feat: unwrap question namespace to flat exports + barrel

bun.lock

@@ -358,7 +358,6 @@
         "@opencode-ai/plugin": "workspace:*",
         "@opencode-ai/script": "workspace:*",
         "@opencode-ai/sdk": "workspace:*",
-        "@opencode-ai/server": "workspace:*",
         "@openrouter/ai-sdk-provider": "2.5.1",
         "@opentelemetry/api": "1.9.0",
         "@opentelemetry/context-async-hooks": "2.6.1",
@@ -506,17 +505,6 @@
         "typescript": "catalog:",
       },
     },
-    "packages/server": {
-      "name": "@opencode-ai/server",
-      "version": "1.4.6",
-      "dependencies": {
-        "effect": "catalog:",
-      },
-      "devDependencies": {
-        "@typescript/native-preview": "catalog:",
-        "typescript": "catalog:",
-      },
-    },
     "packages/shared": {
       "name": "@opencode-ai/shared",
       "version": "1.4.6",
@@ -1568,8 +1556,6 @@
 
     "@opencode-ai/sdk": ["@opencode-ai/sdk@workspace:packages/sdk/js"],
 
-    "@opencode-ai/server": ["@opencode-ai/server@workspace:packages/server"],
-
     "@opencode-ai/shared": ["@opencode-ai/shared@workspace:packages/shared"],
 
     "@opencode-ai/slack": ["@opencode-ai/slack@workspace:packages/slack"],

infra/enterprise.ts

@@ -3,7 +3,7 @@ import { shortDomain } from "./stage"
 
 const storage = new sst.cloudflare.Bucket("EnterpriseStorage")
 
-const teams = new sst.cloudflare.x.SolidStart("Teams", {
+new sst.cloudflare.x.SolidStart("Teams", {
   domain: shortDomain,
   path: "packages/enterprise",
   buildCommand: "bun run build:cloudflare",

packages/app/src/addons/serialize.test.ts

@@ -180,8 +180,8 @@ describe("SerializeAddon", () => {
       await writeAndWait(term, input)
 
       const origLine = term.buffer.active.getLine(0)
-      const origFg = origLine!.getCell(0)!.getFgColor()
-      const origBg = origLine!.getCell(0)!.getBgColor()
+      const _origFg = origLine!.getCell(0)!.getFgColor()
+      const _origBg = origLine!.getCell(0)!.getBgColor()
       expect(origLine!.getCell(0)!.isBold()).toBe(1)
 
       const serialized = addon.serialize({ range: { start: 0, end: 0 } })

packages/app/src/app.tsx

@@ -10,7 +10,7 @@ import { ThemeProvider } from "@opencode-ai/ui/theme/context"
 import { MetaProvider } from "@solidjs/meta"
 import { type BaseRouterProps, Navigate, Route, Router } from "@solidjs/router"
 import { QueryClient, QueryClientProvider } from "@tanstack/solid-query"
-import { type Duration, Effect } from "effect"
+import { Effect } from "effect"
 import {
   type Component,
   createMemo,
@@ -156,11 +156,6 @@ export function AppBaseProviders(props: ParentProps<{ locale?: Locale }>) {
   )
 }
 
-const effectMinDuration =
-  (duration: Duration.Input) =>
-  <A, E, R>(e: Effect.Effect<A, E, R>) =>
-    Effect.all([e, Effect.sleep(duration)], { concurrency: "unbounded" }).pipe(Effect.map((v) => v[0]))
-
 function ConnectionGate(props: ParentProps<{ disableHealthCheck?: boolean }>) {
   const server = useServer()
   const checkServerHealth = useCheckServerHealth()

packages/app/src/context/global-sync/bootstrap.ts

@@ -65,22 +65,6 @@ function runAll(list: Array<() => Promise<unknown>>) {
   return Promise.allSettled(list.map((item) => item()))
 }
 
-function showErrors(input: {
-  errors: unknown[]
-  title: string
-  translate: (key: string, vars?: Record<string, string | number>) => string
-  formatMoreCount: (count: number) => string
-}) {
-  if (input.errors.length === 0) return
-  const message = formatServerError(input.errors[0], input.translate)
-  const more = input.errors.length > 1 ? input.formatMoreCount(input.errors.length - 1) : ""
-  showToast({
-    variant: "error",
-    title: input.title,
-    description: message + more,
-  })
-}
-
 export async function bootstrapGlobal(input: {
   globalSDK: OpencodeClient
   requestFailedTitle: string

packages/app/src/pages/session.tsx

@@ -433,7 +433,6 @@ export default function Page() {
   const isChildSession = createMemo(() => !!info()?.parentID)
   const diffs = createMemo(() => (params.id ? list(sync.data.session_diff[params.id]) : []))
   const sessionCount = createMemo(() => Math.max(info()?.summary?.files ?? 0, diffs().length))
-  const hasSessionReview = createMemo(() => sessionCount() > 0)
   const canReview = createMemo(() => !!sync.project)
   const reviewTab = createMemo(() => isDesktop())
   const tabState = createSessionTabs({
@@ -443,8 +442,6 @@ export default function Page() {
     review: reviewTab,
     hasReview: canReview,
   })
-  const contextOpen = tabState.contextOpen
-  const openedTabs = tabState.openedTabs
   const activeTab = tabState.activeTab
   const activeFileTab = tabState.activeFileTab
   const revertMessageID = createMemo(() => info()?.revert?.messageID)

packages/app/src/pages/session/file-tabs.tsx

@@ -378,12 +378,6 @@ export function FileTabContent(props: { tab: string }) {
     requestAnimationFrame(() => comments.clearFocus())
   })
 
-  const cancelCommenting = () => {
-    const p = path()
-    if (p) file.setSelectedLines(p, null)
-    setNote("commenting", null)
-  }
-
   let prev = {
     loaded: false,
     ready: false,

packages/console/app/script/generate-sitemap.ts

@@ -8,7 +8,6 @@ import { LOCALES, route } from "../src/lib/language.js"
 const __dirname = dirname(fileURLToPath(import.meta.url))
 const BASE_URL = config.baseUrl
 const PUBLIC_DIR = join(__dirname, "../public")
-const ROUTES_DIR = join(__dirname, "../src/routes")
 const DOCS_DIR = join(__dirname, "../../../web/src/content/docs")
 
 interface SitemapEntry {

packages/console/app/src/component/icon.tsx

@@ -1,6 +1,6 @@
 import { JSX } from "solid-js"
 
-export function IconZen(props: JSX.SvgSVGAttributes<SVGSVGElement>) {
+export function IconZen(_props: JSX.SvgSVGAttributes<SVGSVGElement>) {
   return (
     <svg width="84" height="30" viewBox="0 0 84 30" fill="none" xmlns="http://www.w3.org/2000/svg">
       <path d="M24 24H6V18H18V12H24V24ZM6 18H0V12H6V18Z" fill="currentColor" fill-opacity="0.2" />
@@ -13,7 +13,7 @@ export function IconZen(props: JSX.SvgSVGAttributes<SVGSVGElement>) {
   )
 }
 
-export function IconGo(props: JSX.SvgSVGAttributes<SVGSVGElement>) {
+export function IconGo(_props: JSX.SvgSVGAttributes<SVGSVGElement>) {
   return (
     <svg width="54" height="30" viewBox="0 0 54 30" fill="none" xmlns="http://www.w3.org/2000/svg">
       <path d="M24 30H0V0H24V6H6V24H18V18H12V12H24V30Z" fill="currentColor" />

packages/console/app/src/routes/auth/status.ts

@@ -1,7 +1,7 @@
 import { APIEvent } from "@solidjs/start"
 import { useAuthSession } from "~/context/auth"
 
-export async function GET(input: APIEvent) {
+export async function GET(_input: APIEvent) {
   const session = await useAuthSession()
   return Response.json(session.data)
 }

packages/console/app/src/routes/debug/index.ts

@@ -3,7 +3,7 @@ import { json } from "@solidjs/router"
 import { Database } from "@opencode-ai/console-core/drizzle/index.js"
 import { UserTable } from "@opencode-ai/console-core/schema/user.sql.js"
 
-export async function GET(evt: APIEvent) {
+export async function GET(_evt: APIEvent) {
   return json({
     data: await Database.use(async (tx) => {
       const result = await tx.$count(UserTable)

packages/console/app/src/routes/index.tsx

@@ -31,8 +31,6 @@ export default function Home() {
   const i18n = useI18n()
   const language = useLanguage()
   const githubData = createAsync(() => github())
-  const release = createMemo(() => githubData()?.release)
-
   const handleCopyClick = (event: Event) => {
     const button = event.currentTarget as HTMLButtonElement
     const text = button.textContent

packages/console/app/src/routes/user-menu.tsx

@@ -6,7 +6,7 @@ import { useI18n } from "~/context/i18n"
 import { useLanguage } from "~/context/language"
 import "./user-menu.css"
 
-const logout = action(async () => {
+const _logout = action(async () => {
   "use server"
   const auth = await useAuthSession()
   const event = getRequestEvent()

packages/console/app/src/routes/zen/util/provider/openai-compatible.ts

@@ -30,7 +30,7 @@ export const oaCompatHelper: ProviderHelper = ({ adjustCacheUsage, safetyIdentif
     headers.set("authorization", `Bearer ${apiKey}`)
     headers.set("x-session-affinity", headers.get("x-opencode-session") ?? "")
   },
-  modifyBody: (body: Record<string, any>, workspaceID?: string) => {
+  modifyBody: (body: Record<string, any>, _workspaceID?: string) => {
     return {
       ...body,
       ...(body.stream ? { stream_options: { include_usage: true } } : {}),

packages/console/app/src/routes/zen/v1/models.ts

@@ -5,7 +5,7 @@ import { WorkspaceTable } from "@opencode-ai/console-core/schema/workspace.sql.j
 import { ModelTable } from "@opencode-ai/console-core/schema/model.sql.js"
 import { ZenData } from "@opencode-ai/console-core/model.js"
 
-export async function OPTIONS(input: APIEvent) {
+export async function OPTIONS(_input: APIEvent) {
   return new Response(null, {
     status: 200,
     headers: {

packages/console/app/src/routes/zen/v1/models/[model].ts

@@ -6,8 +6,8 @@ export function POST(input: APIEvent) {
     format: "google",
     modelList: "full",
     parseApiKey: (headers: Headers) => headers.get("x-goog-api-key") ?? undefined,
-    parseModel: (url: string, body: any) => url.split("/").pop()?.split(":")?.[0] ?? "",
-    parseIsStream: (url: string, body: any) =>
+    parseModel: (url: string, _body: any) => url.split("/").pop()?.split(":")?.[0] ?? "",
+    parseIsStream: (url: string, _body: any) =>
       // ie. url: https://opencode.ai/zen/v1/models/gemini-3-pro:streamGenerateContent?alt=sse'
       url.split("/").pop()?.split(":")?.[1]?.startsWith("streamGenerateContent") ?? false,
   })

packages/function/src/api.ts

@@ -12,20 +12,6 @@ type Env = {
   WEB_DOMAIN: string
 }
 
-async function getFeishuTenantToken(): Promise<string> {
-  const response = await fetch("https://open.feishu.cn/open-apis/auth/v3/tenant_access_token/internal", {
-    method: "POST",
-    headers: { "Content-Type": "application/json" },
-    body: JSON.stringify({
-      app_id: Resource.FEISHU_APP_ID.value,
-      app_secret: Resource.FEISHU_APP_SECRET.value,
-    }),
-  })
-  const data = (await response.json()) as { tenant_access_token?: string }
-  if (!data.tenant_access_token) throw new Error("Failed to get Feishu tenant token")
-  return data.tenant_access_token
-}
-
 export class SyncServer extends DurableObject<Env> {
   constructor(ctx: DurableObjectState, env: Env) {
     super(ctx, env)
@@ -49,9 +35,9 @@ export class SyncServer extends DurableObject<Env> {
     })
   }
 
-  async webSocketMessage(ws, message) {}
+  async webSocketMessage(_ws, _message) {}
 
-  async webSocketClose(ws, code, reason, wasClean) {
+  async webSocketClose(ws, code, _reason, _wasClean) {
     ws.close(code, "Durable Object is closing WebSocket")
   }
 
@@ -195,7 +181,7 @@ export default new Hono<{ Bindings: Env }>()
     let info
     const messages: Record<string, any> = {}
     data.forEach((d) => {
-      const [root, type, ...splits] = d.key.split("/")
+      const [root, type] = d.key.split("/")
       if (root !== "session") return
       if (type === "info") {
         info = d.content

packages/opencode/package.json

@@ -115,7 +115,6 @@
     "@opencode-ai/plugin": "workspace:*",
     "@opencode-ai/script": "workspace:*",
     "@opencode-ai/sdk": "workspace:*",
-    "@opencode-ai/server": "workspace:*",
     "@openrouter/ai-sdk-provider": "2.5.1",
     "@opentelemetry/api": "1.9.0",
     "@opentelemetry/context-async-hooks": "2.6.1",

packages/opencode/script/postinstall.mjs

@@ -85,18 +85,6 @@ function prepareBinDirectory(binaryName) {
   return { binDir, targetPath }
 }
 
