key",
-        validate: (x) => (x && x.length > 0 ? undefined : "Required"),
-      }),
-    )
-    if (prompts.isCancel(key)) yield* Effect.die(new UI.CancelledError())
-    yield* Effect.orDie(authSvc.set(provider, { type: "api", key: key as string }))
+    const key = yield* Prompt.password({
+      message: "Enter your API key",
+      validate: (x) => (x && x.length > 0 ? undefined : "Required"),
+    })
+    const apiKey = yield* promptValue(key)
+    yield* Effect.orDie(authSvc.set(provider, { type: "api", key: apiKey }))

-    prompts.outro("Done")
+    yield* Prompt.outro("Done")
  }),
 })

@@ -485,24 +493,20 @@ export const ProvidersLogoutCommand = effectCmd({

    UI.empty()
    const credentials: Array<[string, Auth.Info]> = Object.entries(yield* Effect.orDie(authSvc.all()))
-    prompts.intro("Remove credential")
+    yield* Prompt.intro("Remove credential")
    if (credentials.length === 0) {
-      prompts.log.error("No credentials found")
+      yield* Prompt.log.error("No credentials found")
      return
    }
    const database = yield* modelsDev.get()
-    const selected = yield* Effect.promise(() =>
-      prompts.select({
-        message: "Select provider",
-        options: credentials.map(([key, value]) => ({
-          label: (database[key]?.name || key) + UI.Style.TEXT_DIM + " (" + value.type + ")",
-          value: key,
-        })),
-      }),
-    )
-    if (prompts.isCancel(selected)) yield* Effect.die(new UI.CancelledError())
-    const providerID = selected as string
-    yield* Effect.orDie(authSvc.remove(providerID))
-    prompts.outro("Logout successful")
+    const selected = yield* Prompt.select({
+      message: "Select provider",
+      options: credentials.map(([key, value]) => ({
+        label: (database[key]?.name || key) + UI.Style.TEXT_DIM + " (" + value.type + ")",
+        value: key,
+      })),
+    })
+    yield* Effect.orDie(authSvc.remove(yield* promptValue(selected)))
+    yield* Prompt.outro("Logout successful")
  }),
 })
--- a/packages/opencode/src/cli/cmd/tui/app.tsx
+++ b/packages/opencode/src/cli/cmd/tui/app.tsx
@@ -779,6 +779,15 @@ function App(props: { onSnapshot?: () => Promise<string[]> }) {
        dialog.clear()
      },
    },
+    {
+      title: kv.get("clear_prompt_save_history", false) ? "Don't include cleared prompts in history" : "Include cleared prompts in history",
+      value: "app.toggle.clear_prompt_history",
+      category: "System",
+      onSelect: (dialog) => {
+        kv.set("clear_prompt_save_history", !kv.get("clear_prompt_save_history", false))
+        dialog.clear()
+      },
+    },
  ])

  event.on(TuiEvent.CommandExecute.type, (evt) => {
--- a/packages/opencode/src/cli/cmd/tui/component/prompt/history.tsx
+++ b/packages/opencode/src/cli/cmd/tui/component/prompt/history.tsx
@@ -82,6 +82,7 @@ export const { use: usePromptHistory, provider: PromptHistoryProvider } = create
        return store.history.at(store.index)
      },
      append(item: PromptInfo) {
+        if (store.history.at(-1)?.input === item.input) return
        const entry = structuredClone(unwrap(item))
        let trimmed = false
        setStore(
--- a/packages/opencode/src/cli/cmd/tui/component/prompt/index.tsx
+++ b/packages/opencode/src/cli/cmd/tui/component/prompt/index.tsx
@@ -136,6 +136,7 @@ export function Prompt(props: PromptProps) {
  const dimensions = useTerminalDimensions()
  const { theme, syntax } = useTheme()
  const kv = useKV()
+  const [autoaccept, setAutoaccept] = kv.signal<"none" | "edit">("permission_auto_accept", "edit")
  const animationsEnabled = createMemo(() => kv.get("animations_enabled", true))
  const list = createMemo(() => props.placeholders?.normal ?? [])
  const shell = createMemo(() => props.placeholders?.shell ?? [])
@@ -296,6 +297,17 @@ export function Prompt(props: PromptProps) {

  command.register(() => {
    return [
+      {
+        title: autoaccept() === "none" ? "Enable autoedit" : "Disable autoedit",
+        value: "permission.auto_accept.toggle",
+        search: "toggle permissions",
+        keybind: "permission_auto_accept_toggle",
+        category: "Agent",
+        onSelect: (dialog) => {
+          setAutoaccept(() => (autoaccept() === "none" ? "edit" : "none"))
+          dialog.clear()
+        },
+      },
      {
        title: "Clear prompt",
        value: "prompt.clear",
@@ -1124,6 +1136,12 @@ export function Prompt(props: PromptProps) {
                  // If no image, let the default paste behavior continue
                }
                if (keybind.match("input_clear", e) && store.prompt.input !== "") {
+                  if (kv.get("clear_prompt_save_history", false)) {
+                    history.append({
+                      ...store.prompt,
+                      mode: store.mode,
+                    })
+                  }
                  input.clear()
                  input.extmarks.clear()
                  setStore("prompt", {
@@ -1316,9 +1334,14 @@ export function Prompt(props: PromptProps) {
                  )}
                </Show>
              </box>
-              <Show when={hasRightContent()}>
+              <Show when={hasRightContent() || autoaccept() === "edit"}>
                <box flexDirection="row" gap={1} alignItems="center">
-                  {props.right}
+                  <Show when={hasRightContent()}>{props.right}</Show>
+                  <Show when={autoaccept() === "edit"}>
+                    <text>
+                      <span style={{ fg: theme.warning }}>autoedit</span>
+                    </text>
+                  </Show>
                </box>
              </Show>
            </box>
--- a/packages/opencode/src/cli/cmd/tui/context/sync-v2.tsx
+++ b/packages/opencode/src/cli/cmd/tui/context/sync-v2.tsx
@@ -11,21 +11,21 @@ import { createSimpleContext } from "./helper"
 import { useSDK } from "./sdk"

 function activeAssistant(messages: SessionMessage[]) {
-  const index = messages.findIndex((message) => message.type === "assistant" && !message.time.completed)
+  const index = messages.findLastIndex((message) => message.type === "assistant" && !message.time.completed)
  if (index < 0) return
  const assistant = messages[index]
  return assistant?.type === "assistant" ? assistant : undefined
 }

 function activeCompaction(messages: SessionMessage[]) {
-  const index = messages.findIndex((message) => message.type === "compaction")
+  const index = messages.findLastIndex((message) => message.type === "compaction")
  if (index < 0) return
  const compaction = messages[index]
  return compaction?.type === "compaction" ? compaction : undefined
 }

 function activeShell(messages: SessionMessage[], callID: string) {
-  const index = messages.findIndex((message) => message.type === "shell" && message.callID === callID)
+  const index = messages.findLastIndex((message) => message.type === "shell" && message.callID === callID)
  if (index < 0) return
  const shell = messages[index]
  return shell?.type === "shell" ? shell : undefined
@@ -74,7 +74,7 @@ export const { use: useSyncV2, provider: SyncProviderV2 } = createSimpleContext(
      switch (event.type) {
        case "session.next.prompted": {
          update(event.properties.sessionID, (draft) => {
-            draft.unshift({
+            draft.push({
              id: event.id,
              type: "user",
              text: event.properties.prompt.text,
@@ -87,7 +87,7 @@ export const { use: useSyncV2, provider: SyncProviderV2 } = createSimpleContext(
        }
        case "session.next.synthetic":
          update(event.properties.sessionID, (draft) => {
-            draft.unshift({
+            draft.push({
              id: event.id,
              type: "synthetic",
              sessionID: event.properties.sessionID,
@@ -98,7 +98,7 @@ export const { use: useSyncV2, provider: SyncProviderV2 } = createSimpleContext(
          break
        case "session.next.shell.started":
          update(event.properties.sessionID, (draft) => {
-            draft.unshift({
+            draft.push({
              id: event.id,
              type: "shell",
              callID: event.properties.callID,
@@ -120,7 +120,7 @@ export const { use: useSyncV2, provider: SyncProviderV2 } = createSimpleContext(
          update(event.properties.sessionID, (draft) => {
            const currentAssistant = activeAssistant(draft)
            if (currentAssistant) currentAssistant.time.completed = event.properties.timestamp
-            draft.unshift({
+            draft.push({
              id: event.id,
              type: "assistant",
              agent: event.properties.agent,
@@ -259,7 +259,7 @@ export const { use: useSyncV2, provider: SyncProviderV2 } = createSimpleContext(
          break
        case "session.next.compaction.started":
          update(event.properties.sessionID, (draft) => {
-            draft.unshift({
+            draft.push({
              id: event.id,
              type: "compaction",
              reason: event.properties.reason,
--- a/packages/opencode/src/cli/cmd/tui/context/sync.tsx
+++ b/packages/opencode/src/cli/cmd/tui/context/sync.tsx
@@ -110,6 +110,7 @@ export const { use: useSync, provider: SyncProvider } = createSimpleContext({
    const project = useProject()
    const sdk = useSDK()
    const kv = useKV()
+    const [autoaccept] = kv.signal<"none" | "edit">("permission_auto_accept", "edit")

    const fullSyncedSessions = new Set<string>()
    let syncedWorkspace = project.workspace.current()
@@ -152,6 +153,13 @@ export const { use: useSync, provider: SyncProvider } = createSimpleContext({

        case "permission.asked": {
          const request = event.properties
+          if (autoaccept() === "edit" && request.permission === "edit") {
+            void sdk.client.permission.reply({
+              reply: "once",
+              requestID: request.id,
+            })
+            break
+          }
          const requests = store.permission[request.sessionID]
          if (!requests) {
            setStore("permission", request.sessionID, [request])
--- a/packages/opencode/src/cli/cmd/tui/feature-plugins/system/session-v2.tsx
+++ b/packages/opencode/src/cli/cmd/tui/feature-plugins/system/session-v2.tsx
@@ -5,7 +5,7 @@ import { Spinner } from "@tui/component/spinner"
 import { useTheme } from "@tui/context/theme"
 import { useLocal } from "@tui/context/local"
 import { useKeyboard, useRenderer, useTerminalDimensions, type JSX } from "@opentui/solid"
-import { TextAttributes, type BoxRenderable, type SyntaxStyle } from "@opentui/core"
+import type { SyntaxStyle } from "@opentui/core"
 import { Locale } from "@/util/locale"
 import { LANGUAGE_EXTENSIONS } from "@/lsp/language"
 import path from "path"
@@ -44,10 +44,6 @@ function View(props: { api: TuiPluginApi; sessionID: string }) {
  const messages = createMemo(() => sync.data.messages[props.sessionID] ?? [])
  const renderedMessages = createMemo(() => messages().toReversed())
  const lastAssistant = createMemo(() => renderedMessages().findLast((message) => message.type === "assistant"))
-  const lastUserCreated = (index: number) =>
-    renderedMessages()
-      .slice(0, index)
-      .findLast((message) => message.type === "user")?.time.created

  createEffect(() => {
    void sync.session.message.sync(props.sessionID)
@@ -87,11 +83,10 @@ function View(props: { api: TuiPluginApi; sessionID: string }) {
                      last={lastAssistant()?.id === message.id}
                      syntax={syntax()}
                      subtleSyntax={subtleSyntax()}
-                      start={lastUserCreated(index())}
                    />
                  </Match>
                  <Match when={message.type === "synthetic"}>
-                    <></>
+                    <SyntheticMessage message={message as SessionMessageSynthetic} index={index()} />
                  </Match>
                  <Match when={message.type === "shell"}>
                    <ShellMessage message={message as SessionMessageShell} />
@@ -151,36 +146,63 @@ function UserMessage(props: { message: SessionMessageUser; index: number }) {
    <box
      id={props.message.id}
      border={["left"]}
-      borderColor={theme.secondary}
+      borderColor={theme.primary}
      customBorderChars={SplitBorder.customBorderChars}
      marginTop={props.index === 0 ? 0 : 1}
      flexShrink={0}
+    >
+      <box paddingTop={1} paddingBottom={1} paddingLeft={2} backgroundColor={theme.backgroundPanel}>
+        <Show
+          when={props.message.text.trim()}
+          fallback={
+            <MissingData label="User message text" detail={`Message ${props.message.id} has no text field content.`} />
+          }
+        >
+          <text fg={theme.text}>{props.message.text}</text>
+        </Show>
+        <Show when={attachments().length}>
+          <box flexDirection="row" paddingTop={1} gap={1} flexWrap="wrap">
+            <For each={props.message.files ?? []}>
+              {(file) => (
+                <text fg={theme.text}>
+                  <span style={{ bg: theme.secondary, fg: theme.background }}> {file.mime} </span>
+                  <span style={{ bg: theme.backgroundElement, fg: theme.textMuted }}> {file.name ?? file.uri} </span>
+                </text>
+              )}
+            </For>
+            <For each={props.message.agents ?? []}>
+              {(agent) => (
+                <text fg={theme.text}>
+                  <span style={{ bg: theme.accent, fg: theme.background }}> agent </span>
+                  <span style={{ bg: theme.backgroundElement, fg: theme.textMuted }}> {agent.name} </span>
+                </text>
+              )}
+            </For>
+          </box>
+        </Show>
+        <text fg={theme.textMuted}>{Locale.todayTimeOrDateTime(props.message.time.created)}</text>
+      </box>
+    </box>
+  )
+}
+
+function SyntheticMessage(props: { message: SessionMessageSynthetic; index: number }) {
+  const { theme } = useTheme()
+  return (
+    <box
+      id={props.message.id}
+      border={["left"]}
+      borderColor={theme.backgroundElement}
+      customBorderChars={SplitBorder.customBorderChars}
+      marginTop={props.index === 0 ? 0 : 1}
+      paddingLeft={2}
      paddingTop={1}
      paddingBottom={1}
-      paddingLeft={2}
      backgroundColor={theme.backgroundPanel}
+      flexShrink={0}
    >
+      <text fg={theme.textMuted}>Synthetic</text>
      <text fg={theme.text}>{props.message.text}</text>
-      <Show when={attachments().length}>
-        <box flexDirection="row" paddingTop={1} gap={1} flexWrap="wrap">
-          <For each={props.message.files ?? []}>
-            {(file) => (
-              <text fg={theme.text}>
-                <span style={{ bg: theme.secondary, fg: theme.background }}> {file.mime} </span>
-                <span style={{ bg: theme.backgroundElement, fg: theme.textMuted }}> {file.name ?? file.uri} </span>
-              </text>
-            )}
-          </For>
-          <For each={props.message.agents ?? []}>
-            {(agent) => (
-              <text fg={theme.text}>
-                <span style={{ bg: theme.accent, fg: theme.background }}> agent </span>
-                <span style={{ bg: theme.backgroundElement, fg: theme.textMuted }}> {agent.name} </span>
-              </text>
-            )}
-          </For>
-        </box>
-      </Show>
    </box>
  )
 }
@@ -215,7 +237,7 @@ function ShellMessage(props: { message: SessionMessageShell }) {
 }

 function CompactionMessage(props: { message: SessionMessageCompaction }) {
-  const { theme, syntax } = useTheme()
+  const { theme } = useTheme()
  return (
    <box
      marginTop={1}
@@ -226,19 +248,7 @@ function CompactionMessage(props: { message: SessionMessageCompaction }) {
      flexShrink={0}
    >
      <Show when={props.message.summary}>
-        {(summary) => (
-          <box paddingLeft={3} paddingTop={1}>
-            <code
-              filetype="markdown"
-              drawUnstyledText={false}
-              streaming={false}
-              syntaxStyle={syntax()}
-              content={summary().trim()}
-              conceal={true}
-              fg={theme.text}
-            />
-          </box>
-        )}
+        <text fg={theme.textMuted}>{props.message.summary}</text>
      </Show>
    </box>
  )
@@ -284,13 +294,12 @@ function AssistantMessage(props: {
  last: boolean
  syntax: SyntaxStyle
  subtleSyntax: SyntaxStyle
-  start?: number
 }) {
  const { theme } = useTheme()
  const local = useLocal()
  const duration = createMemo(() => {
    if (!props.message.time.completed) return 0
-    return props.message.time.completed - (props.start ?? props.message.time.created)
+    return props.message.time.completed - props.message.time.created
  })
  const model = createMemo(() => {
    const variant = props.message.model.variant ? `/${props.message.model.variant}` : ""
@@ -352,7 +361,7 @@ function AssistantText(props: { part: SessionMessageAssistantText; syntax: Synta
  const { theme } = useTheme()
  return (
    <Show when={props.part.text.trim()}>
-      <box paddingLeft={3} marginTop={1} flexShrink={0} id="text">
+      <box paddingLeft={3} marginTop={1} flexShrink={0}>
        <code
          filetype="markdown"
          drawUnstyledText={false}
@@ -512,93 +521,33 @@ function InlineTool(props: {
  part: SessionMessageAssistantTool
 }) {
  const { theme } = useTheme()
-  const renderer = useRenderer()
-  const [margin, setMargin] = createSignal(0)
-  const [hover, setHover] = createSignal(false)
-  const [showError, setShowError] = createSignal(false)
  const error = createMemo(() => (props.part.state.status === "error" ? props.part.state.error.message : undefined))
-  const complete = createMemo(() => !!props.complete)
  const denied = createMemo(() => {
    const message = error()
    if (!message) return false
    return (
      message.includes("QuestionRejectedError") ||
      message.includes("rejected permission") ||
-      message.includes("specified a rule") ||
      message.includes("user dismissed")
    )
  })
-  const fg = createMemo(() => {
-    if (error()) return theme.error
-    if (complete()) return theme.textMuted
-    return theme.text
-  })
-  const attributes = createMemo(() => (denied() ? TextAttributes.STRIKETHROUGH : undefined))
  return (
-    <box
-      marginTop={margin()}
-      paddingLeft={3}
-      flexShrink={0}
-      flexDirection="row"
-      gap={1}
-      backgroundColor={hover() && error() ? theme.backgroundMenu : undefined}
-      onMouseOver={() => error() && setHover(true)}
-      onMouseOut={() => setHover(false)}
-      onMouseUp={() => {
-        if (!error()) return
-        if (renderer.getSelection()?.getSelectedText()) return
-        setShowError((prev) => !prev)
-      }}
-      renderBefore={function () {
-        const el = this as BoxRenderable
-        const parent = el.parent
-        if (!parent) return
-        const previous = parent.getChildren()[parent.getChildren().indexOf(el) - 1]
-        if (!previous) {
-          setMargin(0)
-          return
-        }
-        if (previous.id.startsWith("text")) setMargin(1)
-      }}
-    >
-      <box flexShrink={0}>
-        <Switch>
-          <Match when={props.spinner}>
-            <Spinner color={theme.text} />
-          </Match>
-          <Match when={complete()}>
-            <text fg={fg()} attributes={attributes()}>
-              {props.icon}
-            </text>
-          </Match>
-          <Match when={true}>
-            <text fg={fg()} attributes={attributes()}>
-              ~
-            </text>
-          </Match>
-        </Switch>
-      </box>
-      <box flexGrow={1}>
-        <box>
-          <Switch>
-            <Match when={complete()}>
-              <text fg={fg()} attributes={attributes()}>
-                {props.children}
-              </text>
-            </Match>
-            <Match when={true}>
-              <text fg={fg()} attributes={attributes()}>
-                {props.pending}
-              </text>
-            </Match>
-          </Switch>
-        </box>
-        <Show when={showError() && error()}>
-          <box>
-            <text fg={theme.error}>{error()}</text>
-          </box>
-        </Show>
-      </box>
+    <box marginTop={1} paddingLeft={3} flexShrink={0}>
+      <Switch>
+        <Match when={props.spinner}>
+          <Spinner color={theme.text}>{props.children}</Spinner>
+        </Match>
+        <Match when={true}>
+          <text paddingLeft={3} fg={props.complete ? theme.textMuted : theme.text}>
+            <Show fallback={<>~ {props.pending}</>} when={props.complete}>
+              {props.icon} {props.children}
+            </Show>
+          </text>
+        </Match>
+      </Switch>
+      <Show when={error() && !denied()}>
+        <text fg={theme.error}>{error()}</text>
+      </Show>
    </box>
  )
 }
--- a/packages/opencode/src/cli/cmd/tui/thread.ts
+++ b/packages/opencode/src/cli/cmd/tui/thread.ts
@@ -191,6 +191,7 @@ export const TuiThreadCommand = cmd({
      const config = await TuiConfig.get()

      const network = resolveNetworkOptionsNoConfig(args)
+
      const external =
        process.argv.includes("--port") ||
        process.argv.includes("--hostname") ||
--- a/packages/opencode/src/cli/cmd/tui/ui/dialog-select.tsx
+++ b/packages/opencode/src/cli/cmd/tui/ui/dialog-select.tsx
@@ -37,6 +37,7 @@ export interface DialogSelectOption<T = any> {
  title: string
  value: T
  description?: string
+  search?: string
  footer?: JSX.Element | string
  category?: string
  categoryView?: JSX.Element
@@ -93,8 +94,8 @@ export function DialogSelect<T>(props: DialogSelectProps<T>) {
    // users typically search by the item name, and not its category.
    const result = fuzzysort
      .go(needle, options, {
-        keys: ["title", "category"],
-        scoreFn: (r) => r[0].score * 2 + r[1].score,
+        keys: ["title", "category", "search"],
+        scoreFn: (r) => r[0].score * 2 + r[1].score + r[2].score,
      })
      .map((x) => x.obj)

--- a/packages/opencode/src/cli/effect/prompt.ts
+++ b/packages/opencode/src/cli/effect/prompt.ts
@@ -6,15 +6,27 @@ export const outro = (msg: string) => Effect.sync(() => prompts.outro(msg))

 export const log = {
  info: (msg: string) => Effect.sync(() => prompts.log.info(msg)),
+  error: (msg: string) => Effect.sync(() => prompts.log.error(msg)),
+  warn: (msg: string) => Effect.sync(() => prompts.log.warn(msg)),
+  success: (msg: string) => Effect.sync(() => prompts.log.success(msg)),
+}
+
+const optional = <Value>(result: Value | symbol) => {
+  if (prompts.isCancel(result)) return Option.none<Value>()
+  return Option.some(result)
 }

 export const select = <Value>(opts: Parameters<typeof prompts.select<Value>>[0]) =>
-  Effect.tryPromise(() => prompts.select(opts)).pipe(
-    Effect.map((result) => {
-      if (prompts.isCancel(result)) return Option.none<Value>()
-      return Option.some(result)
-    }),
-  )
+  Effect.promise(() => prompts.select(opts)).pipe(Effect.map((result) => optional(result)))
+
+export const autocomplete = <Value>(opts: Parameters<typeof prompts.autocomplete<Value>>[0]) =>
+  Effect.promise(() => prompts.autocomplete(opts)).pipe(Effect.map((result) => optional(result)))
+
+export const text = (opts: Parameters<typeof prompts.text>[0]) =>
+  Effect.promise(() => prompts.text(opts)).pipe(Effect.map((result) => optional(result)))
+
+export const password = (opts: Parameters<typeof prompts.password>[0]) =>
+  Effect.promise(() => prompts.password(opts)).pipe(Effect.map((result) => optional(result)))

 export const spinner = () => {
  const s = prompts.spinner()
--- a/packages/opencode/src/config/keybinds.ts
+++ b/packages/opencode/src/config/keybinds.ts
@@ -62,6 +62,7 @@ const KeybindsSchema = Schema.Struct({
  agent_list: keybind("<leader>a", "List agents"),
  agent_cycle: keybind("tab", "Next agent"),
  agent_cycle_reverse: keybind("shift+tab", "Previous agent"),
+  permission_auto_accept_toggle: keybind("none", "Toggle auto-accept for edit permissions"),
  variant_cycle: keybind("ctrl+t", "Cycle model variants"),
  variant_list: keybind("none", "List model variants"),
  input_clear: keybind("ctrl+c", "Clear input field"),
--- a/packages/opencode/src/effect/app-runtime.ts
+++ b/packages/opencode/src/effect/app-runtime.ts
@@ -46,20 +46,39 @@ import { Vcs } from "@/project/vcs"
 import { Workspace } from "@/control-plane/workspace"
 import { Worktree } from "@/worktree"
 import { Pty } from "@/pty"
+import { PtyTicket } from "@/pty/ticket"
 import { Installation } from "@/installation"
+import * as Effect from "effect/Effect"
 import { ShareNext } from "@/share/share-next"
 import { SessionShare } from "@/share/session"
 import { SyncEvent } from "@/sync"
 import { Npm } from "@opencode-ai/core/npm"
 import { memoMap } from "@opencode-ai/core/effect/memo-map"

+// Adjusts the default Config layer to ensure that plugins are always initialised before
+// any other layers read the current config
+const ConfigWithPluginPriority = Layer.effect(
+  Config.Service,
+  Effect.gen(function* () {
+    const config = yield* Config.Service
+    const plugin = yield* Plugin.Service
+
+    return {
+      ...config,
+      get: () => Effect.andThen(plugin.init(), config.get),
+      getGlobal: () => Effect.andThen(plugin.init(), config.getGlobal),
+      getConsoleState: () => Effect.andThen(plugin.init(), config.getConsoleState),
+    }
+  }),
+).pipe(Layer.provide(Layer.merge(Plugin.defaultLayer, Config.defaultLayer)))
+
 export const AppLayer = Layer.mergeAll(
  Npm.defaultLayer,
  AppFileSystem.defaultLayer,
  Bus.defaultLayer,
  Auth.defaultLayer,
  Account.defaultLayer,
-  Config.defaultLayer,
+  ConfigWithPluginPriority,
  Git.defaultLayer,
  Ripgrep.defaultLayer,
  File.defaultLayer,
@@ -98,6 +117,7 @@ export const AppLayer = Layer.mergeAll(
  Workspace.defaultLayer,
  Worktree.appLayer,
  Pty.defaultLayer,
+  PtyTicket.defaultLayer,
  Installation.defaultLayer,
  ShareNext.defaultLayer,
  SessionShare.defaultLayer,
--- a/packages/opencode/src/id/id.ts
+++ b/packages/opencode/src/id/id.ts
@@ -13,7 +13,6 @@ const prefixes = {
  tool: "tool",
  workspace: "wrk",
  entry: "ent",
-  account: "act",
 } as const

 export function schema(prefix: keyof typeof prefixes) {
--- a/packages/opencode/src/plugin/codex.ts
+++ b/packages/opencode/src/plugin/codex.ts
@@ -14,7 +14,14 @@ const ISSUER = "https://auth.openai.com"
 const CODEX_API_ENDPOINT = "https://chatgpt.com/backend-api/codex/responses"
 const OAUTH_PORT = 1455
 const OAUTH_POLLING_SAFETY_MARGIN_MS = 3000
-const ALLOWED_MODELS = new Set(["gpt-5.5", "gpt-5.2", "gpt-5.3-codex", "gpt-5.4", "gpt-5.4-mini"])
+const ALLOWED_MODELS = new Set([
+  "gpt-5.5",
+  "gpt-5.2",
+  "gpt-5.3-codex",
+  "gpt-5.3-codex-spark",
+  "gpt-5.4",
+  "gpt-5.4-mini",
+])

 interface PkceCodes {
  verifier: string
--- a/packages/opencode/src/pty/ticket.ts
+++ b/packages/opencode/src/pty/ticket.ts
@@ -0,0 +1,68 @@
+export * as PtyTicket from "./ticket"
+
+import { WorkspaceID } from "@/control-plane/schema"
+import { InstanceRef, WorkspaceRef } from "@/effect/instance-ref"
+import { PtyID } from "@/pty/schema"
+import { PositiveInt } from "@/util/schema"
+import { Cache, Context, Duration, Effect, Layer, Schema } from "effect"
+
+const DEFAULT_TTL = Duration.seconds(60)
+const CAPACITY = 10_000
+
+export const ConnectToken = Schema.Struct({
+  ticket: Schema.String,
+  expires_in: PositiveInt,
+})
+
+export type Scope = {
+  readonly ptyID: PtyID
+  readonly directory?: string
+  readonly workspaceID?: WorkspaceID
+}
+
+export interface Interface {
+  issue(input: Scope): Effect.Effect<typeof ConnectToken.Type>
+  consume(input: Scope & { readonly ticket: string }): Effect.Effect<boolean>
+}
+
+export class Service extends Context.Service<Service, Interface>()("@opencode/PtyTicket") {}
+
+function matches(record: Scope, input: Scope) {
+  return (
+    record.ptyID === input.ptyID && record.directory === input.directory && record.workspaceID === input.workspaceID
+  )
+}
+
+// Tickets are inserted via Cache.set and removed atomically via invalidateWhen. The lookup is
+// never invoked; it dies if it ever is, which would signal a misuse of the Service interface.
+const noLookup = () => Effect.die("PtyTicket cache must be used via set/invalidateWhen, never get")
+
+// Visible for tests so the TTL can be shortened. Production uses `layer` with the default TTL.
+export const make = (ttl: Duration.Input = DEFAULT_TTL) =>
+  Effect.gen(function* () {
+    const cache = yield* Cache.make<string, Scope>({ capacity: CAPACITY, lookup: noLookup, timeToLive: ttl })
+    const expiresIn = Math.max(1, Math.round(Duration.toSeconds(Duration.fromInputUnsafe(ttl))))
+    return Service.of({
+      issue: Effect.fn("PtyTicket.issue")(function* (input) {
+        const ticket = crypto.randomUUID()
+        yield* Cache.set(cache, ticket, input)
+        return { ticket, expires_in: expiresIn }
+      }),
+      consume: Effect.fn("PtyTicket.consume")(function* (input) {
+        return yield* Cache.invalidateWhen(cache, input.ticket, (stored) => matches(stored, input))
+      }),
+    })
+  })
+
+export const layer = Layer.effect(Service, make())
+
+export const defaultLayer = layer
+
+export const scope = Effect.gen(function* () {
+  const instance = yield* InstanceRef
+  const workspaceID = yield* WorkspaceRef
+  return {
+    directory: instance?.directory,
+    workspaceID,
+  }
+})
--- a/packages/opencode/src/server/cors.ts
+++ b/packages/opencode/src/server/cors.ts
@@ -1,7 +1,13 @@
+import { Context } from "effect"
+
 const opencodeOrigin = /^https:\/\/([a-z0-9-]+\.)*opencode\.ai$/

 export type CorsOptions = { readonly cors?: ReadonlyArray<string> }

+export const CorsConfig = Context.Reference<CorsOptions | undefined>("@opencode/ServerCorsConfig", {
+  defaultValue: () => undefined,
+})
+
 export function isAllowedCorsOrigin(input: string | undefined, opts?: CorsOptions) {
  if (!input) return true
  if (input.startsWith("http://localhost:")) return true
@@ -12,3 +18,17 @@ export function isAllowedCorsOrigin(input: string | undefined, opts?: CorsOption
  if (opencodeOrigin.test(input)) return true
  return opts?.cors?.includes(input) ?? false
 }
+
+export function isAllowedRequestOrigin(input: string | undefined, host: string | undefined, opts?: CorsOptions) {
+  if (!input) return true
+  if (host && sameHost(input, host)) return true
+  return isAllowedCorsOrigin(input, opts)
+}
+
+function sameHost(origin: string, host: string) {
+  try {
+    return new URL(origin).host === host
+  } catch {
+    return false
+  }
+}
--- a/packages/opencode/src/server/error.ts
+++ b/packages/opencode/src/server/error.ts
@@ -21,6 +21,9 @@ export const ERRORS = {
      },
    },
  },
+  403: {
+    description: "Forbidden",
+  },
  404: {
    description: "Not found",
    content: {
--- a/packages/opencode/src/server/middleware.ts
+++ b/packages/opencode/src/server/middleware.ts
@@ -12,6 +12,7 @@ import { cors } from "hono/cors"
 import { compress } from "hono/compress"
 import * as ServerBackend from "./backend"
 import { isAllowedCorsOrigin, type CorsOptions } from "./cors"
+import { isPtyConnectPath, PTY_CONNECT_TICKET_QUERY } from "./shared/pty-ticket"

 const log = Log.create({ service: "server" })