-function symlinkBinary(sourcePath, binaryName) {
-  const { targetPath } = prepareBinDirectory(binaryName)
-
-  fs.symlinkSync(sourcePath, targetPath)
-  console.log(`opencode binary symlinked: ${targetPath} -> ${sourcePath}`)
-
-  // Verify the file exists after operation
-  if (!fs.existsSync(targetPath)) {
-    throw new Error(`Failed to symlink binary to ${targetPath}`)
-  }
-}
-
 async function main() {
   try {
     if (os.platform() === "win32") {

packages/opencode/script/unwrap-namespace.ts

@@ -10,11 +10,11 @@
  *   1. Reads the file and finds the `export namespace Foo { ... }` block
  *      (uses ast-grep for accurate AST-based boundary detection)
  *   2. Removes the namespace wrapper and dedents the body
- *   3. If the file is index.ts, renames it to <lowercase-name>.ts
- *   4. Creates/updates index.ts with `export * as Foo from "./<file>"`
- *   5. Prints the import rewrite commands to run across the codebase
- *
- * Does NOT auto-rewrite imports — prints the commands so you can review them.
+ *   3. Fixes self-references (e.g. Config.PermissionAction → PermissionAction)
+ *   4. If the file is index.ts, renames it to <lowercase-name>.ts
+ *   5. Creates/updates index.ts with `export * as Foo from "./<file>"`
+ *   6. Rewrites import paths across src/, test/, and script/
+ *   7. Fixes sibling imports within the same directory
  *
  * Requires: ast-grep (`brew install ast-grep` or `cargo install ast-grep`)
  */
@@ -90,22 +90,107 @@ const after = lines.slice(closeLine + 1)
 const dedented = body.map((line) => {
   if (line === "") return ""
   if (line.startsWith("  ")) return line.slice(2)
-  return line // don't touch lines that aren't indented (shouldn't happen)
+  return line
 })
 
-const newContent = [...before, ...dedented, ...after].join("\n")
+let newContent = [...before, ...dedented, ...after].join("\n")
+
+// --- Fix self-references ---
+// After unwrapping, references like `Config.PermissionAction` inside the same file
+// need to become just `PermissionAction`. Only fix code positions, not strings.
+const exportedNames = new Set<string>()
+const exportRegex = /export\s+(?:const|function|class|interface|type|enum|abstract\s+class)\s+(\w+)/g
+for (const line of dedented) {
+  for (const m of line.matchAll(exportRegex)) exportedNames.add(m[1])
+}
+const reExportRegex = /export\s*\{\s*([^}]+)\}/g
+for (const line of dedented) {
+  for (const m of line.matchAll(reExportRegex)) {
+    for (const name of m[1].split(",")) {
+      const trimmed = name
+        .trim()
+        .split(/\s+as\s+/)
+        .pop()!
+        .trim()
+      if (trimmed) exportedNames.add(trimmed)
+    }
+  }
+}
+
+let selfRefCount = 0
+if (exportedNames.size > 0) {
+  const fixedLines = newContent.split("\n").map((line) => {
+    // Split line into string-literal and code segments to avoid replacing inside strings
+    const segments: Array<{ text: string; isString: boolean }> = []
+    let i = 0
+    let current = ""
+    let inString: string | null = null
+
+    while (i < line.length) {
+      const ch = line[i]
+      if (inString) {
+        current += ch
+        if (ch === "\\" && i + 1 < line.length) {
+          current += line[i + 1]
+          i += 2
+          continue
+        }
+        if (ch === inString) {
+          segments.push({ text: current, isString: true })
+          current = ""
+          inString = null
+        }
+        i++
+        continue
+      }
+      if (ch === '"' || ch === "'" || ch === "`") {
+        if (current) segments.push({ text: current, isString: false })
+        current = ch
+        inString = ch
+        i++
+        continue
+      }
+      if (ch === "/" && i + 1 < line.length && line[i + 1] === "/") {
+        current += line.slice(i)
+        segments.push({ text: current, isString: true })
+        current = ""
+        i = line.length
+        continue
+      }
+      current += ch
+      i++
+    }
+    if (current) segments.push({ text: current, isString: !!inString })
+
+    return segments
+      .map((seg) => {
+        if (seg.isString) return seg.text
+        let result = seg.text
+        for (const name of exportedNames) {
+          const pattern = `${nsName}.${name}`
+          while (result.includes(pattern)) {
+            const idx = result.indexOf(pattern)
+            const charBefore = idx > 0 ? result[idx - 1] : " "
+            const charAfter = idx + pattern.length < result.length ? result[idx + pattern.length] : " "
+            if (/\w/.test(charBefore) || /\w/.test(charAfter)) break
+            result = result.slice(0, idx) + name + result.slice(idx + pattern.length)
+            selfRefCount++
+          }
+        }
+        return result
+      })
+      .join("")
+  })
+  newContent = fixedLines.join("\n")
+}
 
 // Figure out file naming
 const dir = path.dirname(absPath)
 const basename = path.basename(absPath, ".ts")
 const isIndex = basename === "index"
-
-// The implementation file name (lowercase namespace name if currently index.ts)
 const implName = isIndex ? nsName.replace(/([a-z])([A-Z])/g, "$1-$2").toLowerCase() : basename
 const implFile = path.join(dir, `${implName}.ts`)
 const indexFile = path.join(dir, "index.ts")
-
-// The barrel line
 const barrelLine = `export * as ${nsName} from "./${implName}"\n`
 
 console.log("")
@@ -114,6 +199,7 @@ if (isIndex) {
 } else {
   console.log(`Plan: rewrite ${basename}.ts in place, create index.ts barrel`)
 }
+if (selfRefCount > 0) console.log(`Fixed ${selfRefCount} self-reference(s) (${nsName}.X → X)`)
 console.log("")
 
 if (dryRun) {
@@ -128,19 +214,23 @@ if (dryRun) {
   console.log("")
   console.log(`=== index.ts ===`)
   console.log(`  ${barrelLine.trim()}`)
+  console.log("")
+  if (!isIndex) {
+    const relDir = path.relative(path.resolve("src"), dir)
+    console.log(`=== Import rewrites (would apply) ===`)
+    console.log(`  ${relDir}/${basename}" → ${relDir}" across src/, test/, script/`)
+  } else {
+    console.log("No import rewrites needed (was index.ts)")
+  }
 } else {
-  // Write the implementation file
   if (isIndex) {
-    // Rename: write new content to implFile, then overwrite index.ts with barrel
     fs.writeFileSync(implFile, newContent)
     fs.writeFileSync(indexFile, barrelLine)
     console.log(`Wrote ${implName}.ts (${newContent.split("\n").length} lines)`)
     console.log(`Wrote index.ts (barrel)`)
   } else {
-    // Rewrite in place, create index.ts
     fs.writeFileSync(absPath, newContent)
     if (fs.existsSync(indexFile)) {
-      // Append to existing barrel
       const existing = fs.readFileSync(indexFile, "utf-8")
       if (!existing.includes(`export * as ${nsName}`)) {
         fs.appendFileSync(indexFile, barrelLine)
@@ -154,37 +244,60 @@ if (dryRun) {
     }
     console.log(`Rewrote ${basename}.ts (${newContent.split("\n").length} lines)`)
   }
-}
 
-// Print the import rewrite guidance
-const relDir = path.relative(path.resolve("src"), dir)
+  // --- Rewrite import paths across src/, test/, script/ ---
+  const relDir = path.relative(path.resolve("src"), dir)
+  if (!isIndex) {
+    const oldTail = `${relDir}/${basename}`
+    const searchDirs = ["src", "test", "script"].filter((d) => fs.existsSync(d))
+    const rgResult = Bun.spawnSync(["rg", "-l", `from.*${oldTail}"`, ...searchDirs], {
+      stdout: "pipe",
+      stderr: "pipe",
+    })
+    const filesToRewrite = rgResult.stdout
+      .toString()
+      .trim()
+      .split("\n")
+      .filter((f) => f.length > 0)
 
-console.log("")
-console.log("=== Import rewrites ===")
-console.log("")
+    if (filesToRewrite.length > 0) {
+      console.log(`\nRewriting imports in ${filesToRewrite.length} file(s)...`)
+      for (const file of filesToRewrite) {
+        const content = fs.readFileSync(file, "utf-8")
+        fs.writeFileSync(file, content.replaceAll(`${oldTail}"`, `${relDir}"`))
+      }
+      console.log(`  Done: ${oldTail}" → ${relDir}"`)
+    } else {
+      console.log("\nNo import rewrites needed")
+    }
+  } else {
+    console.log("\nNo import rewrites needed (was index.ts)")
+  }
 
-if (!isIndex) {
-  // Non-index files: imports like "../provider/provider" need to become "../provider"
-  const oldTail = `${relDir}/${basename}`
+  // --- Fix sibling imports within the same directory ---
+  const siblingFiles = fs.readdirSync(dir).filter((f) => {
+    if (!f.endsWith(".ts")) return false
+    if (f === "index.ts" || f === `${implName}.ts`) return false
+    return true
+  })
 
-  console.log(`# Find all imports to rewrite:`)
-  console.log(`rg 'from.*${oldTail}' src/ --files-with-matches`)
-  console.log("")
-
-  // Auto-rewrite with sed (safe: only rewrites the import path, not other occurrences)
-  console.log("# Auto-rewrite (review diff afterward):")
-  console.log(`rg -l 'from.*${oldTail}' src/ | xargs sed -i '' 's|${oldTail}"|${relDir}"|g'`)
-  console.log("")
-  console.log("# What changes:")
-  console.log(`#   import { ${nsName} } from ".../${oldTail}"`)
-  console.log(`#   import { ${nsName} } from ".../${relDir}"`)
-} else {
-  console.log("# File was index.ts — import paths already resolve correctly.")
-  console.log("# No import rewrites needed!")
+  let siblingFixCount = 0
+  for (const sibFile of siblingFiles) {
+    const sibPath = path.join(dir, sibFile)
+    const content = fs.readFileSync(sibPath, "utf-8")
+    const pattern = new RegExp(`from\\s+["']\\./${basename}["']`, "g")
+    if (pattern.test(content)) {
+      fs.writeFileSync(sibPath, content.replace(pattern, `from "."`))
+      siblingFixCount++
+    }
+  }
+  if (siblingFixCount > 0) {
+    console.log(`Fixed ${siblingFixCount} sibling import(s) in ${path.basename(dir)}/ (./${basename} → .)`)
+  }
 }
 
 console.log("")
 console.log("=== Verify ===")
 console.log("")
-console.log("bun typecheck     # from packages/opencode")
-console.log("bun run test      # run tests")
+console.log("bunx --bun tsgo --noEmit   # typecheck")
+console.log("bun run test               # run tests")

packages/opencode/specs/effect/http-api.md

@@ -156,6 +156,14 @@ Ordering for a route-group migration:
 3. move tagged route-facing errors to `Schema.TaggedErrorClass` where needed
 4. switch existing Zod boundary validators to derived `.zod`
 5. define the `HttpApi` contract from the canonical Effect schemas
+6. regenerate the SDK (`./packages/sdk/js/script/build.ts`) and verify zero diff against `dev`
+
+SDK shape rule:
+
+- every schema migration must preserve the generated SDK output byte-for-byte
+- `Schema.Class` emits a named `$ref` in OpenAPI via its identifier — use it only for types that already had `.meta({ ref })` in the old Zod schema
+- inner / nested types that were anonymous in the old Zod schema should stay as `Schema.Struct` (not `Schema.Class`) to avoid introducing new named components in the OpenAPI spec
+- if a diff appears in `packages/sdk/js/src/v2/gen/types.gen.ts`, the migration introduced an unintended API surface change — fix it before merging
 
 Temporary exception:
 
@@ -195,8 +203,9 @@ Use the same sequence for each route group.
 4. Define the `HttpApi` contract separately from the handlers.
 5. Implement handlers by yielding the existing service from context.
 6. Mount the new surface in parallel under an experimental prefix.
-7. Add one end-to-end test and one OpenAPI-focused test.
-8. Compare ergonomics before migrating the next endpoint.
+7. Regenerate the SDK and verify zero diff against `dev` (see SDK shape rule above).
+8. Add one end-to-end test and one OpenAPI-focused test.
+9. Compare ergonomics before migrating the next endpoint.
 