@@ -44,6 +45,7 @@ export const AuthMiddleware: MiddlewareHandler = (c, next) => {
  if (c.req.method === "OPTIONS") return next()
  const password = Flag.OPENCODE_SERVER_PASSWORD
  if (!password) return next()
+  if (isPtyConnectPath(c.req.path) && c.req.query(PTY_CONNECT_TICKET_QUERY)) return next()
  const username = Flag.OPENCODE_SERVER_USERNAME ?? "opencode"

  if (c.req.query("auth_token")) c.req.raw.headers.set("authorization", `Basic ${c.req.query("auth_token")}`)
@@ -58,6 +60,7 @@ export function LoggerMiddleware(backendAttributes: ServerBackend.Attributes): M
    const attributes = {
      method: c.req.method,
      path: c.req.path,
+      // If this logger grows full-URL fields, redact auth_token and ticket query params.
      ...backendAttributes,
    }
    log.info("request", attributes)
--- a/packages/opencode/src/server/routes/instance/httpapi/groups/pty.ts
+++ b/packages/opencode/src/server/routes/instance/httpapi/groups/pty.ts
@@ -1,4 +1,5 @@
 import { Pty } from "@/pty"
+import { PtyTicket } from "@/pty/ticket"
 import { PtyID } from "@/pty/schema"
 import { Schema } from "effect"
 import { HttpApi, HttpApiEndpoint, HttpApiError, HttpApiGroup, OpenApi } from "effect/unstable/httpapi"
@@ -23,6 +24,7 @@ export const PtyPaths = {
  get: `${root}/:ptyID`,
  update: `${root}/:ptyID`,
  remove: `${root}/:ptyID`,
+  connectToken: `${root}/:ptyID/connect-token`,
  connect: `${root}/:ptyID/connect`,
 } as const

@@ -93,6 +95,17 @@ export const PtyApi = HttpApi.make("pty")
            description: "Remove and terminate a specific pseudo-terminal (PTY) session.",
          }),
        ),
+        HttpApiEndpoint.post("connectToken", PtyPaths.connectToken, {
+          params: { ptyID: PtyID },
+          success: described(PtyTicket.ConnectToken, "WebSocket connect token"),
+          error: [HttpApiError.Forbidden, HttpApiError.NotFound],
+        }).annotateMerge(
+          OpenApi.annotations({
+            identifier: "pty.connectToken",
+            summary: "Create PTY WebSocket token",
+            description: "Create a short-lived ticket for opening a PTY WebSocket connection.",
+          }),
+        ),
      )
      .annotateMerge(OpenApi.annotations({ title: "pty", description: "Experimental HttpApi PTY routes." }))
      .middleware(InstanceContextMiddleware)
@@ -113,7 +126,7 @@ export const PtyConnectApi = HttpApi.make("pty-connect").add(
      HttpApiEndpoint.get("connect", PtyPaths.connect, {
        params: Params,
        success: described(Schema.Boolean, "Connected session"),
-        error: HttpApiError.NotFound,
+        error: [HttpApiError.Forbidden, HttpApiError.NotFound],
      }).annotateMerge(
        OpenApi.annotations({
          identifier: "pty.connect",
--- a/packages/opencode/src/server/routes/instance/httpapi/handlers/pty.ts
+++ b/packages/opencode/src/server/routes/instance/httpapi/handlers/pty.ts
@@ -1,8 +1,15 @@
 import { Pty } from "@/pty"
 import { PtyID } from "@/pty/schema"
+import { PtyTicket } from "@/pty/ticket"
 import { handlePtyInput } from "@/pty/input"
 import { Shell } from "@/shell/shell"
 import { EffectBridge } from "@/effect/bridge"
+import { CorsConfig, isAllowedRequestOrigin, type CorsOptions } from "@/server/cors"
+import {
+  PTY_CONNECT_TICKET_QUERY,
+  PTY_CONNECT_TOKEN_HEADER,
+  PTY_CONNECT_TOKEN_HEADER_VALUE,
+} from "@/server/shared/pty-ticket"
 import { Effect } from "effect"
 import { HttpRouter, HttpServerRequest, HttpServerResponse } from "effect/unstable/http"
 import { HttpApiBuilder, HttpApiError } from "effect/unstable/httpapi"
@@ -11,9 +18,15 @@ import { InstanceHttpApi } from "../api"
 import { CursorQuery, Params, PtyPaths } from "../groups/pty"
 import { WebSocketTracker } from "../websocket-tracker"

+function validOrigin(request: HttpServerRequest.HttpServerRequest, opts: CorsOptions | undefined) {
+  return isAllowedRequestOrigin(request.headers.origin, request.headers.host, opts)
+}
+
 export const ptyHandlers = HttpApiBuilder.group(InstanceHttpApi, "pty", (handlers) =>
  Effect.gen(function* () {
    const pty = yield* Pty.Service
+    const tickets = yield* PtyTicket.Service
+    const cors = yield* CorsConfig

    const shells = Effect.fn("PtyHttpApi.shells")(function* () {
      return yield* Effect.promise(() => Shell.list())
@@ -54,6 +67,14 @@ export const ptyHandlers = HttpApiBuilder.group(InstanceHttpApi, "pty", (handler
      return true
    })

+    const connectToken = Effect.fn("PtyHttpApi.connectToken")(function* (ctx: { params: { ptyID: PtyID } }) {
+      const request = yield* HttpServerRequest.HttpServerRequest
+      if (request.headers[PTY_CONNECT_TOKEN_HEADER] !== PTY_CONNECT_TOKEN_HEADER_VALUE || !validOrigin(request, cors))
+        return yield* new HttpApiError.Forbidden({})
+      if (!(yield* pty.get(ctx.params.ptyID))) return yield* new HttpApiError.NotFound({})
+      return yield* tickets.issue({ ptyID: ctx.params.ptyID, ...(yield* PtyTicket.scope) })
+    })
+
    return handlers
      .handle("shells", shells)
      .handle("list", list)
@@ -61,12 +82,15 @@ export const ptyHandlers = HttpApiBuilder.group(InstanceHttpApi, "pty", (handler
      .handle("get", get)
      .handle("update", update)
      .handle("remove", remove)
+      .handle("connectToken", connectToken)
  }),
 )

 export const ptyConnectRoute = HttpRouter.use((router) =>
  Effect.gen(function* () {
    const pty = yield* Pty.Service
+    const tickets = yield* PtyTicket.Service
+    const cors = yield* CorsConfig
    yield* router.add(
      "GET",
      PtyPaths.connect,
@@ -75,12 +99,20 @@ export const ptyConnectRoute = HttpRouter.use((router) =>
        if (!(yield* pty.get(params.ptyID))) return HttpServerResponse.empty({ status: 404 })

        const query = yield* HttpServerRequest.schemaSearchParams(CursorQuery)
+        const request = yield* HttpServerRequest.HttpServerRequest
+        const ticket = new URL(request.url, "http://localhost").searchParams.get(PTY_CONNECT_TICKET_QUERY)
+        if (ticket) {
+          const valid = validOrigin(request, cors)
+            ? yield* tickets.consume({ ticket, ptyID: params.ptyID, ...(yield* PtyTicket.scope) })
+            : false
+          if (!valid) return HttpServerResponse.empty({ status: 403 })
+        }
        const parsedCursor = query.cursor === undefined ? undefined : Number(query.cursor)
        const cursor =
          parsedCursor !== undefined && Number.isSafeInteger(parsedCursor) && parsedCursor >= -1
            ? parsedCursor
            : undefined
-        const socket = yield* Effect.orDie((yield* HttpServerRequest.HttpServerRequest).upgrade)
+        const socket = yield* Effect.orDie(request.upgrade)
        const write = yield* socket.writer
        const closeAccepted = (event: Socket.CloseEvent) =>
          socket
--- a/packages/opencode/src/server/routes/instance/httpapi/middleware/authorization.ts
+++ b/packages/opencode/src/server/routes/instance/httpapi/middleware/authorization.ts
@@ -2,6 +2,7 @@ import { ServerAuth } from "@/server/auth"
 import { Effect, Encoding, Layer, Redacted } from "effect"
 import { HttpRouter, HttpServerRequest, HttpServerResponse } from "effect/unstable/http"
 import { HttpApiError, HttpApiMiddleware } from "effect/unstable/httpapi"
+import { hasPtyConnectTicketURL } from "@/server/shared/pty-ticket"

 const AUTH_TOKEN_QUERY = "auth_token"
 const UNAUTHORIZED = 401
@@ -55,7 +56,11 @@ function decodeCredential(input: string) {
 }

 function credentialFromRequest(request: HttpServerRequest.HttpServerRequest) {
-  const token = new URL(request.url, "http://localhost").searchParams.get(AUTH_TOKEN_QUERY)
+  return credentialFromURL(new URL(request.url, "http://localhost"), request)
+}
+
+function credentialFromURL(url: URL, request: HttpServerRequest.HttpServerRequest) {
+  const token = url.searchParams.get(AUTH_TOKEN_QUERY)
  if (token) return decodeCredential(token)
  const match = /^Basic\s+(.+)$/i.exec(request.headers.authorization ?? "")
  if (match) return decodeCredential(match[1])
@@ -86,7 +91,9 @@ export const authorizationRouterMiddleware = HttpRouter.middleware()(
    return (effect) =>
      Effect.gen(function* () {
        const request = yield* HttpServerRequest.HttpServerRequest
-        return yield* credentialFromRequest(request).pipe(
+        const url = new URL(request.url, "http://localhost")
+        if (hasPtyConnectTicketURL(url)) return yield* effect
+        return yield* credentialFromURL(url, request).pipe(
          Effect.flatMap((credential) => validateRawCredential(effect, credential, config)),
        )
      })
--- a/packages/opencode/src/server/routes/instance/httpapi/server.ts
+++ b/packages/opencode/src/server/routes/instance/httpapi/server.ts
@@ -25,6 +25,7 @@ import { ProviderAuth } from "@/provider/auth"
 import { ModelsDev } from "@/provider/models"
 import { Provider } from "@/provider/provider"
 import { Pty } from "@/pty"
+import { PtyTicket } from "@/pty/ticket"
 import { Question } from "@/question"
 import { Session } from "@/session/session"
 import { SessionCompaction } from "@/session/compaction"
@@ -44,7 +45,7 @@ import { lazy } from "@/util/lazy"
 import { Vcs } from "@/project/vcs"
 import { Worktree } from "@/worktree"
 import { Workspace } from "@/control-plane/workspace"
-import { isAllowedCorsOrigin, type CorsOptions } from "@/server/cors"
+import { CorsConfig, isAllowedCorsOrigin, type CorsOptions } from "@/server/cors"
 import { serveUIEffect } from "@/server/shared/ui"
 import { ServerAuth } from "@/server/auth"
 import { InstanceHttpApi, RootHttpApi } from "./api"
@@ -163,6 +164,7 @@ export function createRoutes(corsOptions?: CorsOptions) {
      ProviderAuth.defaultLayer,
      Provider.defaultLayer,
      Pty.defaultLayer,
+      PtyTicket.defaultLayer,
      Question.defaultLayer,
      Ripgrep.defaultLayer,
      Session.defaultLayer,
@@ -187,6 +189,7 @@ export function createRoutes(corsOptions?: CorsOptions) {
      FetchHttpClient.layer,
      HttpServer.layerServices,
    ]),
+    Layer.provideMerge(Layer.succeed(CorsConfig)(corsOptions)),
    Layer.provideMerge(InstanceLayer.layer),
    Layer.provideMerge(Observability.layer),
  )
--- a/packages/opencode/src/server/routes/instance/index.ts
+++ b/packages/opencode/src/server/routes/instance/index.ts
@@ -39,10 +39,11 @@ import { SessionPaths } from "./httpapi/groups/session"
 import { SyncPaths } from "./httpapi/groups/sync"
 import { TuiPaths } from "./httpapi/groups/tui"
 import { WorkspacePaths } from "./httpapi/groups/workspace"
+import type { CorsOptions } from "@/server/cors"

-export const InstanceRoutes = (upgrade: UpgradeWebSocket): Hono => {
+export const InstanceRoutes = (upgrade: UpgradeWebSocket, opts?: CorsOptions): Hono => {
  const app = new Hono()
-  const handler = ExperimentalHttpApiServer.webHandler().handler
+  const handler = ExperimentalHttpApiServer.webHandler(opts).handler
  const context = Context.empty() as Context.Context<unknown>

  app.all("/api/*", (c) => handler(c.req.raw, context))
@@ -107,6 +108,7 @@ export const InstanceRoutes = (upgrade: UpgradeWebSocket): Hono => {
    app.get(PtyPaths.get, (c) => handler(c.req.raw, context))
    app.put(PtyPaths.update, (c) => handler(c.req.raw, context))
    app.delete(PtyPaths.remove, (c) => handler(c.req.raw, context))
+    app.post(PtyPaths.connectToken, (c) => handler(c.req.raw, context))
    app.get(PtyPaths.connect, (c) => handler(c.req.raw, context))
    app.get(SessionPaths.list, (c) => handler(c.req.raw, context))
    app.get(SessionPaths.status, (c) => handler(c.req.raw, context))
@@ -158,7 +160,7 @@ export const InstanceRoutes = (upgrade: UpgradeWebSocket): Hono => {

  return app
    .route("/project", ProjectRoutes())
-    .route("/pty", PtyRoutes(upgrade))
+    .route("/pty", PtyRoutes(upgrade, opts))
    .route("/config", ConfigRoutes())
    .route("/experimental", ExperimentalRoutes())
    .route("/session", SessionRoutes())
--- a/packages/opencode/src/server/routes/instance/pty.ts
+++ b/packages/opencode/src/server/routes/instance/pty.ts
@@ -1,4 +1,5 @@
 import { Hono } from "hono"
+import type { Context } from "hono"
 import { describeRoute, validator, resolver } from "hono-openapi"
 import type { UpgradeWebSocket } from "hono/ws"
 import { Effect, Schema } from "effect"
@@ -6,10 +7,19 @@ import z from "zod"
 import { AppRuntime } from "@/effect/app-runtime"
 import { Pty } from "@/pty"
 import { PtyID } from "@/pty/schema"
+import { PtyTicket } from "@/pty/ticket"
 import { Shell } from "@/shell/shell"
 import { NotFoundError } from "@/storage/storage"
 import { errors } from "../../error"
 import { jsonRequest, runRequest } from "./trace"
+import { HTTPException } from "hono/http-exception"
+import { isAllowedRequestOrigin, type CorsOptions } from "@/server/cors"
+import {
+  PTY_CONNECT_TICKET_QUERY,
+  PTY_CONNECT_TOKEN_HEADER,
+  PTY_CONNECT_TOKEN_HEADER_VALUE,
+} from "@/server/shared/pty-ticket"
+import { zod as effectZod } from "@/util/effect-zod"

 const ShellItem = z.object({
  path: z.string(),
@@ -18,7 +28,11 @@ const ShellItem = z.object({
 })
 const decodePtyID = Schema.decodeUnknownSync(PtyID)

-export function PtyRoutes(upgradeWebSocket: UpgradeWebSocket) {
+function validOrigin(c: Context, opts?: CorsOptions) {
+  return isAllowedRequestOrigin(c.req.header("origin"), c.req.header("host"), opts)
+}
+
+export function PtyRoutes(upgradeWebSocket: UpgradeWebSocket, opts?: CorsOptions) {
  return new Hono()
    .get(
      "/shells",
@@ -175,6 +189,43 @@ export function PtyRoutes(upgradeWebSocket: UpgradeWebSocket) {
          return true
        }),
    )
+    .post(
+      "/:ptyID/connect-token",
+      describeRoute({
+        summary: "Create PTY WebSocket token",
+        description: "Create a short-lived token for opening a PTY WebSocket connection.",
+        operationId: "pty.connectToken",
+        responses: {
+          200: {
+            description: "WebSocket connect token",
+            content: {
+              "application/json": {
+                schema: resolver(effectZod(PtyTicket.ConnectToken)),
+              },
+            },
+          },
+          ...errors(403, 404),
+        },
+      }),
+      validator("param", z.object({ ptyID: PtyID.zod })),
+      async (c) => {
+        if (c.req.header(PTY_CONNECT_TOKEN_HEADER) !== PTY_CONNECT_TOKEN_HEADER_VALUE || !validOrigin(c, opts))
+          throw new HTTPException(403)
+        const result = await runRequest(
+          "PtyRoutes.connectToken",
+          c,
+          Effect.gen(function* () {
+            const pty = yield* Pty.Service
+            const id = c.req.valid("param").ptyID
+            if (!(yield* pty.get(id))) return
+            const tickets = yield* PtyTicket.Service
+            return yield* tickets.issue({ ptyID: id, ...(yield* PtyTicket.scope) })
+          }),
+        )
+        if (!result) throw new NotFoundError({ message: "Session not found" })
+        return c.json(result)
+      },
+    )
    .get(
      "/:ptyID/connect",
      describeRoute({
@@ -190,7 +241,7 @@ export function PtyRoutes(upgradeWebSocket: UpgradeWebSocket) {
              },
            },
          },
-          ...errors(404),
+          ...errors(403, 404),
        },
      }),
      validator("param", z.object({ ptyID: PtyID.zod })),
@@ -201,14 +252,6 @@ export function PtyRoutes(upgradeWebSocket: UpgradeWebSocket) {
        }

        const id = decodePtyID(c.req.param("ptyID"))
-        const cursor = (() => {
-          const value = c.req.query("cursor")
-          if (!value) return
-          const parsed = Number(value)
-          if (!Number.isSafeInteger(parsed) || parsed < -1) return
-          return parsed
-        })()
-        let handler: Handler | undefined
        if (
          !(await runRequest(
            "PtyRoutes.connect",
@@ -219,8 +262,29 @@ export function PtyRoutes(upgradeWebSocket: UpgradeWebSocket) {
            }),
          ))
        ) {
-          throw new Error("Session not found")
+          throw new NotFoundError({ message: "Session not found" })
        }
+        const ticket = c.req.query(PTY_CONNECT_TICKET_QUERY)
+        if (ticket) {
+          if (!validOrigin(c, opts)) throw new HTTPException(403)
+          const valid = await runRequest(
+            "PtyRoutes.connect.ticket",
+            c,
+            Effect.gen(function* () {
+              const tickets = yield* PtyTicket.Service
+              return yield* tickets.consume({ ticket, ptyID: id, ...(yield* PtyTicket.scope) })
+            }),
+          )
+          if (!valid) throw new HTTPException(403)
+        }
+        const cursor = (() => {
+          const value = c.req.query("cursor")
+          if (!value) return
+          const parsed = Number(value)
+          if (!Number.isSafeInteger(parsed) || parsed < -1) return
+          return parsed
+        })()
+        let handler: Handler | undefined

        type Socket = {
          readyState: number
--- a/packages/opencode/src/server/server.ts
+++ b/packages/opencode/src/server/server.ts
@@ -120,7 +120,7 @@ function createHono(opts: CorsOptions, selection: ServerBackend.Selection = Serv
      app: app
        .use(InstanceMiddleware(Flag.OPENCODE_WORKSPACE_ID ? WorkspaceID.make(Flag.OPENCODE_WORKSPACE_ID) : undefined))
        .use(FenceMiddleware)
-        .route("/", InstanceRoutes(runtime.upgradeWebSocket)),
+        .route("/", InstanceRoutes(runtime.upgradeWebSocket, opts)),
      runtime,
    }
  }
@@ -136,7 +136,7 @@ function createHono(opts: CorsOptions, selection: ServerBackend.Selection = Serv
    app: app
      .route("/", ControlPlaneRoutes())
      .route("/", workspaceApp)
-      .route("/", InstanceRoutes(runtime.upgradeWebSocket))
+      .route("/", InstanceRoutes(runtime.upgradeWebSocket, opts))
      .route("/", UIRoutes()),
    runtime,
  }
--- a/packages/opencode/src/server/shared/pty-ticket.ts
+++ b/packages/opencode/src/server/shared/pty-ticket.ts
@@ -0,0 +1,15 @@
+export const PTY_CONNECT_TICKET_QUERY = "ticket"
+export const PTY_CONNECT_TOKEN_HEADER = "x-opencode-ticket"
+export const PTY_CONNECT_TOKEN_HEADER_VALUE = "1"
+
+const PTY_CONNECT_PATH = /^\/pty\/[^/]+\/connect$/
+
+// Auth middleware skips Basic Auth when this matches; the PTY connect handler
+// is then responsible for validating the ticket.
+export function isPtyConnectPath(pathname: string) {
+  return PTY_CONNECT_PATH.test(pathname)
+}
+
+export function hasPtyConnectTicketURL(url: URL) {
+  return isPtyConnectPath(url.pathname) && !!url.searchParams.get(PTY_CONNECT_TICKET_QUERY)
+}
--- a/packages/opencode/src/session/processor.ts
+++ b/packages/opencode/src/session/processor.ts
@@ -655,7 +655,7 @@ export const layer: Layer.Layer<
          EventV2.run(SessionEvent.Step.Failed.Sync, {
            sessionID: ctx.sessionID,
            error: {
-              type: "unknown",
+              type: error.name,
              message: errorMessage(e),
            },
            timestamp: DateTime.makeUnsafe(Date.now()),
--- a/packages/opencode/src/session/session.ts
+++ b/packages/opencode/src/session/session.ts
@@ -339,7 +339,8 @@ export const Event = {
      sessionID: Schema.optional(SessionID),
      // Reuses MessageV2.Assistant.fields.error (already Schema.optional) so
      // the derived zod keeps the same discriminated-union shape on the bus.
-      error: MessageV2.Assistant.fields.error,
+      // Schema.suspend defers access to break circular init in compiled binaries.
+      error: Schema.suspend(() => MessageV2.Assistant.fields.error),
    }),
  ),
 }
--- a/packages/opencode/src/util/effect-zod.ts
+++ b/packages/opencode/src/util/effect-zod.ts
@@ -256,6 +256,8 @@ function body(ast: SchemaAST.AST): z.ZodTypeAny {
      return array(ast)
    case "Declaration":
      return decl(ast)
+    case "Suspend":
+      return z.lazy(() => walk(ast.thunk()))
    default:
      return fail(ast)
  }
--- a/packages/opencode/src/v2/auth.ts
+++ b/packages/opencode/src/v2/auth.ts
@@ -1,246 +0,0 @@
-import path from "path"
-import { Effect, Layer, Option, Schema, Context, SynchronizedRef } from "effect"
-import { Identifier } from "@opencode-ai/core/util/identifier"
-import { NonNegativeInt, withStatics } from "@/util/schema"
-import { Global } from "@opencode-ai/core/global"
-import { AppFileSystem } from "@opencode-ai/core/filesystem"
-
-export const OAUTH_DUMMY_KEY = "opencode-oauth-dummy-key"
-
-const AccountID = Schema.String.pipe(
-  Schema.brand("AccountID"),
-  withStatics((schema) => ({ create: () => schema.make("acc_" + Identifier.ascending()) })),
-)
-export type AccountID = typeof AccountID.Type
-
-export const ServiceID = Schema.String.pipe(Schema.brand("ServiceID"))
-export type ServiceID = typeof ServiceID.Type
-
-export class OAuthCredential extends Schema.Class<OAuthCredential>("AuthV2.OAuthCredential")({
-  type: Schema.Literal("oauth"),
-  refresh: Schema.String,
-  access: Schema.String,
-  expires: NonNegativeInt,
-}) {}
-
-export class ApiKeyCredential extends Schema.Class<ApiKeyCredential>("AuthV2.ApiKeyCredential")({
-  type: Schema.Literal("api"),
-  key: Schema.String,
-  metadata: Schema.optional(Schema.Record(Schema.String, Schema.String)),
-}) {}
-
-export const Credential = Schema.Union([OAuthCredential, ApiKeyCredential])
-  .pipe(Schema.toTaggedUnion("type"))
-  .annotate({
-    identifier: "AuthV2.Credential",
-  })
-export type Credential = Schema.Schema.Type<typeof Credential>
-
-export class Account extends Schema.Class<Account>("AuthV2.Account")({
-  id: AccountID,
-  serviceID: ServiceID,
-  description: Schema.String,
-  credential: Credential,
-}) {}
-
-export class AuthFileWriteError extends Schema.TaggedErrorClass<AuthFileWriteError>()("AuthV2.FileWriteError", {
-  operation: Schema.Union([Schema.Literal("migrate"), Schema.Literal("write")]),
-  cause: Schema.Defect,
-}) {}
-
-export type AuthError = AuthFileWriteError
-
-interface Writable {
-  version: 2
-  accounts: Record<string, Account>
-  active: Record<string, AccountID>
-}
-
-const decodeV1 = Schema.decodeUnknownOption(Schema.Record(Schema.String, Credential))
-
-function migrate(old: Record<string, unknown>): Writable {
-  const accounts: Record<string, Account> = {}
-  const active: Record<string, AccountID> = {}
-  for (const [serviceID, value] of Object.entries(old)) {
-    const decoded = Option.getOrElse(decodeV1({ [serviceID]: value }), () => ({}))
-    const parsed = (decoded as Record<string, Credential>)[serviceID]
-    if (!parsed) continue
-    const id = Identifier.ascending()
-    const accountID = AccountID.make(id)
-    const brandedServiceID = ServiceID.make(serviceID)
-    accounts[id] = new Account({
-      id: accountID,
-      serviceID: brandedServiceID,
-      description: "default",
-      credential: parsed,
-    })
-    active[brandedServiceID] = accountID
-  }
-  return { version: 2, accounts, active }
-}
-
-export interface Interface {
-  readonly get: (accountID: AccountID) => Effect.Effect<Account | undefined, AuthError>
-  readonly all: () => Effect.Effect<Account[], AuthError>
-  readonly create: (input: {
-    serviceID: ServiceID
-    credential: Credential
-    description?: string
-    active?: boolean
-  }) => Effect.Effect<Account, AuthError>
-  readonly update: (
-    accountID: AccountID,
-    updates: Partial<Pick<Account, "description" | "credential">>,
-  ) => Effect.Effect<void, AuthError>
-  readonly remove: (accountID: AccountID) => Effect.Effect<void, AuthError>
-  readonly activate: (accountID: AccountID) => Effect.Effect<void, AuthError>
-  readonly active: (serviceID: ServiceID) => Effect.Effect<Account | undefined, AuthError>
-  readonly forService: (serviceID: ServiceID) => Effect.Effect<Account[], AuthError>
-}
-
-export class Service extends Context.Service<Service, Interface>()("@opencode/v2/Auth") {}
-
-export const layer = Layer.effect(
-  Service,
-  Effect.gen(function* () {
-    const fsys = yield* AppFileSystem.Service
-    const global = yield* Global.Service
-    const file = path.join(global.data, "auth-v2.json")
-
-    const load: () => Effect.Effect<Writable, AuthError> = Effect.fnUntraced(function* () {
-      if (process.env.OPENCODE_AUTH_CONTENT) {
-        try {
-          return JSON.parse(process.env.OPENCODE_AUTH_CONTENT)
-        } catch {}
-      }
-
-      const raw = yield* fsys.readJson(file).pipe(Effect.orElseSucceed(() => null))
-
-      if (!raw || typeof raw !== "object") return { version: 2, accounts: {}, active: {} }
-
-      if ("version" in raw && raw.version === 2) return raw as Writable
-
-      const migrated = migrate(raw as Record<string, unknown>)
-      yield* fsys
-        .writeJson(file, migrated, 0o600)
-        .pipe(Effect.mapError((cause) => new AuthFileWriteError({ operation: "migrate", cause })))
-      return migrated
-    })
-
-    const write = (data: Writable) =>
-      fsys
-        .writeJson(file, data, 0o600)
-        .pipe(Effect.mapError((cause) => new AuthFileWriteError({ operation: "write", cause })))
-
-    const state = SynchronizedRef.makeUnsafe(yield* load())
-
-    const result: Interface = {
-      get: Effect.fn("AuthV2.get")(function* (accountID) {
-        return (yield* SynchronizedRef.get(state)).accounts[accountID]
-      }),
-
-      all: Effect.fn("AuthV2.all")(function* () {
-        return Object.values((yield* SynchronizedRef.get(state)).accounts)
-      }),
-
-      active: Effect.fn("AuthV2.active")(function* (serviceID) {
-        const data = yield* SynchronizedRef.get(state)
-        return (
-          data.accounts[data.active[serviceID]] ?? Object.values(data.accounts).find((a) => a.serviceID === serviceID)
-        )
-      }),
-
-      forService: Effect.fn("AuthV2.list")(function* (serviceID) {
-        return Object.values((yield* SynchronizedRef.get(state)).accounts).filter((a) => a.serviceID === serviceID)
-      }),
-
-      create: Effect.fn("AuthV2.add")(function* (input) {
-        return yield* SynchronizedRef.modifyEffect(
-          state,
-          Effect.fnUntraced(function* (data) {
-            const account = new Account({
-              id: AccountID.make(Identifier.ascending()),
-              serviceID: input.serviceID,
-              description: input.description ?? "default",
-              credential: input.credential,
-            })
-            const next = {
-              ...data,
-              accounts: { ...data.accounts, [account.id]: account },
-              active:
-                (input.active ?? Object.values(data.accounts).every((a) => a.serviceID !== input.serviceID))
-                  ? { ...data.active, [input.serviceID]: account.id }
-                  : data.active,
-            }
-
-            yield* write(next)
-            return [account, next] as const
-          }),
-        )
-      }),
-
-      update: Effect.fn("AuthV2.update")(function* (accountID, updates) {
-        yield* SynchronizedRef.modifyEffect(
-          state,
-          Effect.fnUntraced(function* (data) {
-            const existing = data.accounts[accountID]
-            if (!existing) return [undefined, data] as const
-
-            const next = {
-              ...data,
-              accounts: {
-                ...data.accounts,
-                [accountID]: new Account({
-                  id: accountID,
-                  serviceID: existing.serviceID,
-                  description: updates.description ?? existing.description,
-                  credential: updates.credential ?? existing.credential,
-                }),
-              },
-            }
-
-            yield* write(next)
-            return [undefined, next] as const
-          }),
-        )
-      }),
-
-      remove: Effect.fn("AuthV2.remove")(function* (accountID) {
-        yield* SynchronizedRef.modifyEffect(
-          state,
-          Effect.fnUntraced(function* (data) {
-            const accounts = { ...data.accounts }
-            const active = { ...data.active }
-            if (accounts[accountID] && active[accounts[accountID].serviceID] === accountID)
-              delete active[accounts[accountID].serviceID]
-            delete accounts[accountID]
-
-            const next = { ...data, accounts, active }
-            yield* write(next)
-            return [undefined, next] as const
-          }),
-        )
-      }),
-
-      activate: Effect.fn("AuthV2.activate")(function* (accountID) {
-        yield* SynchronizedRef.modifyEffect(
-          state,
-          Effect.fnUntraced(function* (data) {
-            const account = data.accounts[accountID]
-            if (!account) return [undefined, data] as const
-
-            const next = { ...data, active: { ...data.active, [account.serviceID]: accountID } }
-            yield* write(next)
-            return [undefined, next] as const
-          }),
-        )
-      }),
-    }
-
-    return Service.of(result)
-  }),
-)
-
-export const defaultLayer = layer.pipe(Layer.provide(AppFileSystem.defaultLayer), Layer.provide(Global.defaultLayer))
-
-export * as AuthV2 from "./auth"
--- a/packages/opencode/src/v2/model.ts
+++ b/packages/opencode/src/v2/model.ts
@@ -1,135 +0,0 @@
-import { withStatics } from "@/util/schema"
-import { Array, Context, Effect, HashMap, Layer, Option, Order, pipe, Schema } from "effect"
-import { DateTimeUtcFromMillis } from "effect/Schema"
-
-export const ID = Schema.String.pipe(Schema.brand("Model.ID"))
-export type ID = typeof ID.Type
-
-export const ProviderID = Schema.String.pipe(
-  Schema.brand("Model.ProviderID"),
-  withStatics((schema) => ({
-    // Well-known providers
-    opencode: schema.make("opencode"),
-    anthropic: schema.make("anthropic"),
-    openai: schema.make("openai"),
-    google: schema.make("google"),
-    googleVertex: schema.make("google-vertex"),
-    githubCopilot: schema.make("github-copilot"),
-    amazonBedrock: schema.make("amazon-bedrock"),
-    azure: schema.make("azure"),
-    openrouter: schema.make("openrouter"),
-    mistral: schema.make("mistral"),
-    gitlab: schema.make("gitlab"),
-  })),
-)
-export type ProviderID = typeof ProviderID.Type
-
-export const ApiFormat = Schema.Union([
-  Schema.Literal("openai/responses"),
-  Schema.Literal("openai/completions"),
-  Schema.Literal("anthropic"),
-])
-
-const Modalities = Schema.Struct({
-  text: Schema.Boolean,
-  audio: Schema.Boolean,
-  image: Schema.Boolean,
-  video: Schema.Boolean,
-  pdf: Schema.Boolean,
-})
-
-export const Capabilities = Schema.Struct({
-  temperature: Schema.Boolean,
-  reasoning: Schema.Boolean,
-  attachment: Schema.Boolean,
-  toolcall: Schema.Boolean,
-  small: Schema.Boolean,
-  input: Modalities,
-  output: Modalities,
-})
-
-export class Info extends Schema.Class<Info>("Model.Info")({
-  id: ID,
-  providerID: ProviderID,
-  api: Schema.Struct({
-    format: ApiFormat,
-    url: Schema.String,
-    headers: Schema.Record(Schema.String, Schema.String),
-  }),
-  capabilities: Capabilities,
-  name: Schema.String,
-  family: Schema.optional(Schema.String),
-  variants: Schema.Record(Schema.String, Schema.Record(Schema.String, Schema.Any)),
-  time: Schema.Struct({
-    released: DateTimeUtcFromMillis,
-  }),
-}) {}
-
-export function parse(input: string): { providerID: ProviderID; modelID: ID } {
-  const [providerID, ...modelID] = input.split("/")
-  return {
-    providerID: ProviderID.make(providerID),
-    modelID: ID.make(modelID.join("/")),
-  }
-}
-
-export interface Interface {
-  readonly get: (providerID: ProviderID, modelID: ID) => Effect.Effect<Option.Option<Info>>
-  readonly add: (model: Info) => Effect.Effect<void>
-  readonly remove: (providerID: ProviderID, modelID: ID) => Effect.Effect<void>
-  readonly all: () => Effect.Effect<Info[]>
-  readonly default: () => Effect.Effect<Option.Option<Info>>
-  readonly small: (provider: ProviderID) => Effect.Effect<Option.Option<Info>>
-}
-
-export class Service extends Context.Service<Service, Interface>()("@opencode/v2/Model") {}
-
-export const layer = Layer.effect(
-  Service,
-  Effect.gen(function* () {
-    let models = HashMap.empty<string, Info>()
-
-    function key(providerID: ProviderID, modelID: ID) {
-      return `${providerID}/${modelID}`
-    }
-
-    const result: Interface = {
-      get: Effect.fn("V2Model.get")(function* (providerID, modelID) {
-        return HashMap.get(models, key(providerID, modelID))
-      }),
-
-      add: Effect.fn("V2Model.add")(function* (model) {
-        models = HashMap.set(models, key(model.providerID, model.id), model)
-      }),
-
-      remove: Effect.fn("V2Model.remove")(function* (providerID, modelID) {
-        models = HashMap.remove(models, key(providerID, modelID))
-      }),
-
-      all: Effect.fn("V2Model.all")(function* () {
-        return pipe(
-          models,
-          HashMap.toValues,
-          Array.sortWith((item) => item.time.released.epochMilliseconds, Order.flip(Order.Number)),
-        )
-      }),
-
-      default: Effect.fn("V2Model.default")(function* () {
-        const all = yield* result.all()
-        return Option.fromUndefinedOr(all[0])
-      }),
-
-      small: Effect.fn("V2Model.small")(function* (providerID) {
-        const all = yield* result.all()
-        const match = all.find((model) => model.capabilities.small && model.providerID === providerID)
-        return Option.fromUndefinedOr(match)
-      }),
-    }
-
-    return Service.of(result)
-  }),
-)
-
-export const defaultLayer = layer
-
-export * as Modelv2 from "./model"
--- a/packages/opencode/src/v2/session-event.ts
+++ b/packages/opencode/src/v2/session-event.ts
@@ -22,13 +22,10 @@ const Base = {
  sessionID: SessionID,
 }