 Rule of thumb:
 

packages/opencode/src/acp/agent.ts

@@ -37,7 +37,7 @@ import { Filesystem } from "../util/filesystem"
 import { Hash } from "@opencode-ai/shared/util/hash"
 import { ACPSessionManager } from "./session"
 import type { ACPConfig } from "./types"
-import { Provider } from "../provider/provider"
+import { Provider } from "../provider"
 import { ModelID, ProviderID } from "../provider/schema"
 import { Agent as AgentModule } from "../agent/agent"
 import { AppRuntime } from "@/effect/app-runtime"

packages/opencode/src/agent/agent.ts

@@ -1,6 +1,6 @@
 import { Config } from "../config"
 import z from "zod"
-import { Provider } from "../provider/provider"
+import { Provider } from "../provider"
 import { ModelID, ProviderID } from "../provider/schema"
 import { generateObject, streamObject, type ModelMessage } from "ai"
 import { Instance } from "../project/instance"
@@ -80,7 +80,7 @@ export namespace Agent {
       const provider = yield* Provider.Service
 
       const state = yield* InstanceState.make<State>(
-        Effect.fn("Agent.state")(function* (ctx) {
+        Effect.fn("Agent.state")(function* (_ctx) {
           const cfg = yield* config.get()
           const skillDirs = yield* skill.dirs()
           const whitelistedDirs = [Truncate.GLOB, ...skillDirs.map((dir) => path.join(dir, "*"))]

packages/opencode/src/bus/bus.ts

@@ -4,7 +4,6 @@ import { EffectBridge } from "@/effect/bridge"
 import { Log } from "../util/log"
 import { BusEvent } from "./bus-event"
 import { GlobalBus } from "./global"
-import { WorkspaceContext } from "@/control-plane/workspace-context"
 import { InstanceState } from "@/effect/instance-state"
 import { makeRuntime } from "@/effect/run-service"
 

packages/opencode/src/cli/cmd/agent.ts

@@ -4,7 +4,7 @@ import { AppRuntime } from "@/effect/app-runtime"
 import { UI } from "../ui"
 import { Global } from "../../global"
 import { Agent } from "../../agent/agent"
-import { Provider } from "../../provider/provider"
+import { Provider } from "../../provider"
 import path from "path"
 import fs from "fs/promises"
 import { Filesystem } from "../../util/filesystem"

packages/opencode/src/cli/cmd/debug/agent.ts

@@ -2,7 +2,7 @@ import { EOL } from "os"
 import { basename } from "path"
 import { Effect } from "effect"
 import { Agent } from "../../../agent/agent"
-import { Provider } from "../../../provider/provider"
+import { Provider } from "../../../provider"
 import { Session } from "../../../session"
 import type { MessageV2 } from "../../../session/message-v2"
 import { MessageID, PartID } from "../../../session/schema"

packages/opencode/src/cli/cmd/github.ts

@@ -25,7 +25,7 @@ import { SessionShare } from "@/share/session"
 import { Session } from "../../session"
 import type { SessionID } from "../../session/schema"
 import { MessageID, PartID } from "../../session/schema"
-import { Provider } from "../../provider/provider"
+import { Provider } from "../../provider"
 import { Bus } from "../../bus"
 import { MessageV2 } from "../../session/message-v2"
 import { SessionPrompt } from "@/session/prompt"

packages/opencode/src/cli/cmd/models.ts

@@ -1,6 +1,6 @@
 import type { Argv } from "yargs"
 import { Instance } from "../../project/instance"
-import { Provider } from "../../provider/provider"
+import { Provider } from "../../provider"
 import { ProviderID } from "../../provider/schema"
 import { ModelsDev } from "../../provider/models"
 import { cmd } from "./cmd"

packages/opencode/src/cli/cmd/run.ts

@@ -9,7 +9,7 @@ import { EOL } from "os"
 import { Filesystem } from "../../util/filesystem"
 import { createOpencodeClient, type OpencodeClient, type ToolPart } from "@opencode-ai/sdk/v2"
 import { Server } from "../../server/server"
-import { Provider } from "../../provider/provider"
+import { Provider } from "../../provider"
 import { Agent } from "../../agent/agent"
 import { Permission } from "../../permission"
 import { Tool } from "../../tool/tool"

packages/opencode/src/cli/cmd/tui/app.tsx

@@ -52,7 +52,7 @@ import { ExitProvider, useExit } from "./context/exit"
 import { Session as SessionApi } from "@/session"
 import { TuiEvent } from "./event"
 import { KVProvider, useKV } from "./context/kv"
-import { Provider } from "@/provider/provider"
+import { Provider } from "@/provider"
 import { ArgsProvider, useArgs, type Args } from "./context/args"
 import open from "open"
 import { PromptRefProvider, usePromptRef } from "./context/prompt"

packages/opencode/src/cli/cmd/tui/component/dialog-mcp.tsx

@@ -78,7 +78,7 @@ export function DialogMcp() {
       title="MCPs"
       options={options()}
       keybind={keybinds()}
-      onSelect={(option) => {
+      onSelect={(_option) => {
         // Don't close on select, only on escape
       }}
     />

packages/opencode/src/cli/cmd/tui/component/prompt/autocomplete.tsx

@@ -111,7 +111,7 @@ export function Autocomplete(props: {
 
   const position = createMemo(() => {
     if (!store.visible) return { x: 0, y: 0, width: 0 }
-    const dims = dimensions()
+    dimensions()
     positionTick()
     const anchor = props.anchor()
     const parent = anchor.parent

packages/opencode/src/cli/cmd/tui/context/local.tsx

@@ -8,7 +8,7 @@ import { Global } from "@/global"
 import { iife } from "@/util/iife"
 import { createSimpleContext } from "./helper"
 import { useToast } from "../ui/toast"
-import { Provider } from "@/provider/provider"
+import { Provider } from "@/provider"
 import { useArgs } from "./args"
 import { useSDK } from "./sdk"
 import { RGBA } from "@opentui/core"

packages/opencode/src/cli/cmd/tui/routes/session/index.tsx

@@ -157,10 +157,10 @@ export function Session() {
   const [showThinking, setShowThinking] = kv.signal("thinking_visibility", true)
   const [timestamps, setTimestamps] = kv.signal<"hide" | "show">("timestamps", "hide")
   const [showDetails, setShowDetails] = kv.signal("tool_details_visibility", true)
-  const [showAssistantMetadata, setShowAssistantMetadata] = kv.signal("assistant_metadata_visibility", true)
+  const [showAssistantMetadata, _setShowAssistantMetadata] = kv.signal("assistant_metadata_visibility", true)
   const [showScrollbar, setShowScrollbar] = kv.signal("scrollbar_visible", false)
   const [diffWrapMode] = kv.signal<"word" | "none">("diff_wrap_mode", "word")
-  const [animationsEnabled, setAnimationsEnabled] = kv.signal("animations_enabled", true)
+  const [_animationsEnabled, _setAnimationsEnabled] = kv.signal("animations_enabled", true)
   const [showGenericToolOutput, setShowGenericToolOutput] = kv.signal("generic_tool_output_visibility", false)
 
   const wide = createMemo(() => dimensions().width > 120)

packages/opencode/src/cli/cmd/tui/routes/session/permission.tsx

@@ -599,7 +599,7 @@ function Prompt<const T extends Record<string, string>>(props: {
   })
 
   const hint = createMemo(() => (store.expanded ? "minimize" : "fullscreen"))
-  const renderer = useRenderer()
+  useRenderer()
 
   const content = () => (
     <box

packages/opencode/src/cli/cmd/tui/routes/session/subagent-footer.tsx

@@ -59,7 +59,7 @@ export function SubagentFooter() {
   const keybind = useKeybind()
   const command = useCommandDialog()
   const [hover, setHover] = createSignal<"parent" | "prev" | "next" | null>(null)
-  const dimensions = useTerminalDimensions()
+  useTerminalDimensions()
 
   return (
     <box flexShrink={0}>

packages/opencode/src/cli/cmd/tui/ui/dialog-confirm.tsx

@@ -54,7 +54,7 @@ export function DialogConfirm(props: DialogConfirmProps) {
               paddingLeft={1}
               paddingRight={1}
               backgroundColor={key === store.active ? theme.primary : undefined}
-              onMouseUp={(evt) => {
+              onMouseUp={(_evt) => {
                 if (key === "confirm") props.onConfirm?.()
                 if (key === "cancel") props.onCancel?.()
                 dialog.clear()

packages/opencode/src/cli/error.ts

@@ -3,7 +3,7 @@ import { ConfigMarkdown } from "@/config/markdown"
 import { errorFormat } from "@/util/error"
 import { Config } from "../config"
 import { MCP } from "../mcp"
-import { Provider } from "../provider/provider"
+import { Provider } from "../provider"
 import { UI } from "./ui"
 
 export function FormatError(input: unknown) {

packages/opencode/src/cli/network.ts

@@ -43,8 +43,6 @@ export async function resolveNetworkOptions(args: NetworkOptions) {
   const hostnameExplicitlySet = process.argv.includes("--hostname")
   const mdnsExplicitlySet = process.argv.includes("--mdns")
   const mdnsDomainExplicitlySet = process.argv.includes("--mdns-domain")
-  const corsExplicitlySet = process.argv.includes("--cors")
-
   const mdns = mdnsExplicitlySet ? args.mdns : (config?.server?.mdns ?? args.mdns)
   const mdnsDomain = mdnsDomainExplicitlySet ? args["mdns-domain"] : (config?.server?.mdnsDomain ?? args["mdns-domain"])
   const port = portExplicitlySet ? args.port : (config?.server?.port ?? args.port)

packages/opencode/src/command/index.ts

@@ -8,13 +8,10 @@ import z from "zod"
 import { Config } from "../config"
 import { MCP } from "../mcp"
 import { Skill } from "../skill"
-import { Log } from "../util/log"
 import PROMPT_INITIALIZE from "./template/initialize.txt"
 import PROMPT_REVIEW from "./template/review.txt"
 
 export namespace Command {
-  const log = Log.create({ service: "command" })
-
   type State = {
     commands: Record<string, Info>
   }

packages/opencode/src/config/config.ts

@@ -510,7 +510,7 @@ export const Agent = z
     permission: Permission.optional(),
   })
   .catchall(z.any())
-  .transform((agent, ctx) => {
+  .transform((agent, _ctx) => {
     const knownKeys = new Set([
       "name",
       "model",
@@ -1095,7 +1095,7 @@ function patchJsonc(input: string, patch: unknown, path: string[] = []): string
 }
 
 function writable(info: Info) {
-  const { plugin_origins, ...next } = info
+  const { plugin_origins: _plugin_origins, ...next } = info
   return next
 }
 

packages/opencode/src/control-plane/workspace.ts

@@ -328,7 +328,7 @@ export namespace Workspace {
       try {
         const adaptor = await getAdaptor(info.projectID, row.type)
         await adaptor.remove(info)
-      } catch (err) {
+      } catch {
         log.error("adaptor not available when removing workspace", { type: row.type })
       }
       Database.use((db) => db.delete(WorkspaceTable).where(eq(WorkspaceTable.id, id)).run())
@@ -404,7 +404,7 @@ export namespace Workspace {
           return synced(state)
         },
       })
-    } catch (error) {
+    } catch {
       if (signal?.aborted) throw signal.reason ?? new Error("Request aborted")
       throw new Error(`Timed out waiting for sync fence: ${JSON.stringify(state)}`)
     }

packages/opencode/src/effect/app-runtime.ts

@@ -15,7 +15,7 @@ import { FileWatcher } from "@/file/watcher"
 import { Storage } from "@/storage/storage"
 import { Snapshot } from "@/snapshot"
 import { Plugin } from "@/plugin"
-import { Provider } from "@/provider/provider"
+import { Provider } from "@/provider"
 import { ProviderAuth } from "@/provider/auth"
 import { Agent } from "@/agent/agent"
 import { Skill } from "@/skill"

packages/opencode/src/mcp/index.ts

@@ -1,930 +1 @@
-import { dynamicTool, type Tool, jsonSchema, type JSONSchema7 } from "ai"
-import { Client } from "@modelcontextprotocol/sdk/client/index.js"
-import { StreamableHTTPClientTransport } from "@modelcontextprotocol/sdk/client/streamableHttp.js"
-import { SSEClientTransport } from "@modelcontextprotocol/sdk/client/sse.js"
-import { StdioClientTransport } from "@modelcontextprotocol/sdk/client/stdio.js"
-import { UnauthorizedError } from "@modelcontextprotocol/sdk/client/auth.js"
-import {
-  CallToolResultSchema,
-  type Tool as MCPToolDef,
-  ToolListChangedNotificationSchema,
-} from "@modelcontextprotocol/sdk/types.js"
-import { Config } from "../config"
-import { Log } from "../util/log"
-import { NamedError } from "@opencode-ai/shared/util/error"
-import z from "zod/v4"
-import { Instance } from "../project/instance"
-import { Installation } from "../installation"
-import { withTimeout } from "@/util/timeout"
-import { AppFileSystem } from "@opencode-ai/shared/filesystem"
-import { McpOAuthProvider } from "./oauth-provider"
-import { McpOAuthCallback } from "./oauth-callback"
-import { McpAuth } from "./auth"
-import { BusEvent } from "../bus/bus-event"
-import { Bus } from "@/bus"
-import { TuiEvent } from "@/cli/cmd/tui/event"
-import open from "open"
-import { Effect, Exit, Layer, Option, Context, Stream } from "effect"
-import { EffectBridge } from "@/effect/bridge"
-import { InstanceState } from "@/effect/instance-state"
-import { ChildProcess, ChildProcessSpawner } from "effect/unstable/process"
-import * as CrossSpawnSpawner from "@/effect/cross-spawn-spawner"
-
-export namespace MCP {
-  const log = Log.create({ service: "mcp" })
-  const DEFAULT_TIMEOUT = 30_000
-
-  export const Resource = z
-    .object({
-      name: z.string(),
-      uri: z.string(),
-      description: z.string().optional(),
-      mimeType: z.string().optional(),
-      client: z.string(),
-    })
-    .meta({ ref: "McpResource" })
-  export type Resource = z.infer<typeof Resource>
-
-  export const ToolsChanged = BusEvent.define(
-    "mcp.tools.changed",
-    z.object({
-      server: z.string(),
-    }),
-  )
-
-  export const BrowserOpenFailed = BusEvent.define(
-    "mcp.browser.open.failed",
-    z.object({
-      mcpName: z.string(),
-      url: z.string(),
-    }),
-  )
-
-  export const Failed = NamedError.create(
-    "MCPFailed",
-    z.object({
-      name: z.string(),
-    }),
-  )
-
-  type MCPClient = Client
-
-  export const Status = z
-    .discriminatedUnion("status", [
-      z
-        .object({
-          status: z.literal("connected"),
-        })
-        .meta({
-          ref: "MCPStatusConnected",
-        }),
-      z
-        .object({
-          status: z.literal("disabled"),
-        })
-        .meta({
-          ref: "MCPStatusDisabled",
-        }),
-      z
-        .object({
-          status: z.literal("failed"),
-          error: z.string(),
-        })
-        .meta({
-          ref: "MCPStatusFailed",
-        }),
-      z
-        .object({
-          status: z.literal("needs_auth"),
-        })
-        .meta({
-          ref: "MCPStatusNeedsAuth",
-        }),
-      z
-        .object({
-          status: z.literal("needs_client_registration"),
-          error: z.string(),
-        })
-        .meta({
-          ref: "MCPStatusNeedsClientRegistration",
-        }),
-    ])
-    .meta({
-      ref: "MCPStatus",
-    })
-  export type Status = z.infer<typeof Status>
-
-  // Store transports for OAuth servers to allow finishing auth
-  type TransportWithAuth = StreamableHTTPClientTransport | SSEClientTransport
-  const pendingOAuthTransports = new Map<string, TransportWithAuth>()
-
-  // Prompt cache types
-  type PromptInfo = Awaited<ReturnType<MCPClient["listPrompts"]>>["prompts"][number]
-  type ResourceInfo = Awaited<ReturnType<MCPClient["listResources"]>>["resources"][number]
-  type McpEntry = NonNullable<Config.Info["mcp"]>[string]
-
-  function isMcpConfigured(entry: McpEntry): entry is Config.Mcp {
-    return typeof entry === "object" && entry !== null && "type" in entry
-  }
-
-  const sanitize = (s: string) => s.replace(/[^a-zA-Z0-9_-]/g, "_")
-
-  // Convert MCP tool definition to AI SDK Tool type
-  function convertMcpTool(mcpTool: MCPToolDef, client: MCPClient, timeout?: number): Tool {
-    const inputSchema = mcpTool.inputSchema
-
-    // Spread first, then override type to ensure it's always "object"
-    const schema: JSONSchema7 = {
-      ...(inputSchema as JSONSchema7),
-      type: "object",
-      properties: (inputSchema.properties ?? {}) as JSONSchema7["properties"],
-      additionalProperties: false,
-    }
-
-    return dynamicTool({
-      description: mcpTool.description ?? "",
-      inputSchema: jsonSchema(schema),
-      execute: async (args: unknown) => {
-        return client.callTool(
-          {
-            name: mcpTool.name,
-            arguments: (args || {}) as Record<string, unknown>,
-          },
-          CallToolResultSchema,
-          {
-            resetTimeoutOnProgress: true,
-            timeout,
-          },
-        )
-      },
-    })
-  }
-
-  function defs(key: string, client: MCPClient, timeout?: number) {
-    return Effect.tryPromise({
-      try: () => withTimeout(client.listTools(), timeout ?? DEFAULT_TIMEOUT),
-      catch: (err) => (err instanceof Error ? err : new Error(String(err))),
-    }).pipe(
-      Effect.map((result) => result.tools),
-      Effect.catch((err) => {
-        log.error("failed to get tools from client", { key, error: err })
-        return Effect.succeed(undefined)
-      }),
-    )
-  }
-
-  function fetchFromClient<T extends { name: string }>(
-    clientName: string,
-    client: Client,
-    listFn: (c: Client) => Promise<T[]>,
-    label: string,
-  ) {
-    return Effect.tryPromise({
-      try: () => listFn(client),
-      catch: (e: any) => {
-        log.error(`failed to get ${label}`, { clientName, error: e.message })
-        return e
-      },
-    }).pipe(
-      Effect.map((items) => {
-        const out: Record<string, T & { client: string }> = {}
-        const sanitizedClient = sanitize(clientName)
-        for (const item of items) {
-          out[sanitizedClient + ":" + sanitize(item.name)] = { ...item, client: clientName }
-        }
-        return out
-      }),
-      Effect.orElseSucceed(() => undefined),
-    )
-  }
-
-  interface CreateResult {
-    mcpClient?: MCPClient
-    status: Status
-    defs?: MCPToolDef[]
-  }
-
-  interface AuthResult {
-    authorizationUrl: string
-    oauthState: string
-    client?: MCPClient
-  }
-
-  // --- Effect Service ---
-
-  interface State {
-    status: Record<string, Status>
-    clients: Record<string, MCPClient>
-    defs: Record<string, MCPToolDef[]>
-  }
-
-  export interface Interface {
-    readonly status: () => Effect.Effect<Record<string, Status>>
-    readonly clients: () => Effect.Effect<Record<string, MCPClient>>
-    readonly tools: () => Effect.Effect<Record<string, Tool>>
-    readonly prompts: () => Effect.Effect<Record<string, PromptInfo & { client: string }>>
-    readonly resources: () => Effect.Effect<Record<string, ResourceInfo & { client: string }>>
-    readonly add: (name: string, mcp: Config.Mcp) => Effect.Effect<{ status: Record<string, Status> | Status }>
-    readonly connect: (name: string) => Effect.Effect<void>
-    readonly disconnect: (name: string) => Effect.Effect<void>
-    readonly getPrompt: (
-      clientName: string,
-      name: string,
-      args?: Record<string, string>,
-    ) => Effect.Effect<Awaited<ReturnType<MCPClient["getPrompt"]>> | undefined>
-    readonly readResource: (
-      clientName: string,
-      resourceUri: string,
-    ) => Effect.Effect<Awaited<ReturnType<MCPClient["readResource"]>> | undefined>
-    readonly startAuth: (mcpName: string) => Effect.Effect<{ authorizationUrl: string; oauthState: string }>
-    readonly authenticate: (mcpName: string) => Effect.Effect<Status>
-    readonly finishAuth: (mcpName: string, authorizationCode: string) => Effect.Effect<Status>
-    readonly removeAuth: (mcpName: string) => Effect.Effect<void>
-    readonly supportsOAuth: (mcpName: string) => Effect.Effect<boolean>
-    readonly hasStoredTokens: (mcpName: string) => Effect.Effect<boolean>
-    readonly getAuthStatus: (mcpName: string) => Effect.Effect<AuthStatus>
-  }
-
-  export class Service extends Context.Service<Service, Interface>()("@opencode/MCP") {}
-
-  export const layer = Layer.effect(
-    Service,
-    Effect.gen(function* () {
-      const spawner = yield* ChildProcessSpawner.ChildProcessSpawner
-      const auth = yield* McpAuth.Service
-      const bus = yield* Bus.Service
-
-      type Transport = StdioClientTransport | StreamableHTTPClientTransport | SSEClientTransport
-
-      /**
-       * Connect a client via the given transport with resource safety:
-       * on failure the transport is closed; on success the caller owns it.
-       */
-      const connectTransport = (transport: Transport, timeout: number) =>
-        Effect.acquireUseRelease(
-          Effect.succeed(transport),
-          (t) =>
-            Effect.tryPromise({
-              try: () => {
-                const client = new Client({ name: "opencode", version: Installation.VERSION })
-                return withTimeout(client.connect(t), timeout).then(() => client)
-              },
-              catch: (e) => (e instanceof Error ? e : new Error(String(e))),
-            }),
-          (t, exit) => (Exit.isFailure(exit) ? Effect.tryPromise(() => t.close()).pipe(Effect.ignore) : Effect.void),
-        )
-
-      const DISABLED_RESULT: CreateResult = { status: { status: "disabled" } }
-
-      const connectRemote = Effect.fn("MCP.connectRemote")(function* (
-        key: string,
-        mcp: Config.Mcp & { type: "remote" },
-      ) {
-        const oauthDisabled = mcp.oauth === false
-        const oauthConfig = typeof mcp.oauth === "object" ? mcp.oauth : undefined
-        let authProvider: McpOAuthProvider | undefined
-
-        if (!oauthDisabled) {
-          authProvider = new McpOAuthProvider(
-            key,
-            mcp.url,
-            {
-              clientId: oauthConfig?.clientId,
-              clientSecret: oauthConfig?.clientSecret,
-              scope: oauthConfig?.scope,
-              redirectUri: oauthConfig?.redirectUri,
-            },
-            {
-              onRedirect: async (url) => {
-                log.info("oauth redirect requested", { key, url: url.toString() })
-              },
-            },
-            auth,
-          )
-        }
-
-        const transports: Array<{ name: string; transport: TransportWithAuth }> = [
-          {
-            name: "StreamableHTTP",
-            transport: new StreamableHTTPClientTransport(new URL(mcp.url), {
-              authProvider,
-              requestInit: mcp.headers ? { headers: mcp.headers } : undefined,
-            }),
-          },
-          {
-            name: "SSE",
-            transport: new SSEClientTransport(new URL(mcp.url), {
-              authProvider,
-              requestInit: mcp.headers ? { headers: mcp.headers } : undefined,
-            }),
-          },
-        ]
-
-        const connectTimeout = mcp.timeout ?? DEFAULT_TIMEOUT
-        let lastStatus: Status | undefined
-
-        for (const { name, transport } of transports) {
-          const result = yield* connectTransport(transport, connectTimeout).pipe(
-            Effect.map((client) => ({ client, transportName: name })),
-            Effect.catch((error) => {
-              const lastError = error instanceof Error ? error : new Error(String(error))
-              const isAuthError =
-                error instanceof UnauthorizedError || (authProvider && lastError.message.includes("OAuth"))
-
-              if (isAuthError) {
-                log.info("mcp server requires authentication", { key, transport: name })
-
-                if (lastError.message.includes("registration") || lastError.message.includes("client_id")) {
-                  lastStatus = {
-                    status: "needs_client_registration" as const,
-                    error: "Server does not support dynamic client registration. Please provide clientId in config.",
-                  }
-                  return bus
-                    .publish(TuiEvent.ToastShow, {
-                      title: "MCP Authentication Required",
-                      message: `Server "${key}" requires a pre-registered client ID. Add clientId to your config.`,
-                      variant: "warning",
-                      duration: 8000,
-                    })
-                    .pipe(Effect.ignore, Effect.as(undefined))
-                } else {
-                  pendingOAuthTransports.set(key, transport)
-                  lastStatus = { status: "needs_auth" as const }
-                  return bus
-                    .publish(TuiEvent.ToastShow, {
-                      title: "MCP Authentication Required",
-                      message: `Server "${key}" requires authentication. Run: opencode mcp auth ${key}`,
-                      variant: "warning",
-                      duration: 8000,
-                    })
-                    .pipe(Effect.ignore, Effect.as(undefined))
-                }
-              }
-
-              log.debug("transport connection failed", {
-                key,
-                transport: name,
-                url: mcp.url,
-                error: lastError.message,
-              })
-              lastStatus = { status: "failed" as const, error: lastError.message }
-              return Effect.succeed(undefined)
-            }),
-          )
-          if (result) {
-            log.info("connected", { key, transport: result.transportName })
-            return { client: result.client as MCPClient | undefined, status: { status: "connected" } as Status }
-          }
-          // If this was an auth error, stop trying other transports
-          if (lastStatus?.status === "needs_auth" || lastStatus?.status === "needs_client_registration") break
-        }
-
-        return {
-          client: undefined as MCPClient | undefined,
-          status: (lastStatus ?? { status: "failed", error: "Unknown error" }) as Status,
-        }
-      })
-
-      const connectLocal = Effect.fn("MCP.connectLocal")(function* (key: string, mcp: Config.Mcp & { type: "local" }) {
-        const [cmd, ...args] = mcp.command
-        const cwd = Instance.directory
-        const transport = new StdioClientTransport({
-          stderr: "pipe",
-          command: cmd,
-          args,
-          cwd,
-          env: {
-            ...process.env,
-            ...(cmd === "opencode" ? { BUN_BE_BUN: "1" } : {}),
-            ...mcp.environment,
-          },
-        })
-        transport.stderr?.on("data", (chunk: Buffer) => {
-          log.info(`mcp stderr: ${chunk.toString()}`, { key })
-        })
-
-        const connectTimeout = mcp.timeout ?? DEFAULT_TIMEOUT
-        return yield* connectTransport(transport, connectTimeout).pipe(
-          Effect.map((client): { client: MCPClient | undefined; status: Status } => ({
-            client,
-            status: { status: "connected" },
-          })),
-          Effect.catch((error): Effect.Effect<{ client: MCPClient | undefined; status: Status }> => {
-            const msg = error instanceof Error ? error.message : String(error)
-            log.error("local mcp startup failed", { key, command: mcp.command, cwd, error: msg })
-            return Effect.succeed({ client: undefined, status: { status: "failed", error: msg } })
-          }),
-        )
-      })
-
-      const create = Effect.fn("MCP.create")(function* (key: string, mcp: Config.Mcp) {
-        if (mcp.enabled === false) {
-          log.info("mcp server disabled", { key })
-          return DISABLED_RESULT
-        }
-
-        log.info("found", { key, type: mcp.type })
-
-        const { client: mcpClient, status } =
-          mcp.type === "remote"
-            ? yield* connectRemote(key, mcp as Config.Mcp & { type: "remote" })
-            : yield* connectLocal(key, mcp as Config.Mcp & { type: "local" })
-
-        if (!mcpClient) {
-          return { status } satisfies CreateResult
-        }
-
-        const listed = yield* defs(key, mcpClient, mcp.timeout)
-        if (!listed) {
-          yield* Effect.tryPromise(() => mcpClient.close()).pipe(Effect.ignore)
-          return { status: { status: "failed", error: "Failed to get tools" } } satisfies CreateResult
-        }
-
-        log.info("create() successfully created client", { key, toolCount: listed.length })
-        return { mcpClient, status, defs: listed } satisfies CreateResult
-      })
-      const cfgSvc = yield* Config.Service
-
-      const descendants = Effect.fnUntraced(
-        function* (pid: number) {
-          if (process.platform === "win32") return [] as number[]
-          const pids: number[] = []
-          const queue = [pid]
-          while (queue.length > 0) {
-            const current = queue.shift()!
-            const handle = yield* spawner.spawn(
-              ChildProcess.make("pgrep", ["-P", String(current)], { stdin: "ignore" }),
-            )
-            const text = yield* Stream.mkString(Stream.decodeText(handle.stdout))
-            yield* handle.exitCode
-            for (const tok of text.split("\n")) {
-              const cpid = parseInt(tok, 10)
-              if (!isNaN(cpid) && !pids.includes(cpid)) {
-                pids.push(cpid)
-                queue.push(cpid)
-              }
-            }
-          }
-          return pids
-        },