-export const UnknownError = Schema.Struct({
-  type: Schema.Literal("unknown"),
+const Error = Schema.Struct({
+  type: Schema.String,
  message: Schema.String,
-}).annotate({
-  identifier: "Session.Error.Unknown",
 })
-export type UnknownError = Schema.Schema.Type<typeof UnknownError>

 export const AgentSwitched = EventV2.define({
  type: "session.next.agent.switched",
@@ -142,7 +139,7 @@ export namespace Step {
    aggregate: "sessionID",
    schema: {
      ...Base,
-      error: UnknownError,
+      error: Error,
    },
  })
  export type Failed = Schema.Schema.Type<typeof Failed>
@@ -299,7 +296,7 @@ export namespace Tool {
    schema: {
      ...Base,
      callID: Schema.String,
-      error: UnknownError,
+      error: Error,
      provider: Schema.Struct({
        executed: Schema.Boolean,
        metadata: Schema.Record(Schema.String, Schema.Unknown).pipe(Schema.optional),
--- a/packages/opencode/src/v2/session-message.ts
+++ b/packages/opencode/src/v2/session-message.ts
@@ -87,7 +87,10 @@ export class ToolStateError extends Schema.Class<ToolStateError>("Session.Messag
  input: Schema.Record(Schema.String, Schema.Unknown),
  content: ToolOutput.Content.pipe(Schema.Array),
  structured: ToolOutput.Structured,
-  error: SessionEvent.UnknownError,
+  error: Schema.Struct({
+    type: Schema.String,
+    message: Schema.String,
+  }),
 }) {}

 export const ToolState = Schema.Union([ToolStatePending, ToolStateRunning, ToolStateCompleted, ToolStateError]).pipe(
--- a/packages/opencode/test/agent/agent.test.ts
+++ b/packages/opencode/test/agent/agent.test.ts
@@ -229,8 +229,8 @@ test("agent permission config merges with defaults", async () => {
      expect(build).toBeDefined()
      // Specific pattern is denied
      expect(Permission.evaluate("bash", "rm -rf *", build!.permission).action).toBe("deny")
-      // Edit still allowed
-      expect(evalPerm(build, "edit")).toBe("allow")
+      // Edit still asks (default behavior)
+      expect(evalPerm(build, "edit")).toBe("ask")
    },
  })
 })
--- a/packages/opencode/test/agent/plugin-agent-regression.test.ts
+++ b/packages/opencode/test/agent/plugin-agent-regression.test.ts
@@ -1,52 +1,65 @@
-import { afterEach, expect, test } from "bun:test"
+import { expect } from "bun:test"
+import { CrossSpawnSpawner } from "@opencode-ai/core/cross-spawn-spawner"
+import { Effect, Layer } from "effect"
 import path from "path"
 import { pathToFileURL } from "url"
-import { AppRuntime } from "../../src/effect/app-runtime"
 import { Agent } from "../../src/agent/agent"
-import { Instance } from "../../src/project/instance"
-import { WithInstance } from "../../src/project/with-instance"
-import { disposeAllInstances, tmpdir } from "../fixture/fixture"
+import { InstanceRef } from "../../src/effect/instance-ref"
+import { InstanceLayer } from "../../src/project/instance-layer"
+import { InstanceStore } from "../../src/project/instance-store"
+import { tmpdirScoped } from "../fixture/fixture"
+import { testEffect } from "../lib/effect"

-afterEach(async () => {
-  await disposeAllInstances()
-})
+const pluginAgent = {
+  name: "plugin_added",
+  description: "Added by a plugin via the config hook",
+  mode: "subagent",
+} as const

-test("plugin-registered agents appear in Agent.list", async () => {
-  await using tmp = await tmpdir({
-    init: async (dir) => {
-      const pluginFile = path.join(dir, "plugin.ts")
-      await Bun.write(
-        pluginFile,
-        [
-          "export default async () => ({",
-          "  config: async (cfg) => {",
-          "    cfg.agent = cfg.agent ?? {}",
-          "    cfg.agent.plugin_added = {",
-          '      description: "Added by a plugin via the config hook",',
-          '      mode: "subagent",',
-          "    }",
-          "  },",
-          "})",
-          "",
-        ].join("\n"),
-      )
-      await Bun.write(
-        path.join(dir, "opencode.json"),
-        JSON.stringify({
-          $schema: "https://opencode.ai/config.json",
-          plugin: [pathToFileURL(pluginFile).href],
-        }),
-      )
-    },
-  })
+const it = testEffect(Layer.mergeAll(Agent.defaultLayer, InstanceLayer.layer, CrossSpawnSpawner.defaultLayer))

-  await WithInstance.provide({
-    directory: tmp.path,
-    fn: async () => {
-      const agents = await AppRuntime.runPromise(Agent.Service.use((svc) => svc.list()))
-      const added = agents.find((agent) => agent.name === "plugin_added")
-      expect(added?.description).toBe("Added by a plugin via the config hook")
-      expect(added?.mode).toBe("subagent")
-    },
-  })
-})
+it.live("plugin-registered agents appear in Agent.list", () =>
+  Effect.gen(function* () {
+    const dir = yield* tmpdirScoped()
+    const pluginFile = path.join(dir, "plugin.ts")
+
+    yield* Effect.promise(async () => {
+      await Promise.all([
+        Bun.write(
+          pluginFile,
+          [
+            "export default async () => ({",
+            "  config: async (cfg) => {",
+            "    cfg.agent = cfg.agent ?? {}",
+            `    cfg.agent[${JSON.stringify(pluginAgent.name)}] = {`,
+            `      description: ${JSON.stringify(pluginAgent.description)},`,
+            `      mode: ${JSON.stringify(pluginAgent.mode)},`,
+            "    }",
+            "  },",
+            "})",
+            "",
+          ].join("\n"),
+        ),
+        Bun.write(
+          path.join(dir, "opencode.json"),
+          JSON.stringify({
+            $schema: "https://opencode.ai/config.json",
+            plugin: [pathToFileURL(pluginFile).href],
+          }),
+        ),
+      ])
+    })
+
+    const agents = yield* InstanceStore.Service.use((store) =>
+      Effect.gen(function* () {
+        const ctx = yield* store.load({ directory: dir })
+        yield* Effect.addFinalizer(() => store.dispose(ctx).pipe(Effect.ignore))
+        return yield* Agent.Service.use((svc) => svc.list()).pipe(Effect.provideService(InstanceRef, ctx))
+      }),
+    )
+    const added = agents.find((agent) => agent.name === pluginAgent.name)
+
+    expect(added?.description).toBe(pluginAgent.description)
+    expect(added?.mode).toBe(pluginAgent.mode)
+  }),
+)
--- a/packages/opencode/test/pty/ticket.test.ts
+++ b/packages/opencode/test/pty/ticket.test.ts
@@ -0,0 +1,57 @@
+import { describe, expect } from "bun:test"
+import { Effect, Layer } from "effect"
+import { WorkspaceID } from "../../src/control-plane/schema"
+import { PtyID } from "../../src/pty/schema"
+import { PtyTicket } from "../../src/pty/ticket"
+import { testEffect } from "../lib/effect"
+
+const it = testEffect(PtyTicket.layer)
+const itExpiring = testEffect(Layer.effect(PtyTicket.Service, PtyTicket.make(5)))
+
+describe("PTY websocket tickets", () => {
+  it.live("consumes tickets once", () =>
+    Effect.gen(function* () {
+      const tickets = yield* PtyTicket.Service
+      const scope = { ptyID: PtyID.ascending(), directory: "/tmp/a" }
+      const issued = yield* tickets.issue(scope)
+
+      expect(yield* tickets.consume({ ...scope, ticket: issued.ticket })).toBe(true)
+      expect(yield* tickets.consume({ ...scope, ticket: issued.ticket })).toBe(false)
+    }),
+  )
+
+  it.live("rejects tickets scoped to a different request", () =>
+    Effect.gen(function* () {
+      const tickets = yield* PtyTicket.Service
+      const ptyID = PtyID.ascending()
+      const issued = yield* tickets.issue({ ptyID, directory: "/tmp/a" })
+
+      expect(yield* tickets.consume({ ptyID, directory: "/tmp/b", ticket: issued.ticket })).toBe(false)
+      expect(yield* tickets.consume({ ptyID, directory: "/tmp/a", ticket: issued.ticket })).toBe(true)
+    }),
+  )
+
+  itExpiring.live("rejects tickets after the TTL elapses", () =>
+    Effect.gen(function* () {
+      const tickets = yield* PtyTicket.Service
+      const ptyID = PtyID.ascending()
+      const issued = yield* tickets.issue({ ptyID })
+
+      yield* Effect.promise(() => new Promise((resolve) => setTimeout(resolve, 25)))
+
+      expect(yield* tickets.consume({ ptyID, ticket: issued.ticket })).toBe(false)
+    }),
+  )
+
+  it.live("rejects tickets scoped to a different workspace", () =>
+    Effect.gen(function* () {
+      const tickets = yield* PtyTicket.Service
+      const ptyID = PtyID.ascending()
+      const workspaceID = WorkspaceID.ascending()
+      const issued = yield* tickets.issue({ ptyID, workspaceID })
+
+      expect(yield* tickets.consume({ ptyID, workspaceID: WorkspaceID.ascending(), ticket: issued.ticket })).toBe(false)
+      expect(yield* tickets.consume({ ptyID, workspaceID, ticket: issued.ticket })).toBe(true)
+    }),
+  )
+})
--- a/packages/opencode/test/server/httpapi-listen.test.ts
+++ b/packages/opencode/test/server/httpapi-listen.test.ts
@@ -31,8 +31,8 @@ afterEach(async () => {
  await resetDatabase()
 })

-async function startListener() {
-  Flag.OPENCODE_EXPERIMENTAL_HTTPAPI = true
+async function startListener(backend: "effect-httpapi" | "hono" = "effect-httpapi") {
+  Flag.OPENCODE_EXPERIMENTAL_HTTPAPI = backend === "effect-httpapi"
  Flag.OPENCODE_SERVER_PASSWORD = auth.password
  Flag.OPENCODE_SERVER_USERNAME = auth.username
  process.env.OPENCODE_SERVER_PASSWORD = auth.password
@@ -40,19 +40,53 @@ async function startListener() {
  return Server.listen({ hostname: "127.0.0.1", port: 0 })
 }

+async function startNoAuthListener() {
+  Flag.OPENCODE_EXPERIMENTAL_HTTPAPI = false
+  Flag.OPENCODE_SERVER_PASSWORD = undefined
+  Flag.OPENCODE_SERVER_USERNAME = auth.username
+  delete process.env.OPENCODE_SERVER_PASSWORD
+  process.env.OPENCODE_SERVER_USERNAME = auth.username
+  return Server.listen({ hostname: "127.0.0.1", port: 0 })
+}
+
 function authorization() {
  return `Basic ${btoa(`${auth.username}:${auth.password}`)}`
 }

-function socketURL(listener: Awaited<ReturnType<typeof startListener>>, id: string, dir: string) {
+function socketURL(listener: Awaited<ReturnType<typeof startListener>>, id: string, dir: string, ticket?: string) {
  const url = new URL(PtyPaths.connect.replace(":ptyID", id), listener.url)
  url.protocol = "ws:"
  url.searchParams.set("directory", dir)
  url.searchParams.set("cursor", "-1")
-  url.searchParams.set("auth_token", btoa(`${auth.username}:${auth.password}`))
+  if (ticket) url.searchParams.set("ticket", ticket)
  return url
 }

+async function requestTicket(
+  listener: Awaited<ReturnType<typeof startListener>>,
+  id: string,
+  dir: string,
+  options?: { ticketHeader?: boolean; origin?: string },
+) {
+  const response = await fetch(new URL(PtyPaths.connectToken.replace(":ptyID", id), listener.url), {
+    method: "POST",
+    headers: {
+      authorization: authorization(),
+      "x-opencode-directory": dir,
+      ...(options?.ticketHeader === false ? {} : { "x-opencode-ticket": "1" }),
+      ...(options?.origin ? { origin: options.origin } : {}),
+    },
+  })
+
+  return response
+}
+
+async function connectTicket(listener: Awaited<ReturnType<typeof startListener>>, id: string, dir: string) {
+  const response = await requestTicket(listener, id, dir)
+  expect(response.status).toBe(200)
+  return (await response.json()) as { ticket: string; expires_in: number }
+}
+
 async function createCat(listener: Awaited<ReturnType<typeof startListener>>, dir: string) {
  const response = await fetch(new URL(PtyPaths.create, listener.url), {
    method: "POST",
@@ -81,6 +115,28 @@ async function openSocket(url: URL) {
  return ws
 }

+async function expectSocketRejected(url: URL, init?: { headers?: Record<string, string> }) {
+  // Bun's WebSocket accepts an init object with headers; standard DOM types don't reflect that.
+  const Ctor = WebSocket as unknown as new (url: URL, init?: { headers?: Record<string, string> }) => WebSocket
+  const ws = new Ctor(url, init)
+  await withTimeout(
+    new Promise<void>((resolve, reject) => {
+      ws.addEventListener(
+        "open",
+        () => {
+          ws.close(1000)
+          reject(new Error("websocket opened"))
+        },
+        { once: true },
+      )
+      ws.addEventListener("error", () => resolve(), { once: true })
+      ws.addEventListener("close", () => resolve(), { once: true })
+    }),
+    5_000,
+    "timed out waiting for websocket rejection",
+  )
+}
+
 function stop(listener: Awaited<ReturnType<typeof startListener>>, label: string) {
  return withTimeout(listener.stop(true), 10_000, label)
 }
@@ -125,7 +181,9 @@ describe("HttpApi Server.listen", () => {
      )

      const info = await createCat(listener, tmp.path)
-      const ws = await openSocket(socketURL(listener, info.id, tmp.path))
+      const ticket = await connectTicket(listener, info.id, tmp.path)
+      expect(ticket.expires_in).toBeGreaterThan(0)
+      const ws = await openSocket(socketURL(listener, info.id, tmp.path, ticket.ticket))
      const closed = new Promise<void>((resolve) => ws.addEventListener("close", () => resolve(), { once: true }))

      const message = waitForMessage(ws, (message) => message.includes("ping-listen"))
@@ -140,7 +198,8 @@ describe("HttpApi Server.listen", () => {
      const restarted = await startListener()
      try {
        const nextInfo = await createCat(restarted, tmp.path)
-        const nextWs = await openSocket(socketURL(restarted, nextInfo.id, tmp.path))
+        const nextTicket = await connectTicket(restarted, nextInfo.id, tmp.path)
+        const nextWs = await openSocket(socketURL(restarted, nextInfo.id, tmp.path, nextTicket.ticket))
        const nextMessage = waitForMessage(nextWs, (message) => message.includes("ping-restarted"))
        nextWs.send("ping-restarted\n")
        expect(await nextMessage).toContain("ping-restarted")
@@ -152,4 +211,64 @@ describe("HttpApi Server.listen", () => {
      if (!stopped) await stop(listener, "timed out cleaning up listener").catch(() => undefined)
    }
  })
+
+  testPty("serves PTY websocket tickets through legacy Hono Server.listen", async () => {
+    await using tmp = await tmpdir({ git: true, config: { formatter: false, lsp: false } })
+    const listener = await startListener("hono")
+    try {
+      const info = await createCat(listener, tmp.path)
+      const ticket = await connectTicket(listener, info.id, tmp.path)
+      const ws = await openSocket(socketURL(listener, info.id, tmp.path, ticket.ticket))
+      const message = waitForMessage(ws, (message) => message.includes("ping-hono-ticket"))
+      ws.send("ping-hono-ticket\n")
+      expect(await message).toContain("ping-hono-ticket")
+      ws.close(1000)
+    } finally {
+      await stop(listener, "timed out cleaning up hono listener").catch(() => undefined)
+    }
+  })
+
+  testPty("rejects unsafe PTY ticket mint and connect requests", async () => {
+    await using tmp = await tmpdir({ git: true, config: { formatter: false, lsp: false } })
+    const listener = await startListener()
+    try {
+      const info = await createCat(listener, tmp.path)
+
+      expect((await requestTicket(listener, info.id, tmp.path, { ticketHeader: false })).status).toBe(403)
+      expect((await requestTicket(listener, info.id, tmp.path, { origin: "https://evil.example" })).status).toBe(403)
+
+      await expectSocketRejected(socketURL(listener, info.id, tmp.path, "not-a-ticket"))
+
+      const reusable = await connectTicket(listener, info.id, tmp.path)
+      const ws = await openSocket(socketURL(listener, info.id, tmp.path, reusable.ticket))
+      await expectSocketRejected(socketURL(listener, info.id, tmp.path, reusable.ticket))
+      ws.close(1000)
+
+      const other = await createCat(listener, tmp.path)
+      const scoped = await connectTicket(listener, info.id, tmp.path)
+      await expectSocketRejected(socketURL(listener, other.id, tmp.path, scoped.ticket))
+
+      const crossOrigin = await connectTicket(listener, info.id, tmp.path)
+      await expectSocketRejected(socketURL(listener, info.id, tmp.path, crossOrigin.ticket), {
+        headers: { origin: "https://evil.example" },
+      })
+    } finally {
+      await stop(listener, "timed out cleaning up rejected ticket listener").catch(() => undefined)
+    }
+  })
+
+  testPty("keeps PTY websocket tickets optional when server auth is disabled", async () => {
+    await using tmp = await tmpdir({ git: true, config: { formatter: false, lsp: false } })
+    const listener = await startNoAuthListener()
+    try {
+      const info = await createCat(listener, tmp.path)
+      const ws = await openSocket(socketURL(listener, info.id, tmp.path))
+      const message = waitForMessage(ws, (message) => message.includes("ping-no-auth"))
+      ws.send("ping-no-auth\n")
+      expect(await message).toContain("ping-no-auth")
+      ws.close(1000)
+    } finally {
+      await stop(listener, "timed out cleaning up no-auth listener").catch(() => undefined)
+    }
+  })
 })
--- a/packages/sdk/js/src/v2/gen/sdk.gen.ts
+++ b/packages/sdk/js/src/v2/gen/sdk.gen.ts
@@ -99,6 +99,8 @@ import type {
  ProviderOauthCallbackResponses,
  PtyConnectErrors,
  PtyConnectResponses,
+  PtyConnectTokenErrors,
+  PtyConnectTokenResponses,
  PtyCreateErrors,
  PtyCreateResponses,
  PtyGetErrors,
@@ -2345,6 +2347,38 @@ export class Pty extends HeyApiClient {
    })
  }

+  /**
+   * Create PTY WebSocket token
+   *
+   * Create a short-lived ticket for opening a PTY WebSocket connection.
+   */
+  public connectToken<ThrowOnError extends boolean = false>(
+    parameters: {
+      ptyID: string
+      directory?: string
+      workspace?: string
+    },
+    options?: Options<never, ThrowOnError>,
+  ) {
+    const params = buildClientParams(
+      [parameters],
+      [
+        {
+          args: [
+            { in: "path", key: "ptyID" },
+            { in: "query", key: "directory" },
+            { in: "query", key: "workspace" },
+          ],
+        },
+      ],
+    )
+    return (options?.client ?? this.client).post<PtyConnectTokenResponses, PtyConnectTokenErrors, ThrowOnError>({
+      url: "/pty/{ptyID}/connect-token",
+      ...options,
+      ...params,
+    })
+  }
+
  /**
   * Connect to PTY session
   *
--- a/packages/sdk/js/src/v2/gen/types.gen.ts
+++ b/packages/sdk/js/src/v2/gen/types.gen.ts
@@ -1563,6 +1563,10 @@ export type McpUnsupportedOAuthError = {
  error: string
 }

+export type EffectHttpApiErrorForbidden = {
+  _tag: "Forbidden"
+}
+
 export type ProviderAuthMethod = {
  type: "oauth" | "api"
  label: string
@@ -4671,6 +4675,43 @@ export type PtyUpdateResponses = {

 export type PtyUpdateResponse = PtyUpdateResponses[keyof PtyUpdateResponses]

+export type PtyConnectTokenData = {
+  body?: never
+  path: {
+    ptyID: string
+  }
+  query?: {
+    directory?: string
+    workspace?: string
+  }
+  url: "/pty/{ptyID}/connect-token"
+}
+
+export type PtyConnectTokenErrors = {
+  /**
+   * Forbidden
+   */
+  403: EffectHttpApiErrorForbidden
+  /**
+   * Not found
+   */
+  404: NotFoundError
+}
+
+export type PtyConnectTokenError = PtyConnectTokenErrors[keyof PtyConnectTokenErrors]
+
+export type PtyConnectTokenResponses = {
+  /**
+   * WebSocket connect token
+   */
+  200: {
+    ticket: string
+    expires_in: number
+  }
+}
+
+export type PtyConnectTokenResponse = PtyConnectTokenResponses[keyof PtyConnectTokenResponses]
+
 export type QuestionListData = {
  body?: never
  path?: never
@@ -6652,6 +6693,10 @@ export type PtyConnectData = {
 }

 export type PtyConnectErrors = {
+  /**
+   * Forbidden
+   */
+  403: EffectHttpApiErrorForbidden
  /**
   * Not found
   */
--- a/packages/sdk/openapi.json
+++ b/packages/sdk/openapi.json
@@ -3414,6 +3414,91 @@
        ]
      }
    },
+    "/pty/{ptyID}/connect-token": {
+      "post": {
+        "tags": ["pty"],
+        "operationId": "pty.connectToken",
+        "parameters": [
+          {
+            "name": "directory",
+            "in": "query",
+            "required": false,
+            "schema": {
+              "type": "string"
+            }
+          },
+          {
+            "name": "workspace",
+            "in": "query",
+            "required": false,
+            "schema": {
+              "type": "string"
+            }
+          },
+          {
+            "name": "ptyID",
+            "in": "path",
+            "schema": {
+              "type": "string",
+              "pattern": "^pty.*"
+            },
+            "required": true
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "WebSocket connect token",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "type": "object",
+                  "properties": {
+                    "ticket": {
+                      "type": "string"
+                    },
+                    "expires_in": {
+                      "type": "integer",
+                      "exclusiveMinimum": 0
+                    }
+                  },
+                  "required": ["ticket", "expires_in"],
+                  "additionalProperties": false,
+                  "description": "WebSocket connect token"
+                }
+              }
+            }
+          },
+          "403": {
+            "description": "Forbidden",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/effect_HttpApiError_Forbidden"
+                }
+              }
+            }
+          },
+          "404": {
+            "description": "Not found",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/NotFoundError"
+                }
+              }
+            }
+          }
+        },
+        "description": "Create a short-lived ticket for opening a PTY WebSocket connection.",
+        "summary": "Create PTY WebSocket token",
+        "x-codeSamples": [
+          {
+            "lang": "js",
+            "source": "import { createOpencodeClient } from \"@opencode-ai/sdk\n\nconst client = createOpencodeClient()\nawait client.pty.connectToken({\n  ...\n})"
+          }
+        ]
+      }
+    },
    "/question": {
      "get": {
        "tags": ["question"],
@@ -8327,6 +8412,16 @@
              }
            }
          },
+          "403": {
+            "description": "Forbidden",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/effect_HttpApiError_Forbidden"
+                }
+              }
+            }
+          },
          "404": {
            "description": "Not found",
            "content": {
@@ -12752,6 +12847,17 @@
        "required": ["error"],
        "additionalProperties": false
      },
+      "effect_HttpApiError_Forbidden": {
+        "type": "object",
+        "properties": {
+          "_tag": {
+            "type": "string",
+            "enum": ["Forbidden"]
+          }
+        },
+        "required": ["_tag"],
+        "additionalProperties": false
+      },
      "ProviderAuthMethod": {
        "type": "object",
        "properties": {
--- a/packages/ui/src/components/file-ssr.tsx
+++ b/packages/ui/src/components/file-ssr.tsx
@@ -1,4 +1,4 @@
-import { DIFFS_TAG_NAME, FileDiff, VirtualizedFileDiff } from "@pierre/diffs"
+import { DIFFS_TAG_NAME, FileDiff } from "@pierre/diffs"
 import { type PreloadFileDiffResult, type PreloadMultiFileDiffResult } from "@pierre/diffs/ssr"
 import { createEffect, onCleanup, onMount, Show, splitProps } from "solid-js"
 import { Dynamic, isServer } from "solid-js/web"
@@ -13,7 +13,6 @@ import {
  notifyShadowReady,
  observeViewerScheme,
 } from "../pierre/file-runtime"
-import { acquireVirtualizer, virtualMetrics } from "../pierre/virtualizer"
 import { File, type DiffFileProps, type FileProps } from "./file"

 type DiffPreload<T> = PreloadMultiFileDiffResult<T> | PreloadFileDiffResult<T>
@@ -26,7 +25,6 @@ function DiffSSRViewer<T>(props: SSRDiffFileProps<T>) {
  let container!: HTMLDivElement
  let fileDiffRef!: HTMLElement
  let fileDiffInstance: FileDiff<T> | undefined
-  let sharedVirtualizer: NonNullable<ReturnType<typeof acquireVirtualizer>> | undefined

  const ready = createReadyWatcher()
  const workerPool = useWorkerPool(props.diffStyle)
@@ -51,14 +49,6 @@ function DiffSSRViewer<T>(props: SSRDiffFileProps<T>) {

  const getRoot = () => fileDiffRef?.shadowRoot ?? undefined

-  const getVirtualizer = () => {
-    if (sharedVirtualizer) return sharedVirtualizer.virtualizer
-    const result = acquireVirtualizer(container)
-    if (!result) return
-    sharedVirtualizer = result
-    return result.virtualizer
-  }
-
  const setSelectedLines = (range: DiffFileProps<T>["selectedLines"], attempt = 0) => {
    const diff = fileDiffInstance
    if (!diff) return
@@ -92,27 +82,15 @@ function DiffSSRViewer<T>(props: SSRDiffFileProps<T>) {

    onCleanup(observeViewerScheme(() => fileDiffRef))