-        Effect.scoped,
-        Effect.catch(() => Effect.succeed([] as number[])),
-      )
-
-      function watch(s: State, name: string, client: MCPClient, bridge: EffectBridge.Shape, timeout?: number) {
-        client.setNotificationHandler(ToolListChangedNotificationSchema, async () => {
-          log.info("tools list changed notification received", { server: name })
-          if (s.clients[name] !== client || s.status[name]?.status !== "connected") return
-
-          const listed = await bridge.promise(defs(name, client, timeout))
-          if (!listed) return
-          if (s.clients[name] !== client || s.status[name]?.status !== "connected") return
-
-          s.defs[name] = listed
-          await bridge.promise(bus.publish(ToolsChanged, { server: name }).pipe(Effect.ignore))
-        })
-      }
-
-      const state = yield* InstanceState.make<State>(
-        Effect.fn("MCP.state")(function* () {
-          const cfg = yield* cfgSvc.get()
-          const bridge = yield* EffectBridge.make()
-          const config = cfg.mcp ?? {}
-          const s: State = {
-            status: {},
-            clients: {},
-            defs: {},
-          }
-
-          yield* Effect.forEach(
-            Object.entries(config),
-            ([key, mcp]) =>
-              Effect.gen(function* () {
-                if (!isMcpConfigured(mcp)) {
-                  log.error("Ignoring MCP config entry without type", { key })
-                  return
-                }
-
-                if (mcp.enabled === false) {
-                  s.status[key] = { status: "disabled" }
-                  return
-                }
-
-                const result = yield* create(key, mcp).pipe(Effect.catch(() => Effect.void))
-                if (!result) return
-
-                s.status[key] = result.status
-                if (result.mcpClient) {
-                  s.clients[key] = result.mcpClient
-                  s.defs[key] = result.defs!
-                  watch(s, key, result.mcpClient, bridge, mcp.timeout)
-                }
-              }),
-            { concurrency: "unbounded" },
-          )
-
-          yield* Effect.addFinalizer(() =>
-            Effect.gen(function* () {
-              yield* Effect.forEach(
-                Object.values(s.clients),
-                (client) =>
-                  Effect.gen(function* () {
-                    const pid = (client.transport as any)?.pid
-                    if (typeof pid === "number") {
-                      const pids = yield* descendants(pid)
-                      for (const dpid of pids) {
-                        try {
-                          process.kill(dpid, "SIGTERM")
-                        } catch {}
-                      }
-                    }
-                    yield* Effect.tryPromise(() => client.close()).pipe(Effect.ignore)
-                  }),
-                { concurrency: "unbounded" },
-              )
-              pendingOAuthTransports.clear()
-            }),
-          )
-
-          return s
-        }),
-      )
-
-      function closeClient(s: State, name: string) {
-        const client = s.clients[name]
-        delete s.defs[name]
-        if (!client) return Effect.void
-        return Effect.tryPromise(() => client.close()).pipe(Effect.ignore)
-      }
-
-      const storeClient = Effect.fnUntraced(function* (
-        s: State,
-        name: string,
-        client: MCPClient,
-        listed: MCPToolDef[],
-        timeout?: number,
-      ) {
-        const bridge = yield* EffectBridge.make()
-        yield* closeClient(s, name)
-        s.status[name] = { status: "connected" }
-        s.clients[name] = client
-        s.defs[name] = listed
-        watch(s, name, client, bridge, timeout)
-        return s.status[name]
-      })
-
-      const status = Effect.fn("MCP.status")(function* () {
-        const s = yield* InstanceState.get(state)
-
-        const cfg = yield* cfgSvc.get()
-        const config = cfg.mcp ?? {}
-        const result: Record<string, Status> = {}
-
-        for (const [key, mcp] of Object.entries(config)) {
-          if (!isMcpConfigured(mcp)) continue
-          result[key] = s.status[key] ?? { status: "disabled" }
-        }
-
-        return result
-      })
-
-      const clients = Effect.fn("MCP.clients")(function* () {
-        const s = yield* InstanceState.get(state)
-        return s.clients
-      })
-
-      const createAndStore = Effect.fn("MCP.createAndStore")(function* (name: string, mcp: Config.Mcp) {
-        const s = yield* InstanceState.get(state)
-        const result = yield* create(name, mcp)
-
-        s.status[name] = result.status
-        if (!result.mcpClient) {
-          yield* closeClient(s, name)
-          delete s.clients[name]
-          return result.status
-        }
-
-        return yield* storeClient(s, name, result.mcpClient, result.defs!, mcp.timeout)
-      })
-
-      const add = Effect.fn("MCP.add")(function* (name: string, mcp: Config.Mcp) {
-        yield* createAndStore(name, mcp)
-        const s = yield* InstanceState.get(state)
-        return { status: s.status }
-      })
-
-      const connect = Effect.fn("MCP.connect")(function* (name: string) {
-        const mcp = yield* getMcpConfig(name)
-        if (!mcp) {
-          log.error("MCP config not found or invalid", { name })
-          return
-        }
-        yield* createAndStore(name, { ...mcp, enabled: true })
-      })
-
-      const disconnect = Effect.fn("MCP.disconnect")(function* (name: string) {
-        const s = yield* InstanceState.get(state)
-        yield* closeClient(s, name)
-        delete s.clients[name]
-        s.status[name] = { status: "disabled" }
-      })
-
-      const tools = Effect.fn("MCP.tools")(function* () {
-        const result: Record<string, Tool> = {}
-        const s = yield* InstanceState.get(state)
-
-        const cfg = yield* cfgSvc.get()
-        const config = cfg.mcp ?? {}
-        const defaultTimeout = cfg.experimental?.mcp_timeout
-
-        const connectedClients = Object.entries(s.clients).filter(
-          ([clientName]) => s.status[clientName]?.status === "connected",
-        )
-
-        yield* Effect.forEach(
-          connectedClients,
-          ([clientName, client]) =>
-            Effect.gen(function* () {
-              const mcpConfig = config[clientName]
-              const entry = mcpConfig && isMcpConfigured(mcpConfig) ? mcpConfig : undefined
-
-              const listed = s.defs[clientName]
-              if (!listed) {
-                log.warn("missing cached tools for connected server", { clientName })
-                return
-              }
-
-              const timeout = entry?.timeout ?? defaultTimeout
-              for (const mcpTool of listed) {
-                result[sanitize(clientName) + "_" + sanitize(mcpTool.name)] = convertMcpTool(mcpTool, client, timeout)
-              }
-            }),
-          { concurrency: "unbounded" },
-        )
-        return result
-      })
-
-      function collectFromConnected<T extends { name: string }>(
-        s: State,
-        listFn: (c: Client) => Promise<T[]>,
-        label: string,
-      ) {
-        return Effect.forEach(
-          Object.entries(s.clients).filter(([name]) => s.status[name]?.status === "connected"),
-          ([clientName, client]) =>
-            fetchFromClient(clientName, client, listFn, label).pipe(Effect.map((items) => Object.entries(items ?? {}))),
-          { concurrency: "unbounded" },
-        ).pipe(Effect.map((results) => Object.fromEntries<T & { client: string }>(results.flat())))
-      }
-
-      const prompts = Effect.fn("MCP.prompts")(function* () {
-        const s = yield* InstanceState.get(state)
-        return yield* collectFromConnected(s, (c) => c.listPrompts().then((r) => r.prompts), "prompts")
-      })
-
-      const resources = Effect.fn("MCP.resources")(function* () {
-        const s = yield* InstanceState.get(state)
-        return yield* collectFromConnected(s, (c) => c.listResources().then((r) => r.resources), "resources")
-      })
-
-      const withClient = Effect.fnUntraced(function* <A>(
-        clientName: string,
-        fn: (client: MCPClient) => Promise<A>,
-        label: string,
-        meta?: Record<string, unknown>,
-      ) {
-        const s = yield* InstanceState.get(state)
-        const client = s.clients[clientName]
-        if (!client) {
-          log.warn(`client not found for ${label}`, { clientName })
-          return undefined
-        }
-        return yield* Effect.tryPromise({
-          try: () => fn(client),
-          catch: (e: any) => {
-            log.error(`failed to ${label}`, { clientName, ...meta, error: e?.message })
-            return e
-          },
-        }).pipe(Effect.orElseSucceed(() => undefined))
-      })
-
-      const getPrompt = Effect.fn("MCP.getPrompt")(function* (
-        clientName: string,
-        name: string,
-        args?: Record<string, string>,
-      ) {
-        return yield* withClient(clientName, (client) => client.getPrompt({ name, arguments: args }), "getPrompt", {
-          promptName: name,
-        })
-      })
-
-      const readResource = Effect.fn("MCP.readResource")(function* (clientName: string, resourceUri: string) {
-        return yield* withClient(clientName, (client) => client.readResource({ uri: resourceUri }), "readResource", {
-          resourceUri,
-        })
-      })
-
-      const getMcpConfig = Effect.fnUntraced(function* (mcpName: string) {
-        const cfg = yield* cfgSvc.get()
-        const mcpConfig = cfg.mcp?.[mcpName]
-        if (!mcpConfig || !isMcpConfigured(mcpConfig)) return undefined
-        return mcpConfig
-      })
-
-      const startAuth = Effect.fn("MCP.startAuth")(function* (mcpName: string) {
-        const mcpConfig = yield* getMcpConfig(mcpName)
-        if (!mcpConfig) throw new Error(`MCP server ${mcpName} not found or disabled`)
-        if (mcpConfig.type !== "remote") throw new Error(`MCP server ${mcpName} is not a remote server`)
-        if (mcpConfig.oauth === false) throw new Error(`MCP server ${mcpName} has OAuth explicitly disabled`)
-
-        // OAuth config is optional - if not provided, we'll use auto-discovery
-        const oauthConfig = typeof mcpConfig.oauth === "object" ? mcpConfig.oauth : undefined
-
-        // Start the callback server with custom redirectUri if configured
-        yield* Effect.promise(() => McpOAuthCallback.ensureRunning(oauthConfig?.redirectUri))
-
-        const oauthState = Array.from(crypto.getRandomValues(new Uint8Array(32)))
-          .map((b) => b.toString(16).padStart(2, "0"))
-          .join("")
-        yield* auth.updateOAuthState(mcpName, oauthState)
-        let capturedUrl: URL | undefined
-        const authProvider = new McpOAuthProvider(
-          mcpName,
-          mcpConfig.url,
-          {
-            clientId: oauthConfig?.clientId,
-            clientSecret: oauthConfig?.clientSecret,
-            scope: oauthConfig?.scope,
-            redirectUri: oauthConfig?.redirectUri,
-          },
-          {
-            onRedirect: async (url) => {
-              capturedUrl = url
-            },
-          },
-          auth,
-        )
-
-        const transport = new StreamableHTTPClientTransport(new URL(mcpConfig.url), { authProvider })
-
-        return yield* Effect.tryPromise({
-          try: () => {
-            const client = new Client({ name: "opencode", version: Installation.VERSION })
-            return client
-              .connect(transport)
-              .then(() => ({ authorizationUrl: "", oauthState, client }) satisfies AuthResult)
-          },
-          catch: (error) => error,
-        }).pipe(
-          Effect.catch((error) => {
-            if (error instanceof UnauthorizedError && capturedUrl) {
-              pendingOAuthTransports.set(mcpName, transport)
-              return Effect.succeed({ authorizationUrl: capturedUrl.toString(), oauthState } satisfies AuthResult)
-            }
-            return Effect.die(error)
-          }),
-        )
-      })
-
-      const authenticate = Effect.fn("MCP.authenticate")(function* (mcpName: string) {
-        const result = yield* startAuth(mcpName)
-        if (!result.authorizationUrl) {
-          const client = "client" in result ? result.client : undefined
-          const mcpConfig = yield* getMcpConfig(mcpName)
-          if (!mcpConfig) {
-            yield* Effect.tryPromise(() => client?.close() ?? Promise.resolve()).pipe(Effect.ignore)
-            return { status: "failed", error: "MCP config not found after auth" } as Status
-          }
-
-          const listed = client ? yield* defs(mcpName, client, mcpConfig.timeout) : undefined
-          if (!client || !listed) {
-            yield* Effect.tryPromise(() => client?.close() ?? Promise.resolve()).pipe(Effect.ignore)
-            return { status: "failed", error: "Failed to get tools" } as Status
-          }
-
-          const s = yield* InstanceState.get(state)
-          yield* auth.clearOAuthState(mcpName)
-          return yield* storeClient(s, mcpName, client, listed, mcpConfig.timeout)
-        }
-
-        log.info("opening browser for oauth", { mcpName, url: result.authorizationUrl, state: result.oauthState })
-
-        const callbackPromise = McpOAuthCallback.waitForCallback(result.oauthState, mcpName)
-
-        yield* Effect.tryPromise(() => open(result.authorizationUrl)).pipe(
-          Effect.flatMap((subprocess) =>
-            Effect.callback<void, Error>((resume) => {
-              const timer = setTimeout(() => resume(Effect.void), 500)
-              subprocess.on("error", (err) => {
-                clearTimeout(timer)
-                resume(Effect.fail(err))
-              })
-              subprocess.on("exit", (code) => {
-                if (code !== null && code !== 0) {
-                  clearTimeout(timer)
-                  resume(Effect.fail(new Error(`Browser open failed with exit code ${code}`)))
-                }
-              })
-            }),
-          ),
-          Effect.catch(() => {
-            log.warn("failed to open browser, user must open URL manually", { mcpName })
-            return bus.publish(BrowserOpenFailed, { mcpName, url: result.authorizationUrl }).pipe(Effect.ignore)
-          }),
-        )
-
-        const code = yield* Effect.promise(() => callbackPromise)
-
-        const storedState = yield* auth.getOAuthState(mcpName)
-        if (storedState !== result.oauthState) {
-          yield* auth.clearOAuthState(mcpName)
-          throw new Error("OAuth state mismatch - potential CSRF attack")
-        }
-        yield* auth.clearOAuthState(mcpName)
-        return yield* finishAuth(mcpName, code)
-      })
-
-      const finishAuth = Effect.fn("MCP.finishAuth")(function* (mcpName: string, authorizationCode: string) {
-        const transport = pendingOAuthTransports.get(mcpName)
-        if (!transport) throw new Error(`No pending OAuth flow for MCP server: ${mcpName}`)
-
-        const result = yield* Effect.tryPromise({
-          try: () => transport.finishAuth(authorizationCode).then(() => true as const),
-          catch: (error) => {
-            log.error("failed to finish oauth", { mcpName, error })
-            return error
-          },
-        }).pipe(Effect.option)
-
-        if (Option.isNone(result)) {
-          return { status: "failed", error: "OAuth completion failed" } as Status
-        }
-
-        yield* auth.clearCodeVerifier(mcpName)
-        pendingOAuthTransports.delete(mcpName)
-
-        const mcpConfig = yield* getMcpConfig(mcpName)
-        if (!mcpConfig) return { status: "failed", error: "MCP config not found after auth" } as Status
-
-        return yield* createAndStore(mcpName, mcpConfig)
-      })
-
-      const removeAuth = Effect.fn("MCP.removeAuth")(function* (mcpName: string) {
-        yield* auth.remove(mcpName)
-        McpOAuthCallback.cancelPending(mcpName)
-        pendingOAuthTransports.delete(mcpName)
-        log.info("removed oauth credentials", { mcpName })
-      })
-
-      const supportsOAuth = Effect.fn("MCP.supportsOAuth")(function* (mcpName: string) {
-        const mcpConfig = yield* getMcpConfig(mcpName)
-        if (!mcpConfig) return false
-        return mcpConfig.type === "remote" && mcpConfig.oauth !== false
-      })
-
-      const hasStoredTokens = Effect.fn("MCP.hasStoredTokens")(function* (mcpName: string) {
-        const entry = yield* auth.get(mcpName)
-        return !!entry?.tokens
-      })
-
-      const getAuthStatus = Effect.fn("MCP.getAuthStatus")(function* (mcpName: string) {
-        const entry = yield* auth.get(mcpName)
-        if (!entry?.tokens) return "not_authenticated" as AuthStatus
-        const expired = yield* auth.isTokenExpired(mcpName)
-        return (expired ? "expired" : "authenticated") as AuthStatus
-      })
-
-      return Service.of({
-        status,
-        clients,
-        tools,
-        prompts,
-        resources,
-        add,
-        connect,
-        disconnect,
-        getPrompt,
-        readResource,
-        startAuth,
-        authenticate,
-        finishAuth,
-        removeAuth,
-        supportsOAuth,
-        hasStoredTokens,
-        getAuthStatus,
-      })
-    }),
-  )
-
-  export type AuthStatus = "authenticated" | "expired" | "not_authenticated"
-
-  // --- Per-service runtime ---
-
-  export const defaultLayer = layer.pipe(
-    Layer.provide(McpAuth.layer),
-    Layer.provide(Bus.layer),
-    Layer.provide(Config.defaultLayer),
-    Layer.provide(CrossSpawnSpawner.defaultLayer),
-    Layer.provide(AppFileSystem.defaultLayer),
-  )
-}
+export * as MCP from "./mcp"