-    const virtualizer = getVirtualizer()
    const annotations = local.annotations ?? local.preloadedDiff.annotations ?? []
-    fileDiffInstance = virtualizer
-      ? new VirtualizedFileDiff<T>(
-          {
-            ...createDefaultOptions(props.diffStyle),
-            ...others,
-            ...local.preloadedDiff.options,
-          },
-          virtualizer,
-          virtualMetrics,
-          workerPool,
-        )
-      : new FileDiff<T>(
-          {
-            ...createDefaultOptions(props.diffStyle),
-            ...others,
-            ...local.preloadedDiff.options,
-          },
-          workerPool,
-        )
+    fileDiffInstance = new FileDiff<T>(
+      {
+        ...createDefaultOptions(props.diffStyle),
+        ...others,
+        ...(local.preloadedDiff.options ?? {}),
+      },
+      workerPool,
+    )

    applyViewerScheme(fileDiffRef)

@@ -163,8 +141,6 @@ function DiffSSRViewer<T>(props: SSRDiffFileProps<T>) {
  onCleanup(() => {
    clearReadyWatcher(ready)
    fileDiffInstance?.cleanUp()
-    sharedVirtualizer?.release()
-    sharedVirtualizer = undefined
  })

  return (
--- a/packages/ui/src/components/file.tsx
+++ b/packages/ui/src/components/file.tsx
@@ -1,6 +1,5 @@
 import { sampledChecksum } from "@opencode-ai/core/util/encode"
 import {
-  DEFAULT_VIRTUAL_FILE_METRICS,
  type DiffLineAnnotation,
  type FileContents,
  type FileDiffMetadata,
@@ -10,10 +9,6 @@ import {
  type FileOptions,
  type LineAnnotation,
  type SelectedLineRange,
-  type VirtualFileMetrics,
-  VirtualizedFile,
-  VirtualizedFileDiff,
-  Virtualizer,
 } from "@pierre/diffs"
 import { type PreloadFileDiffResult, type PreloadMultiFileDiffResult } from "@pierre/diffs/ssr"
 import { createMediaQuery } from "@solid-primitives/media"
@@ -40,19 +35,10 @@ import {
  readShadowLineSelection,
 } from "../pierre/file-selection"
 import { createLineNumberSelectionBridge, restoreShadowTextSelection } from "../pierre/selection-bridge"
-import { acquireVirtualizer, virtualMetrics } from "../pierre/virtualizer"
 import { getWorkerPool } from "../pierre/worker"
 import { FileMedia, type FileMediaOptions } from "./file-media"
 import { FileSearchBar } from "./file-search"

-const VIRTUALIZE_BYTES = 500_000
-
-const codeMetrics = {
-  ...DEFAULT_VIRTUAL_FILE_METRICS,
-  lineHeight: 24,
-  fileGap: 0,
-} satisfies Partial<VirtualFileMetrics>
-
 type SharedProps<T> = {
  annotations?: LineAnnotation<T>[] | DiffLineAnnotation<T>[]
  selectedLines?: SelectedLineRange | null
@@ -386,11 +372,6 @@ type AnnotationTarget<A> = {
  rerender: () => void
 }

-type VirtualStrategy = {
-  get: () => Virtualizer | undefined
-  cleanup: () => void
-}
-
 function useModeViewer(config: ModeConfig, adapter: ModeAdapter) {
  return useFileViewer({
    enableLineSelection: config.enableLineSelection,
@@ -532,64 +513,6 @@ function scrollParent(el: HTMLElement): HTMLElement | undefined {
  }
 }

-function createLocalVirtualStrategy(host: () => HTMLDivElement | undefined, enabled: () => boolean): VirtualStrategy {
-  let virtualizer: Virtualizer | undefined
-  let root: Document | HTMLElement | undefined
-
-  const release = () => {
-    virtualizer?.cleanUp()
-    virtualizer = undefined
-    root = undefined
-  }
-
-  return {
-    get: () => {
-      if (!enabled()) {
-        release()
-        return
-      }
-      if (typeof document === "undefined") return
-
-      const wrapper = host()
-      if (!wrapper) return
-
-      const next = scrollParent(wrapper) ?? document
-      if (virtualizer && root === next) return virtualizer
-
-      release()
-      virtualizer = new Virtualizer()
-      root = next
-      virtualizer.setup(next, next instanceof Document ? undefined : wrapper)
-      return virtualizer
-    },
-    cleanup: release,
-  }
-}
-
-function createSharedVirtualStrategy(host: () => HTMLDivElement | undefined): VirtualStrategy {
-  let shared: NonNullable<ReturnType<typeof acquireVirtualizer>> | undefined
-
-  const release = () => {
-    shared?.release()
-    shared = undefined
-  }
-
-  return {
-    get: () => {
-      if (shared) return shared.virtualizer
-
-      const container = host()
-      if (!container) return
-
-      const result = acquireVirtualizer(container)
-      if (!result) return
-      shared = result
-      return result.virtualizer
-    },
-    cleanup: release,
-  }
-}
-
 function parseLine(node: HTMLElement) {
  if (!node.dataset.line) return
  const value = parseInt(node.dataset.line, 10)
@@ -688,7 +611,7 @@ function ViewerShell(props: {
 // ---------------------------------------------------------------------------

 function TextViewer<T>(props: TextFileProps<T>) {
-  let instance: PierreFile<T> | VirtualizedFile<T> | undefined
+  let instance: PierreFile<T> | undefined
  let viewer!: Viewer

  const [local, others] = splitProps(props, textKeys)
@@ -708,36 +631,12 @@ function TextViewer<T>(props: TextFileProps<T>) {
    return Math.max(1, total)
  }

-  const bytes = createMemo(() => {
-    const value = local.file.contents as unknown
-    if (typeof value === "string") return value.length
-    if (Array.isArray(value)) {
-      return value.reduce(
-        // oxlint-disable-next-line no-base-to-string -- array parts coerced intentionally
-        (sum, part) => sum + (typeof part === "string" ? part.length + 1 : String(part).length + 1),
-        0,
-      )
-    }
-    if (value == null) return 0
-    // oxlint-disable-next-line no-base-to-string -- file contents cast to unknown, coercion is intentional
-    return String(value).length
-  })
-
-  const virtual = createMemo(() => bytes() > VIRTUALIZE_BYTES)
-
-  const virtuals = createLocalVirtualStrategy(() => viewer.wrapper, virtual)
-
  const lineFromMouseEvent = (event: MouseEvent): MouseHit => mouseHit(event, parseLine)

  const applySelection = (range: SelectedLineRange | null) => {
    const current = instance
    if (!current) return false

-    if (virtual()) {
-      current.setSelectedLines(range)
-      return true
-    }
-
    const root = viewer.getRoot()
    if (!root) return false

@@ -836,10 +735,7 @@ function TextViewer<T>(props: TextFileProps<T>) {
  const notify = () => {
    notifyRendered({
      viewer,
-      isReady: (root) => {
-        if (virtual()) return root.querySelector("[data-line]") != null
-        return root.querySelectorAll("[data-line]").length >= lineCount()
-      },
+      isReady: (root) => root.querySelectorAll("[data-line]").length >= lineCount(),
      onReady: () => {
        applySelection(viewer.lastSelection)
        viewer.find.refresh({ reset: true })
@@ -858,17 +754,11 @@ function TextViewer<T>(props: TextFileProps<T>) {
  createEffect(() => {
    const opts = options()
    const workerPool = getWorkerPool("unified")
-    const isVirtual = virtual()
-
-    const virtualizer = virtuals.get()

    renderViewer({
      viewer,
      current: instance,
-      create: () =>
-        isVirtual && virtualizer
-          ? new VirtualizedFile<T>(opts, virtualizer, codeMetrics, workerPool)
-          : new PierreFile<T>(opts, workerPool),
+      create: () => new PierreFile<T>(opts, workerPool),
      assign: (value) => {
        instance = value
      },
@@ -895,7 +785,6 @@ function TextViewer<T>(props: TextFileProps<T>) {
  onCleanup(() => {
    instance?.cleanUp()
    instance = undefined
-    virtuals.cleanup()
  })

  return <ViewerShell mode="text" viewer={viewer} class={local.class} classList={local.classList} />
@@ -991,8 +880,6 @@ function DiffViewer<T>(props: DiffFileProps<T>) {
    adapter,
  )

-  const virtuals = createSharedVirtualStrategy(() => viewer.container)
-
  const large = createMemo(() => {
    if (local.fileDiff) {
      const before = local.fileDiff.deletionLines.join("")
@@ -1055,7 +942,6 @@ function DiffViewer<T>(props: DiffFileProps<T>) {
  createEffect(() => {
    const opts = options()
    const workerPool = large() ? getWorkerPool("unified") : getWorkerPool(props.diffStyle)
-    const virtualizer = virtuals.get()
    const beforeContents = typeof local.before?.contents === "string" ? local.before.contents : ""
    const afterContents = typeof local.after?.contents === "string" ? local.after.contents : ""
    const done = preserve(viewer)
@@ -1070,10 +956,7 @@ function DiffViewer<T>(props: DiffFileProps<T>) {
    renderViewer({
      viewer,
      current: instance,
-      create: () =>
-        virtualizer
-          ? new VirtualizedFileDiff<T>(opts, virtualizer, virtualMetrics, workerPool)
-          : new FileDiff<T>(opts, workerPool),
+      create: () => new FileDiff<T>(opts, workerPool),
      assign: (value) => {
        instance = value
      },
@@ -1111,7 +994,6 @@ function DiffViewer<T>(props: DiffFileProps<T>) {
  onCleanup(() => {
    instance?.cleanUp()
    instance = undefined
-    virtuals.cleanup()
    dragSide = undefined
    dragEndSide = undefined
  })
--- a/packages/ui/src/components/session-review.tsx
+++ b/packages/ui/src/components/session-review.tsx
@@ -26,7 +26,6 @@ import type { LineCommentEditorProps } from "./line-comment"
 import { normalize, text, type ViewDiff } from "./session-diff"

 const MAX_DIFF_CHANGED_LINES = 500
-const REVIEW_MOUNT_MARGIN = 300

 export type SessionReviewDiffStyle = "unified" | "split"

@@ -159,14 +158,11 @@ type SessionReviewSelection = {
 export const SessionReview = (props: SessionReviewProps) => {
  let scroll: HTMLDivElement | undefined
  let focusToken = 0
-  let frame: number | undefined
  const i18n = useI18n()
  const fileComponent = useFileComponent()
  const anchors = new Map<string, HTMLElement>()
-  const nodes = new Map<string, HTMLDivElement>()
  const [store, setStore] = createStore({
    open: [] as string[],
-    visible: {} as Record<string, boolean>,
    force: {} as Record<string, boolean>,
    selection: null as SessionReviewSelection | null,
    commenting: null as SessionReviewSelection | null,
@@ -196,44 +192,7 @@ export const SessionReview = (props: SessionReviewProps) => {
  const diffStyle = () => props.diffStyle ?? (props.split ? "split" : "unified")
  const hasDiffs = () => files().length > 0

-  const syncVisible = () => {
-    frame = undefined
-    if (!scroll) return
-
-    const root = scroll.getBoundingClientRect()
-    const top = root.top - REVIEW_MOUNT_MARGIN
-    const bottom = root.bottom + REVIEW_MOUNT_MARGIN
-    const openSet = new Set(open())
-    const next: Record<string, boolean> = {}
-
-    for (const [file, el] of nodes) {
-      if (!openSet.has(file)) continue
-      const rect = el.getBoundingClientRect()
-      if (rect.bottom < top || rect.top > bottom) continue
-      next[file] = true
-    }
-
-    const prev = untrack(() => store.visible)
-    const prevKeys = Object.keys(prev)
-    const nextKeys = Object.keys(next)
-    if (prevKeys.length === nextKeys.length && nextKeys.every((file) => prev[file])) return
-    setStore("visible", next)
-  }
-
-  const queue = () => {
-    if (frame !== undefined) return
-    frame = requestAnimationFrame(syncVisible)
-  }
-
-  const pinned = (file: string) =>
-    props.focusedComment?.file === file ||
-    props.focusedFile === file ||
-    selection()?.file === file ||
-    commenting()?.file === file ||
-    opened()?.file === file
-
  const handleScroll: JSX.EventHandler<HTMLDivElement, Event> = (event) => {
-    queue()
    const next = props.onScroll
    if (!next) return
    if (Array.isArray(next)) {
@@ -244,21 +203,9 @@ export const SessionReview = (props: SessionReviewProps) => {
    ;(next as JSX.EventHandler<HTMLDivElement, Event>)(event)
  }

-  onCleanup(() => {
-    if (frame === undefined) return
-    cancelAnimationFrame(frame)
-  })
-
-  createEffect(() => {
-    props.open
-    files()
-    queue()
-  })
-
  const handleChange = (next: string[]) => {
    props.onOpenChange?.(next)
    if (props.open === undefined) setStore("open", next)
-    queue()
  }

  const handleExpandOrCollapseAll = () => {
@@ -372,7 +319,6 @@ export const SessionReview = (props: SessionReviewProps) => {
        viewportRef={(el) => {
          scroll = el
          props.scrollRef?.(el)
-          queue()
        }}
        onScroll={handleScroll}
        classList={{
@@ -391,7 +337,6 @@ export const SessionReview = (props: SessionReviewProps) => {
                    const diffCanRender = () => diff.additions !== 0 || diff.deletions !== 0

                    const expanded = createMemo(() => open().includes(file))
-                    const mounted = createMemo(() => expanded() && (!!store.visible[file] || pinned(file)))
                    const force = () => !!store.force[file]

                    const comments = createMemo(() => grouped().get(file) ?? [])
@@ -482,8 +427,6 @@ export const SessionReview = (props: SessionReviewProps) => {

                    onCleanup(() => {
                      anchors.delete(file)
-                      nodes.delete(file)
-                      queue()
                    })

                    const handleLineSelected = (range: SelectedLineRange | null) => {
@@ -569,19 +512,10 @@ export const SessionReview = (props: SessionReviewProps) => {
                            data-slot="session-review-diff-wrapper"
                            ref={(el) => {
                              anchors.set(file, el)
-                              nodes.set(file, el)
-                              queue()
                            }}
                          >
                            <Show when={expanded()}>
                              <Switch>
-                                <Match when={!mounted() && !tooLarge()}>
-                                  <div
-                                    data-slot="session-review-diff-placeholder"
-                                    class="rounded-lg border border-border-weak-base bg-background-stronger/40"
-                                    style={{ height: "160px" }}
-                                  />
-                                </Match>
                                <Match when={tooLarge()}>
                                  <div data-slot="session-review-large-diff">
                                    <div data-slot="session-review-large-diff-title">
--- a/packages/ui/src/pierre/virtualizer.ts
+++ b/packages/ui/src/pierre/virtualizer.ts
@@ -1,100 +0,0 @@
-import { type VirtualFileMetrics, Virtualizer } from "@pierre/diffs"
-
-type Target = {
-  key: Document | HTMLElement
-  root: Document | HTMLElement
-  content: HTMLElement | undefined
-}
-
-type Entry = {
-  virtualizer: Virtualizer
-  refs: number
-}
-
-const cache = new WeakMap<Document | HTMLElement, Entry>()
-
-export const virtualMetrics: Partial<VirtualFileMetrics> = {
-  lineHeight: 24,
-  hunkSeparatorHeight: 24,
-  fileGap: 0,
-}
-
-function scrollable(value: string) {
-  return value === "auto" || value === "scroll" || value === "overlay"
-}
-
-function scrollRoot(container: HTMLElement) {
-  let node = container.parentElement
-  while (node) {
-    const style = getComputedStyle(node)
-    if (scrollable(style.overflowY)) return node
-    node = node.parentElement
-  }
-}
-
-function target(container: HTMLElement): Target | undefined {
-  if (typeof document === "undefined") return
-
-  const review = container.closest("[data-component='session-review']")
-  if (review instanceof HTMLElement) {
-    const root = scrollRoot(container) ?? review
-    const content = review.querySelector("[data-slot='session-review-container']")
-    return {
-      key: review,
-      root,
-      content: content instanceof HTMLElement ? content : undefined,
-    }
-  }
-
-  const root = scrollRoot(container)
-  if (root) {
-    const content = root.querySelector("[role='log']")
-    return {
-      key: root,
-      root,
-      content: content instanceof HTMLElement ? content : undefined,
-    }
-  }
-
-  return {
-    key: document,
-    root: document,
-    content: undefined,
-  }
-}
-
-export function acquireVirtualizer(container: HTMLElement) {
-  const resolved = target(container)
-  if (!resolved) return
-
-  let entry = cache.get(resolved.key)
-  if (!entry) {
-    const virtualizer = new Virtualizer()
-    virtualizer.setup(resolved.root, resolved.content)
-    entry = {
-      virtualizer,
-      refs: 0,
-    }
-    cache.set(resolved.key, entry)
-  }
-
-  entry.refs += 1
-  let done = false
-
-  return {
-    virtualizer: entry.virtualizer,
-    release() {
-      if (done) return
-      done = true
-
-      const current = cache.get(resolved.key)
-      if (!current) return
-
-      current.refs -= 1
-      if (current.refs > 0) return
-
-      current.virtualizer.cleanUp()
-      cache.delete(resolved.key)
-    },
-  }
-}
Author	SHA1	Message	Date
opencode-agent[bot]	4b957f6fa3	Apply PR #24229 : fix: lazy session error schema	2026-05-04 07:25:31 +00:00
opencode-agent[bot]	10593a0f2d	Apply PR #22753 : core: move plugin intialisation to config layer override	2026-05-04 07:25:30 +00:00
opencode-agent[bot]	c03723357c	Apply PR #21537 : fix(app): remove pierre diff virtualization	2026-05-04 07:22:59 +00:00
opencode-agent[bot]	f4ff6df275	Apply PR #12633 : feat(tui): add auto-accept mode for permission requests	2026-05-04 07:21:59 +00:00
opencode-agent[bot]	7bb0271d99	Apply PR #11710 : feat: Add the ability to include cleared prompts in the history, toggled by a KV-persisted command palette item (resolves #11489 )	2026-05-04 07:17:31 +00:00
opencode-agent[bot]	9f708e748a	chore: generate	2026-05-04 02:57:18 +00:00
Kit Langton	7bc26dafae	feat(server): pty websocket auth tickets (#25660 )	2026-05-03 22:56:14 -04:00
Utkub24	ce89bcb8e2	fix: allow Codex Spark with Codex OAuth (#25640 )	2026-05-03 17:58:16 -05:00
Kit Langton	c2b1974ddd	Effectify plugin agent regression test (#25646 )	2026-05-03 22:07:10 +00:00
Kit Langton	ca6150d6f0	fix(app): preserve auth token credentials (#25636 )	2026-05-03 21:13:42 +00:00
Kit Langton	825ab2e38d	refactor(cli): effectify provider commands (#25633 )	2026-05-03 16:41:10 -04:00
Brendan Allan	9b85d2cbb4	Merge branch 'dev' into brendan/lazy-init-plugins	2026-05-01 11:48:58 +08:00
Brendan Allan	4a86c2b77a	Merge branch 'dev' into brendan/lazy-init-plugins	2026-05-01 11:47:50 +08:00
LukeParkerDev	d704110e52	fix: lazy session error schema	2026-04-25 10:04:49 +10:00
Ariane Emory	09e4e5a184	Merge branch 'dev' into feat/canceled-prompts-in-history	2026-04-23 21:55:13 -04:00
Brendan Allan	e041605b40	Merge branch 'dev' into brendan/lazy-init-plugins	2026-04-21 12:33:02 +08:00
LukeParkerDev	f280e7e69c	fix: defer MessageV2.Assistant.shape access to break circular dep in compiled binary	2026-04-20 16:08:42 +10:00
Brendan Allan	b265742fd0	Merge branch 'dev' into brendan/lazy-init-plugins	2026-04-19 21:15:45 +08:00
Brendan Allan	b1db69fdf7	fix other commands	2026-04-17 17:03:53 +08:00
Brendan Allan	031766efa0	fix tui	2026-04-17 15:44:01 +08:00
Brendan Allan	dc6d39551c	address feedback	2026-04-17 15:44:01 +08:00
Brendan Allan	e287569f82	rename layer	2026-04-17 15:44:01 +08:00
Brendan Allan	14eacb4019	core: move plugin intialisation to config layer override	2026-04-17 15:44:01 +08:00
Ariane Emory	731c1e58f2	Merge branch 'dev' into feat/canceled-prompts-in-history	2026-04-16 20:22:02 -04:00
Ariane Emory	c411d37484	Merge branch 'dev' into feat/canceled-prompts-in-history	2026-04-12 04:22:06 -04:00
Adam	cb29742b57	fix(app): remove pierre diff virtualization	2026-04-08 13:16:45 -05:00
Ariane Emory	97a94571a4	Merge branch 'dev' into feat/canceled-prompts-in-history	2026-04-03 09:19:12 -04:00
Ariane Emory	6652585a7f	Merge branch 'dev' into feat/canceled-prompts-in-history	2026-03-24 11:17:40 -04:00
Ariane Emory	532b64c0d5	Merge branch 'dev' into feat/canceled-prompts-in-history	2026-03-24 07:43:03 -04:00
Ariane Emory	eec4c775a7	Merge branch 'dev' into feat/canceled-prompts-in-history	2026-03-23 21:10:21 -04:00
Ariane Emory	01e350449c	Merge branch 'dev' into feat/canceled-prompts-in-history	2026-03-20 19:12:18 -04:00
Dax	5792a80a8c	Merge branch 'dev' into feat/auto-accept-permissions	2026-03-20 10:46:31 -04:00
Dax Raad	db039db7f5	regen js sdk	2026-03-20 10:21:10 -04:00
Dax Raad	c1a3936b61	Merge remote-tracking branch 'origin/dev' into feat/auto-accept-permissions # Conflicts: # packages/sdk/js/src/v2/gen/types.gen.ts	2026-03-20 10:20:26 -04:00
Ariane Emory	a9d9e4d9c4	Merge branch 'dev' into feat/canceled-prompts-in-history	2026-03-20 03:35:16 -04:00
Ariane Emory	2531b2d3a9	Merge branch 'dev' into feat/canceled-prompts-in-history	2026-03-13 11:47:39 -04:00
Ariane Emory	a718f86e0f	Merge branch 'dev' into feat/canceled-prompts-in-history	2026-03-08 19:28:41 -04:00
Ariane Emory	f3efdff861	Merge branch 'dev' into feat/canceled-prompts-in-history	2026-03-08 08:36:02 -04:00
Ariane Emory	955d8591df	Merge branch 'dev' into feat/canceled-prompts-in-history	2026-03-05 18:24:19 -05:00
Ariane Emory	33b3388bf4	Merge branch 'dev' into feat/canceled-prompts-in-history	2026-02-26 17:50:11 -05:00
Ariane Emory	716f40b128	Merge branch 'dev' into feat/canceled-prompts-in-history	2026-02-26 01:36:39 -05:00
Ariane Emory	0b06ff1407	Merge branch 'dev' into feat/canceled-prompts-in-history	2026-02-20 21:24:12 -05:00
Ariane Emory	01ff5b5390	Merge branch 'dev' into feat/canceled-prompts-in-history # Conflicts: # packages/opencode/src/cli/cmd/tui/component/prompt/history.tsx	2026-02-20 02:16:02 -05:00
Ariane Emory	3d1b121e70	Merge branch 'dev' into feat/canceled-prompts-in-history	2026-02-19 19:18:48 -05:00
Ariane Emory	b70629af27	Merge branch 'dev' into feat/canceled-prompts-in-history	2026-02-18 19:10:26 -05:00
Ariane Emory	b7b016fa28	Merge branch 'dev' into feat/canceled-prompts-in-history	2026-02-17 00:09:51 -05:00
Ariane Emory	5ba2d7e5f0	Merge branch 'dev' into feat/canceled-prompts-in-history	2026-02-15 12:27:51 -05:00
Ariane Emory	459b22b83d	Merge branch 'dev' into feat/canceled-prompts-in-history	2026-02-14 19:21:47 -05:00
Ariane Emory	377812b98a	Merge dev into feat/canceled-prompts-in-history	2026-02-14 06:28:48 -05:00
Ariane Emory	5cc0901e38	Merge branch 'dev' into feat/canceled-prompts-in-history	2026-02-13 09:37:11 -05:00
Ariane Emory	7fb6b589d1	Merge branch 'dev' into feat/canceled-prompts-in-history	2026-02-12 18:29:23 -05:00
Ariane Emory	3f37b43e7d	Merge branch 'dev' into feat/canceled-prompts-in-history	2026-02-11 12:46:47 -05:00
Ariane Emory	8805dfc849	fix: deduplicate prompt history entries Avoid adding duplicate entries to prompt history when the same input is appended multiple times (e.g., clearing with ctrl+c then restoring via history navigation and clearing again).	2026-02-10 22:21:39 -05:00
Ariane Emory	ac5a5d8b16	Merge branch 'feat/canceled-prompts-in-history' of github.com:ariane-emory/opencode into feat/canceled-prompts-in-history	2026-02-10 16:37:55 -05:00
Ariane Emory	eaf94ed047	Merge branch 'dev' into feat/canceled-prompts-in-history	2026-02-10 16:29:05 -05:00
Ariane Emory	b8031c5ae8	Merge branch 'dev' into feat/canceled-prompts-in-history	2026-02-10 16:10:35 -05:00
Dax Raad	a531f3f36d	core: run command build agent now auto-accepts file edits to reduce workflow interruptions while still requiring confirmation for bash commands	2026-02-07 20:00:09 -05:00
Dax Raad	bb3382311d	tui: standardize autoedit indicator text styling to match other status labels	2026-02-07 19:57:45 -05:00
Dax Raad	ad545d0cc9	tui: allow auto-accepting only edit permissions instead of all permissions	2026-02-07 19:52:53 -05:00
Dax Raad	ac244b1458	tui: add searchable 'toggle' keywords to command palette and show current state in toggle titles	2026-02-07 17:03:34 -05:00
Dax Raad	f202536b65	tui: show enable/disable state in permission toggle and make it searchable by 'toggle permissions'	2026-02-07 16:57:48 -05:00
Dax Raad	405cc3f610	tui: streamline permission toggle command naming and add keyboard shortcut support Rename 'Toggle autoaccept permissions' to 'Toggle permissions' for clarity and move the command to the Agent category for better discoverability. Add permission_auto_accept_toggle keybind to enable keyboard shortcut toggling of auto-accept mode for permission requests.	2026-02-07 16:51:55 -05:00
Dax Raad	878c1b8c2d	feat(tui): add auto-accept mode for permission requests Add a toggleable auto-accept mode that automatically accepts all incoming permission requests with a 'once' reply. This is useful for users who want to streamline their workflow when they trust the agent's actions. Changes: - Add permission_auto_accept keybind (default: shift+tab) to config - Remove default for agent_cycle_reverse (was shift+tab) - Add auto-accept logic in sync.tsx to auto-reply when enabled - Add command bar action to toggle auto-accept mode (copy: "Toggle autoaccept permissions") - Add visual indicator showing 'auto-accept' when active - Store auto-accept state in KV for persistence across sessions	2026-02-07 16:44:39 -05:00
Ariane Emory	d5dcadc000	Merge branch 'dev' into feat/canceled-prompts-in-history	2026-02-07 13:34:42 -05:00
Ariane Emory	0c154e6a2f	Merge branch 'dev' into feat/canceled-prompts-in-history	2026-02-06 15:59:50 -05:00
Ariane Emory	4f96975148	Merge branch 'dev' into feat/canceled-prompts-in-history	2026-02-05 18:17:01 -05:00
Ariane Emory	eaba99711b	Merge branch 'dev' into feat/canceled-prompts-in-history	2026-02-04 19:33:59 -05:00
Ariane Emory	f762125775	Merge branch 'dev' into feat/canceled-prompts-in-history	2026-02-03 18:36:44 -05:00
Ariane Emory	ded6bb6513	Merge branch 'dev' into feat/canceled-prompts-in-history	2026-02-02 21:23:28 -05:00
Ariane Emory	39332f5be6	Merge branch 'dev' into feat/canceled-prompts-in-history	2026-02-01 22:33:29 -05:00
Ariane Emory	2c6ff35400	feat: add toggle to control whether cleared prompts are saved to history Adds a toggle command in the System category that allows users to enable or disable saving cleared prompts to history. The feature is disabled by default to preserve existing behavior. When enabled via the command palette ("Include cleared prompts in history"), pressing Ctrl+C will save the current prompt to history before clearing it, allowing users to navigate back with arrow keys. The setting persists in kv.json.	2026-02-01 21:12:48 -05:00
Ariane Emory	738d6c8899	feat: save prompt to history when cleared with Ctrl+C When users press Ctrl+C to clear the input field, the current prompt is now saved to history before clearing. This allows users to navigate back to cleared prompts using arrow keys, preventing loss of work. Addresses #11489	2026-02-01 21:01:15 -05:00