packages/opencode/src/mcp/mcp.ts

@@ -0,0 +1,923 @@
+import { dynamicTool, type Tool, jsonSchema, type JSONSchema7 } from "ai"
+import { Client } from "@modelcontextprotocol/sdk/client/index.js"
+import { StreamableHTTPClientTransport } from "@modelcontextprotocol/sdk/client/streamableHttp.js"
+import { SSEClientTransport } from "@modelcontextprotocol/sdk/client/sse.js"
+import { StdioClientTransport } from "@modelcontextprotocol/sdk/client/stdio.js"
+import { UnauthorizedError } from "@modelcontextprotocol/sdk/client/auth.js"
+import {
+  CallToolResultSchema,
+  type Tool as MCPToolDef,
+  ToolListChangedNotificationSchema,
+} from "@modelcontextprotocol/sdk/types.js"
+import { Config } from "../config"
+import { Log } from "../util/log"
+import { NamedError } from "@opencode-ai/shared/util/error"
+import z from "zod/v4"
+import { Instance } from "../project/instance"
+import { Installation } from "../installation"
+import { withTimeout } from "@/util/timeout"
+import { AppFileSystem } from "@opencode-ai/shared/filesystem"
+import { McpOAuthProvider } from "./oauth-provider"
+import { McpOAuthCallback } from "./oauth-callback"
+import { McpAuth } from "./auth"
+import { BusEvent } from "../bus/bus-event"
+import { Bus } from "@/bus"
+import { TuiEvent } from "@/cli/cmd/tui/event"
+import open from "open"
+import { Effect, Exit, Layer, Option, Context, Stream } from "effect"
+import { EffectBridge } from "@/effect/bridge"
+import { InstanceState } from "@/effect/instance-state"
+import { ChildProcess, ChildProcessSpawner } from "effect/unstable/process"
+import * as CrossSpawnSpawner from "@/effect/cross-spawn-spawner"
+
+const log = Log.create({ service: "mcp" })
+const DEFAULT_TIMEOUT = 30_000
+
+export const Resource = z
+  .object({
+    name: z.string(),
+    uri: z.string(),
+    description: z.string().optional(),
+    mimeType: z.string().optional(),
+    client: z.string(),
+  })
+  .meta({ ref: "McpResource" })
+export type Resource = z.infer<typeof Resource>
+
+export const ToolsChanged = BusEvent.define(
+  "mcp.tools.changed",
+  z.object({
+    server: z.string(),
+  }),
+)
+
+export const BrowserOpenFailed = BusEvent.define(
+  "mcp.browser.open.failed",
+  z.object({
+    mcpName: z.string(),
+    url: z.string(),
+  }),
+)
+
+export const Failed = NamedError.create(
+  "MCPFailed",
+  z.object({
+    name: z.string(),
+  }),
+)
+
+type MCPClient = Client
+
+export const Status = z
+  .discriminatedUnion("status", [
+    z
+      .object({
+        status: z.literal("connected"),
+      })
+      .meta({
+        ref: "MCPStatusConnected",
+      }),
+    z
+      .object({
+        status: z.literal("disabled"),
+      })
+      .meta({
+        ref: "MCPStatusDisabled",
+      }),
+    z
+      .object({
+        status: z.literal("failed"),
+        error: z.string(),
+      })
+      .meta({
+        ref: "MCPStatusFailed",
+      }),
+    z
+      .object({
+        status: z.literal("needs_auth"),
+      })
+      .meta({
+        ref: "MCPStatusNeedsAuth",
+      }),
+    z
+      .object({
+        status: z.literal("needs_client_registration"),
+        error: z.string(),
+      })
+      .meta({
+        ref: "MCPStatusNeedsClientRegistration",
+      }),
+  ])
+  .meta({
+    ref: "MCPStatus",
+  })
+export type Status = z.infer<typeof Status>
+
+// Store transports for OAuth servers to allow finishing auth
+type TransportWithAuth = StreamableHTTPClientTransport | SSEClientTransport
+const pendingOAuthTransports = new Map<string, TransportWithAuth>()
+
+// Prompt cache types
+type PromptInfo = Awaited<ReturnType<MCPClient["listPrompts"]>>["prompts"][number]
+type ResourceInfo = Awaited<ReturnType<MCPClient["listResources"]>>["resources"][number]
+type McpEntry = NonNullable<Config.Info["mcp"]>[string]
+
+function isMcpConfigured(entry: McpEntry): entry is Config.Mcp {
+  return typeof entry === "object" && entry !== null && "type" in entry
+}
+
+const sanitize = (s: string) => s.replace(/[^a-zA-Z0-9_-]/g, "_")
+
+// Convert MCP tool definition to AI SDK Tool type
+function convertMcpTool(mcpTool: MCPToolDef, client: MCPClient, timeout?: number): Tool {
+  const inputSchema = mcpTool.inputSchema
+
+  // Spread first, then override type to ensure it's always "object"
+  const schema: JSONSchema7 = {
+    ...(inputSchema as JSONSchema7),
+    type: "object",
+    properties: (inputSchema.properties ?? {}) as JSONSchema7["properties"],
+    additionalProperties: false,
+  }
+
+  return dynamicTool({
+    description: mcpTool.description ?? "",
+    inputSchema: jsonSchema(schema),
+    execute: async (args: unknown) => {
+      return client.callTool(
+        {
+          name: mcpTool.name,
+          arguments: (args || {}) as Record<string, unknown>,
+        },
+        CallToolResultSchema,
+        {
+          resetTimeoutOnProgress: true,
+          timeout,
+        },
+      )
+    },
+  })
+}
+
+function defs(key: string, client: MCPClient, timeout?: number) {
+  return Effect.tryPromise({
+    try: () => withTimeout(client.listTools(), timeout ?? DEFAULT_TIMEOUT),
+    catch: (err) => (err instanceof Error ? err : new Error(String(err))),
+  }).pipe(
+    Effect.map((result) => result.tools),
+    Effect.catch((err) => {
+      log.error("failed to get tools from client", { key, error: err })
+      return Effect.succeed(undefined)
+    }),
+  )
+}
+
+function fetchFromClient<T extends { name: string }>(
+  clientName: string,
+  client: Client,
+  listFn: (c: Client) => Promise<T[]>,
+  label: string,
+) {
+  return Effect.tryPromise({
+    try: () => listFn(client),
+    catch: (e: any) => {
+      log.error(`failed to get ${label}`, { clientName, error: e.message })
+      return e
+    },
+  }).pipe(
+    Effect.map((items) => {
+      const out: Record<string, T & { client: string }> = {}
+      const sanitizedClient = sanitize(clientName)
+      for (const item of items) {
+        out[sanitizedClient + ":" + sanitize(item.name)] = { ...item, client: clientName }
+      }
+      return out
+    }),
+    Effect.orElseSucceed(() => undefined),
+  )
+}
+
+interface CreateResult {
+  mcpClient?: MCPClient
+  status: Status
+  defs?: MCPToolDef[]
+}
+
+interface AuthResult {
+  authorizationUrl: string
+  oauthState: string
+  client?: MCPClient
+}
+
+// --- Effect Service ---
+
+interface State {
+  status: Record<string, Status>
+  clients: Record<string, MCPClient>
+  defs: Record<string, MCPToolDef[]>
+}
+
+export interface Interface {
+  readonly status: () => Effect.Effect<Record<string, Status>>
+  readonly clients: () => Effect.Effect<Record<string, MCPClient>>
+  readonly tools: () => Effect.Effect<Record<string, Tool>>
+  readonly prompts: () => Effect.Effect<Record<string, PromptInfo & { client: string }>>
+  readonly resources: () => Effect.Effect<Record<string, ResourceInfo & { client: string }>>
+  readonly add: (name: string, mcp: Config.Mcp) => Effect.Effect<{ status: Record<string, Status> | Status }>
+  readonly connect: (name: string) => Effect.Effect<void>
+  readonly disconnect: (name: string) => Effect.Effect<void>
+  readonly getPrompt: (
+    clientName: string,
+    name: string,
+    args?: Record<string, string>,
+  ) => Effect.Effect<Awaited<ReturnType<MCPClient["getPrompt"]>> | undefined>
+  readonly readResource: (
+    clientName: string,
+    resourceUri: string,
+  ) => Effect.Effect<Awaited<ReturnType<MCPClient["readResource"]>> | undefined>
+  readonly startAuth: (mcpName: string) => Effect.Effect<{ authorizationUrl: string; oauthState: string }>
+  readonly authenticate: (mcpName: string) => Effect.Effect<Status>
+  readonly finishAuth: (mcpName: string, authorizationCode: string) => Effect.Effect<Status>
+  readonly removeAuth: (mcpName: string) => Effect.Effect<void>
+  readonly supportsOAuth: (mcpName: string) => Effect.Effect<boolean>
+  readonly hasStoredTokens: (mcpName: string) => Effect.Effect<boolean>
+  readonly getAuthStatus: (mcpName: string) => Effect.Effect<AuthStatus>
+}
+
+export class Service extends Context.Service<Service, Interface>()("@opencode/MCP") {}
+
+export const layer = Layer.effect(
+  Service,
+  Effect.gen(function* () {
+    const spawner = yield* ChildProcessSpawner.ChildProcessSpawner
+    const auth = yield* McpAuth.Service
+    const bus = yield* Bus.Service
+
+    type Transport = StdioClientTransport | StreamableHTTPClientTransport | SSEClientTransport
+
+    /**
+     * Connect a client via the given transport with resource safety:
+     * on failure the transport is closed; on success the caller owns it.
+     */
+    const connectTransport = (transport: Transport, timeout: number) =>
+      Effect.acquireUseRelease(
+        Effect.succeed(transport),
+        (t) =>
+          Effect.tryPromise({
+            try: () => {
+              const client = new Client({ name: "opencode", version: Installation.VERSION })
+              return withTimeout(client.connect(t), timeout).then(() => client)
+            },
+            catch: (e) => (e instanceof Error ? e : new Error(String(e))),
+          }),
+        (t, exit) => (Exit.isFailure(exit) ? Effect.tryPromise(() => t.close()).pipe(Effect.ignore) : Effect.void),
+      )
+
+    const DISABLED_RESULT: CreateResult = { status: { status: "disabled" } }
+
+    const connectRemote = Effect.fn("MCP.connectRemote")(function* (key: string, mcp: Config.Mcp & { type: "remote" }) {
+      const oauthDisabled = mcp.oauth === false
+      const oauthConfig = typeof mcp.oauth === "object" ? mcp.oauth : undefined
+      let authProvider: McpOAuthProvider | undefined
+
+      if (!oauthDisabled) {
+        authProvider = new McpOAuthProvider(
+          key,
+          mcp.url,
+          {
+            clientId: oauthConfig?.clientId,
+            clientSecret: oauthConfig?.clientSecret,
+            scope: oauthConfig?.scope,
+            redirectUri: oauthConfig?.redirectUri,
+          },
+          {
+            onRedirect: async (url) => {
+              log.info("oauth redirect requested", { key, url: url.toString() })
+            },
+          },
+          auth,
+        )
+      }
+
+      const transports: Array<{ name: string; transport: TransportWithAuth }> = [
+        {
+          name: "StreamableHTTP",
+          transport: new StreamableHTTPClientTransport(new URL(mcp.url), {
+            authProvider,
+            requestInit: mcp.headers ? { headers: mcp.headers } : undefined,
+          }),
+        },
+        {
+          name: "SSE",
+          transport: new SSEClientTransport(new URL(mcp.url), {
+            authProvider,
+            requestInit: mcp.headers ? { headers: mcp.headers } : undefined,
+          }),
+        },
+      ]
+
+      const connectTimeout = mcp.timeout ?? DEFAULT_TIMEOUT
+      let lastStatus: Status | undefined
+
+      for (const { name, transport } of transports) {
+        const result = yield* connectTransport(transport, connectTimeout).pipe(
+          Effect.map((client) => ({ client, transportName: name })),
+          Effect.catch((error) => {
+            const lastError = error instanceof Error ? error : new Error(String(error))
+            const isAuthError =
+              error instanceof UnauthorizedError || (authProvider && lastError.message.includes("OAuth"))
+
+            if (isAuthError) {
+              log.info("mcp server requires authentication", { key, transport: name })
+
+              if (lastError.message.includes("registration") || lastError.message.includes("client_id")) {
+                lastStatus = {
+                  status: "needs_client_registration" as const,
+                  error: "Server does not support dynamic client registration. Please provide clientId in config.",
+                }
+                return bus
+                  .publish(TuiEvent.ToastShow, {
+                    title: "MCP Authentication Required",
+                    message: `Server "${key}" requires a pre-registered client ID. Add clientId to your config.`,
+                    variant: "warning",
+                    duration: 8000,
+                  })
+                  .pipe(Effect.ignore, Effect.as(undefined))
+              } else {
+                pendingOAuthTransports.set(key, transport)
+                lastStatus = { status: "needs_auth" as const }
+                return bus
+                  .publish(TuiEvent.ToastShow, {
+                    title: "MCP Authentication Required",
+                    message: `Server "${key}" requires authentication. Run: opencode mcp auth ${key}`,
+                    variant: "warning",
+                    duration: 8000,
+                  })
+                  .pipe(Effect.ignore, Effect.as(undefined))
+              }
+            }
+
+            log.debug("transport connection failed", {
+              key,
+              transport: name,
+              url: mcp.url,
+              error: lastError.message,
+            })
+            lastStatus = { status: "failed" as const, error: lastError.message }
+            return Effect.succeed(undefined)
+          }),
+        )
+        if (result) {
+          log.info("connected", { key, transport: result.transportName })
+          return { client: result.client as MCPClient | undefined, status: { status: "connected" } as Status }
+        }
+        // If this was an auth error, stop trying other transports
+        if (lastStatus?.status === "needs_auth" || lastStatus?.status === "needs_client_registration") break
+      }
+
+      return {
+        client: undefined as MCPClient | undefined,
+        status: (lastStatus ?? { status: "failed", error: "Unknown error" }) as Status,
+      }
+    })
+
+    const connectLocal = Effect.fn("MCP.connectLocal")(function* (key: string, mcp: Config.Mcp & { type: "local" }) {
+      const [cmd, ...args] = mcp.command
+      const cwd = Instance.directory
+      const transport = new StdioClientTransport({
+        stderr: "pipe",
+        command: cmd,
+        args,
+        cwd,
+        env: {
+          ...process.env,
+          ...(cmd === "opencode" ? { BUN_BE_BUN: "1" } : {}),
+          ...mcp.environment,
+        },
+      })
+      transport.stderr?.on("data", (chunk: Buffer) => {
+        log.info(`mcp stderr: ${chunk.toString()}`, { key })
+      })
+
+      const connectTimeout = mcp.timeout ?? DEFAULT_TIMEOUT
+      return yield* connectTransport(transport, connectTimeout).pipe(
+        Effect.map((client): { client: MCPClient | undefined; status: Status } => ({
+          client,
+          status: { status: "connected" },
+        })),
+        Effect.catch((error): Effect.Effect<{ client: MCPClient | undefined; status: Status }> => {
+          const msg = error instanceof Error ? error.message : String(error)
+          log.error("local mcp startup failed", { key, command: mcp.command, cwd, error: msg })
+          return Effect.succeed({ client: undefined, status: { status: "failed", error: msg } })
+        }),
+      )
+    })
+
+    const create = Effect.fn("MCP.create")(function* (key: string, mcp: Config.Mcp) {
+      if (mcp.enabled === false) {
+        log.info("mcp server disabled", { key })
+        return DISABLED_RESULT
+      }
+
+      log.info("found", { key, type: mcp.type })
+
+      const { client: mcpClient, status } =
+        mcp.type === "remote"
+          ? yield* connectRemote(key, mcp as Config.Mcp & { type: "remote" })
+          : yield* connectLocal(key, mcp as Config.Mcp & { type: "local" })
+
+      if (!mcpClient) {
+        return { status } satisfies CreateResult
+      }
+
+      const listed = yield* defs(key, mcpClient, mcp.timeout)
+      if (!listed) {
+        yield* Effect.tryPromise(() => mcpClient.close()).pipe(Effect.ignore)
+        return { status: { status: "failed", error: "Failed to get tools" } } satisfies CreateResult
+      }
+
+      log.info("create() successfully created client", { key, toolCount: listed.length })
+      return { mcpClient, status, defs: listed } satisfies CreateResult
+    })
+    const cfgSvc = yield* Config.Service
+
+    const descendants = Effect.fnUntraced(
+      function* (pid: number) {
+        if (process.platform === "win32") return [] as number[]
+        const pids: number[] = []
+        const queue = [pid]
+        while (queue.length > 0) {
+          const current = queue.shift()!
+          const handle = yield* spawner.spawn(ChildProcess.make("pgrep", ["-P", String(current)], { stdin: "ignore" }))
+          const text = yield* Stream.mkString(Stream.decodeText(handle.stdout))
+          yield* handle.exitCode
+          for (const tok of text.split("\n")) {
+            const cpid = parseInt(tok, 10)
+            if (!isNaN(cpid) && !pids.includes(cpid)) {
+              pids.push(cpid)
+              queue.push(cpid)
+            }
+          }
+        }
+        return pids
+      },
+      Effect.scoped,
+      Effect.catch(() => Effect.succeed([] as number[])),
+    )
+
+    function watch(s: State, name: string, client: MCPClient, bridge: EffectBridge.Shape, timeout?: number) {
+      client.setNotificationHandler(ToolListChangedNotificationSchema, async () => {
+        log.info("tools list changed notification received", { server: name })
+        if (s.clients[name] !== client || s.status[name]?.status !== "connected") return
+
+        const listed = await bridge.promise(defs(name, client, timeout))
+        if (!listed) return
+        if (s.clients[name] !== client || s.status[name]?.status !== "connected") return
+
+        s.defs[name] = listed
+        await bridge.promise(bus.publish(ToolsChanged, { server: name }).pipe(Effect.ignore))
+      })
+    }
+
+    const state = yield* InstanceState.make<State>(
+      Effect.fn("MCP.state")(function* () {
+        const cfg = yield* cfgSvc.get()
+        const bridge = yield* EffectBridge.make()
+        const config = cfg.mcp ?? {}
+        const s: State = {
+          status: {},
+          clients: {},
+          defs: {},
+        }
+
+        yield* Effect.forEach(
+          Object.entries(config),
+          ([key, mcp]) =>
+            Effect.gen(function* () {
+              if (!isMcpConfigured(mcp)) {
+                log.error("Ignoring MCP config entry without type", { key })
+                return
+              }
+
+              if (mcp.enabled === false) {
+                s.status[key] = { status: "disabled" }
+                return
+              }
+
+              const result = yield* create(key, mcp).pipe(Effect.catch(() => Effect.void))
+              if (!result) return
+
+              s.status[key] = result.status
+              if (result.mcpClient) {
+                s.clients[key] = result.mcpClient
+                s.defs[key] = result.defs!
+                watch(s, key, result.mcpClient, bridge, mcp.timeout)
+              }
+            }),
+          { concurrency: "unbounded" },
+        )
+
+        yield* Effect.addFinalizer(() =>
+          Effect.gen(function* () {
+            yield* Effect.forEach(
+              Object.values(s.clients),
+              (client) =>
+                Effect.gen(function* () {
+                  const pid = (client.transport as any)?.pid
+                  if (typeof pid === "number") {
+                    const pids = yield* descendants(pid)
+                    for (const dpid of pids) {
+                      try {
+                        process.kill(dpid, "SIGTERM")
+                      } catch {}
+                    }
+                  }
+                  yield* Effect.tryPromise(() => client.close()).pipe(Effect.ignore)
+                }),
+              { concurrency: "unbounded" },
+            )
+            pendingOAuthTransports.clear()
+          }),
+        )
+
+        return s
+      }),
+    )
+
+    function closeClient(s: State, name: string) {
+      const client = s.clients[name]
+      delete s.defs[name]
+      if (!client) return Effect.void
+      return Effect.tryPromise(() => client.close()).pipe(Effect.ignore)
+    }
+
+    const storeClient = Effect.fnUntraced(function* (
+      s: State,
+      name: string,
+      client: MCPClient,
+      listed: MCPToolDef[],
+      timeout?: number,
+    ) {
+      const bridge = yield* EffectBridge.make()
+      yield* closeClient(s, name)
+      s.status[name] = { status: "connected" }
+      s.clients[name] = client
+      s.defs[name] = listed
+      watch(s, name, client, bridge, timeout)
+      return s.status[name]
+    })
+
+    const status = Effect.fn("MCP.status")(function* () {
+      const s = yield* InstanceState.get(state)
+
+      const cfg = yield* cfgSvc.get()
+      const config = cfg.mcp ?? {}
+      const result: Record<string, Status> = {}
+
+      for (const [key, mcp] of Object.entries(config)) {
+        if (!isMcpConfigured(mcp)) continue
+        result[key] = s.status[key] ?? { status: "disabled" }
+      }
+
+      return result
+    })
+
+    const clients = Effect.fn("MCP.clients")(function* () {
+      const s = yield* InstanceState.get(state)
+      return s.clients
+    })
+
+    const createAndStore = Effect.fn("MCP.createAndStore")(function* (name: string, mcp: Config.Mcp) {
+      const s = yield* InstanceState.get(state)
+      const result = yield* create(name, mcp)
+
+      s.status[name] = result.status
+      if (!result.mcpClient) {
+        yield* closeClient(s, name)
+        delete s.clients[name]
+        return result.status
+      }
+
+      return yield* storeClient(s, name, result.mcpClient, result.defs!, mcp.timeout)
+    })
+
+    const add = Effect.fn("MCP.add")(function* (name: string, mcp: Config.Mcp) {
+      yield* createAndStore(name, mcp)
+      const s = yield* InstanceState.get(state)
+      return { status: s.status }
+    })
+
+    const connect = Effect.fn("MCP.connect")(function* (name: string) {
+      const mcp = yield* getMcpConfig(name)
+      if (!mcp) {
+        log.error("MCP config not found or invalid", { name })
+        return
+      }
+      yield* createAndStore(name, { ...mcp, enabled: true })
+    })
+
+    const disconnect = Effect.fn("MCP.disconnect")(function* (name: string) {
+      const s = yield* InstanceState.get(state)
+      yield* closeClient(s, name)
+      delete s.clients[name]
+      s.status[name] = { status: "disabled" }
+    })
+
+    const tools = Effect.fn("MCP.tools")(function* () {
+      const result: Record<string, Tool> = {}
+      const s = yield* InstanceState.get(state)
+
+      const cfg = yield* cfgSvc.get()
+      const config = cfg.mcp ?? {}
+      const defaultTimeout = cfg.experimental?.mcp_timeout
+
+      const connectedClients = Object.entries(s.clients).filter(
+        ([clientName]) => s.status[clientName]?.status === "connected",
+      )
+
+      yield* Effect.forEach(
+        connectedClients,
+        ([clientName, client]) =>
+          Effect.gen(function* () {
+            const mcpConfig = config[clientName]
+            const entry = mcpConfig && isMcpConfigured(mcpConfig) ? mcpConfig : undefined
+
+            const listed = s.defs[clientName]
+            if (!listed) {
+              log.warn("missing cached tools for connected server", { clientName })
+              return
+            }
+
+            const timeout = entry?.timeout ?? defaultTimeout
+            for (const mcpTool of listed) {
+              result[sanitize(clientName) + "_" + sanitize(mcpTool.name)] = convertMcpTool(mcpTool, client, timeout)
+            }
+          }),
+        { concurrency: "unbounded" },
+      )
+      return result
+    })
+
+    function collectFromConnected<T extends { name: string }>(
+      s: State,
+      listFn: (c: Client) => Promise<T[]>,
+      label: string,
+    ) {
+      return Effect.forEach(
+        Object.entries(s.clients).filter(([name]) => s.status[name]?.status === "connected"),
+        ([clientName, client]) =>
+          fetchFromClient(clientName, client, listFn, label).pipe(Effect.map((items) => Object.entries(items ?? {}))),
+        { concurrency: "unbounded" },
+      ).pipe(Effect.map((results) => Object.fromEntries<T & { client: string }>(results.flat())))
+    }
+
+    const prompts = Effect.fn("MCP.prompts")(function* () {
+      const s = yield* InstanceState.get(state)
+      return yield* collectFromConnected(s, (c) => c.listPrompts().then((r) => r.prompts), "prompts")
+    })
+
+    const resources = Effect.fn("MCP.resources")(function* () {
+      const s = yield* InstanceState.get(state)
+      return yield* collectFromConnected(s, (c) => c.listResources().then((r) => r.resources), "resources")
+    })
+
+    const withClient = Effect.fnUntraced(function* <A>(
+      clientName: string,
+      fn: (client: MCPClient) => Promise<A>,
+      label: string,
+      meta?: Record<string, unknown>,
+    ) {
+      const s = yield* InstanceState.get(state)
+      const client = s.clients[clientName]
+      if (!client) {
+        log.warn(`client not found for ${label}`, { clientName })
+        return undefined
+      }
+      return yield* Effect.tryPromise({
+        try: () => fn(client),
+        catch: (e: any) => {
+          log.error(`failed to ${label}`, { clientName, ...meta, error: e?.message })
+          return e
+        },
+      }).pipe(Effect.orElseSucceed(() => undefined))
+    })
+
+    const getPrompt = Effect.fn("MCP.getPrompt")(function* (
+      clientName: string,
+      name: string,
+      args?: Record<string, string>,
+    ) {
+      return yield* withClient(clientName, (client) => client.getPrompt({ name, arguments: args }), "getPrompt", {
+        promptName: name,
+      })
+    })
+
+    const readResource = Effect.fn("MCP.readResource")(function* (clientName: string, resourceUri: string) {
+      return yield* withClient(clientName, (client) => client.readResource({ uri: resourceUri }), "readResource", {
+        resourceUri,
+      })
+    })
+
+    const getMcpConfig = Effect.fnUntraced(function* (mcpName: string) {
+      const cfg = yield* cfgSvc.get()
+      const mcpConfig = cfg.mcp?.[mcpName]
+      if (!mcpConfig || !isMcpConfigured(mcpConfig)) return undefined
+      return mcpConfig
+    })
+
+    const startAuth = Effect.fn("MCP.startAuth")(function* (mcpName: string) {
+      const mcpConfig = yield* getMcpConfig(mcpName)
+      if (!mcpConfig) throw new Error(`MCP server ${mcpName} not found or disabled`)
+      if (mcpConfig.type !== "remote") throw new Error(`MCP server ${mcpName} is not a remote server`)
+      if (mcpConfig.oauth === false) throw new Error(`MCP server ${mcpName} has OAuth explicitly disabled`)
+
+      // OAuth config is optional - if not provided, we'll use auto-discovery
+      const oauthConfig = typeof mcpConfig.oauth === "object" ? mcpConfig.oauth : undefined
+
+      // Start the callback server with custom redirectUri if configured
+      yield* Effect.promise(() => McpOAuthCallback.ensureRunning(oauthConfig?.redirectUri))
+
+      const oauthState = Array.from(crypto.getRandomValues(new Uint8Array(32)))
+        .map((b) => b.toString(16).padStart(2, "0"))
+        .join("")
+      yield* auth.updateOAuthState(mcpName, oauthState)
+      let capturedUrl: URL | undefined
+      const authProvider = new McpOAuthProvider(
+        mcpName,
+        mcpConfig.url,
+        {
+          clientId: oauthConfig?.clientId,
+          clientSecret: oauthConfig?.clientSecret,
+          scope: oauthConfig?.scope,
+          redirectUri: oauthConfig?.redirectUri,
+        },
+        {
+          onRedirect: async (url) => {
+            capturedUrl = url
+          },
+        },
+        auth,
+      )
+
+      const transport = new StreamableHTTPClientTransport(new URL(mcpConfig.url), { authProvider })
+
+      return yield* Effect.tryPromise({
+        try: () => {
+          const client = new Client({ name: "opencode", version: Installation.VERSION })
+          return client
+            .connect(transport)
+            .then(() => ({ authorizationUrl: "", oauthState, client }) satisfies AuthResult)
+        },
+        catch: (error) => error,
+      }).pipe(
+        Effect.catch((error) => {
+          if (error instanceof UnauthorizedError && capturedUrl) {
+            pendingOAuthTransports.set(mcpName, transport)
+            return Effect.succeed({ authorizationUrl: capturedUrl.toString(), oauthState } satisfies AuthResult)
+          }
+          return Effect.die(error)
+        }),
+      )
+    })
+
+    const authenticate = Effect.fn("MCP.authenticate")(function* (mcpName: string) {
+      const result = yield* startAuth(mcpName)
+      if (!result.authorizationUrl) {
+        const client = "client" in result ? result.client : undefined
+        const mcpConfig = yield* getMcpConfig(mcpName)
+        if (!mcpConfig) {
+          yield* Effect.tryPromise(() => client?.close() ?? Promise.resolve()).pipe(Effect.ignore)
+          return { status: "failed", error: "MCP config not found after auth" } as Status
+        }
+
+        const listed = client ? yield* defs(mcpName, client, mcpConfig.timeout) : undefined
+        if (!client || !listed) {
+          yield* Effect.tryPromise(() => client?.close() ?? Promise.resolve()).pipe(Effect.ignore)
+          return { status: "failed", error: "Failed to get tools" } as Status
+        }
+
+        const s = yield* InstanceState.get(state)
+        yield* auth.clearOAuthState(mcpName)
+        return yield* storeClient(s, mcpName, client, listed, mcpConfig.timeout)
+      }
+
+      log.info("opening browser for oauth", { mcpName, url: result.authorizationUrl, state: result.oauthState })
+
+      const callbackPromise = McpOAuthCallback.waitForCallback(result.oauthState, mcpName)
+
+      yield* Effect.tryPromise(() => open(result.authorizationUrl)).pipe(
+        Effect.flatMap((subprocess) =>
+          Effect.callback<void, Error>((resume) => {
+            const timer = setTimeout(() => resume(Effect.void), 500)
+            subprocess.on("error", (err) => {
+              clearTimeout(timer)
+              resume(Effect.fail(err))
+            })
+            subprocess.on("exit", (code) => {
+              if (code !== null && code !== 0) {
+                clearTimeout(timer)
+                resume(Effect.fail(new Error(`Browser open failed with exit code ${code}`)))
+              }
+            })
+          }),
+        ),
+        Effect.catch(() => {
+          log.warn("failed to open browser, user must open URL manually", { mcpName })
+          return bus.publish(BrowserOpenFailed, { mcpName, url: result.authorizationUrl }).pipe(Effect.ignore)
+        }),
+      )
+
+      const code = yield* Effect.promise(() => callbackPromise)
+
+      const storedState = yield* auth.getOAuthState(mcpName)
+      if (storedState !== result.oauthState) {
+        yield* auth.clearOAuthState(mcpName)
+        throw new Error("OAuth state mismatch - potential CSRF attack")
+      }
+      yield* auth.clearOAuthState(mcpName)
+      return yield* finishAuth(mcpName, code)
+    })
+
+    const finishAuth = Effect.fn("MCP.finishAuth")(function* (mcpName: string, authorizationCode: string) {
+      const transport = pendingOAuthTransports.get(mcpName)
+      if (!transport) throw new Error(`No pending OAuth flow for MCP server: ${mcpName}`)
+
+      const result = yield* Effect.tryPromise({
+        try: () => transport.finishAuth(authorizationCode).then(() => true as const),
+        catch: (error) => {
+          log.error("failed to finish oauth", { mcpName, error })
+          return error
+        },
+      }).pipe(Effect.option)
+
+      if (Option.isNone(result)) {
+        return { status: "failed", error: "OAuth completion failed" } as Status
+      }
+
+      yield* auth.clearCodeVerifier(mcpName)
+      pendingOAuthTransports.delete(mcpName)
+
+      const mcpConfig = yield* getMcpConfig(mcpName)
+      if (!mcpConfig) return { status: "failed", error: "MCP config not found after auth" } as Status
+
+      return yield* createAndStore(mcpName, mcpConfig)
+    })
+
+    const removeAuth = Effect.fn("MCP.removeAuth")(function* (mcpName: string) {
+      yield* auth.remove(mcpName)
+      McpOAuthCallback.cancelPending(mcpName)
+      pendingOAuthTransports.delete(mcpName)
+      log.info("removed oauth credentials", { mcpName })
+    })
+
+    const supportsOAuth = Effect.fn("MCP.supportsOAuth")(function* (mcpName: string) {
+      const mcpConfig = yield* getMcpConfig(mcpName)
+      if (!mcpConfig) return false
+      return mcpConfig.type === "remote" && mcpConfig.oauth !== false
+    })
+
+    const hasStoredTokens = Effect.fn("MCP.hasStoredTokens")(function* (mcpName: string) {
+      const entry = yield* auth.get(mcpName)
+      return !!entry?.tokens
+    })
+
+    const getAuthStatus = Effect.fn("MCP.getAuthStatus")(function* (mcpName: string) {
+      const entry = yield* auth.get(mcpName)
+      if (!entry?.tokens) return "not_authenticated" as AuthStatus
+      const expired = yield* auth.isTokenExpired(mcpName)
+      return (expired ? "expired" : "authenticated") as AuthStatus
+    })
+
+    return Service.of({
+      status,
+      clients,
+      tools,
+      prompts,
+      resources,
+      add,
+      connect,
+      disconnect,
+      getPrompt,
+      readResource,
+      startAuth,
+      authenticate,
+      finishAuth,
+      removeAuth,
+      supportsOAuth,
+      hasStoredTokens,
+      getAuthStatus,
+    })
+  }),
+)
+
+export type AuthStatus = "authenticated" | "expired" | "not_authenticated"
+
+// --- Per-service runtime ---
+
+export const defaultLayer = layer.pipe(
+  Layer.provide(McpAuth.layer),
+  Layer.provide(Bus.layer),
+  Layer.provide(Config.defaultLayer),
+  Layer.provide(CrossSpawnSpawner.defaultLayer),
+  Layer.provide(AppFileSystem.defaultLayer),
+)

packages/opencode/src/mcp/oauth-callback.ts

@@ -218,7 +218,7 @@ export namespace McpOAuthCallback {
       log.info("oauth callback server stopped")
     }
 
-    for (const [name, pending] of pendingAuths) {
+    for (const [_name, pending] of pendingAuths) {
       clearTimeout(pending.timeout)
       pending.reject(new Error("OAuth callback server stopped"))
     }

packages/opencode/src/provider/auth.ts

@@ -2,70 +2,62 @@ import type { AuthOAuthResult, Hooks } from "@opencode-ai/plugin"
 import { NamedError } from "@opencode-ai/shared/util/error"
 import { Auth } from "@/auth"
 import { InstanceState } from "@/effect/instance-state"
+import { zod } from "@/util/effect-zod"
+import { withStatics } from "@/util/schema"
 import { Plugin } from "../plugin"
 import { ProviderID } from "./schema"
-import { Array as Arr, Effect, Layer, Record, Result, Context } from "effect"
+import { Array as Arr, Effect, Layer, Record, Result, Context, Schema } from "effect"
 import z from "zod"
 
 export namespace ProviderAuth {
-  export const Method = z
-    .object({
-      type: z.union([z.literal("oauth"), z.literal("api")]),
-      label: z.string(),
-      prompts: z
-        .array(
-          z.union([
-            z.object({
-              type: z.literal("text"),
-              key: z.string(),
-              message: z.string(),
-              placeholder: z.string().optional(),
-              when: z
-                .object({
-                  key: z.string(),
-                  op: z.union([z.literal("eq"), z.literal("neq")]),
-                  value: z.string(),
-                })
-                .optional(),
-            }),
-            z.object({
-              type: z.literal("select"),
-              key: z.string(),
-              message: z.string(),
-              options: z.array(
-                z.object({
-                  label: z.string(),
-                  value: z.string(),
-                  hint: z.string().optional(),
-                }),
-              ),
-              when: z
-                .object({
-                  key: z.string(),
-                  op: z.union([z.literal("eq"), z.literal("neq")]),
-                  value: z.string(),
-                })
-                .optional(),
-            }),
-          ]),
-        )
-        .optional(),
-    })
-    .meta({
-      ref: "ProviderAuthMethod",
-    })
-  export type Method = z.infer<typeof Method>
+  const When = Schema.Struct({
+    key: Schema.String,
+    op: Schema.Literals(["eq", "neq"]),
+    value: Schema.String,
+  })
 
-  export const Authorization = z
-    .object({
-      url: z.string(),
-      method: z.union([z.literal("auto"), z.literal("code")]),
-      instructions: z.string(),
-    })
-    .meta({
-      ref: "ProviderAuthAuthorization",
-    })
-  export type Authorization = z.infer<typeof Authorization>
+  const TextPrompt = Schema.Struct({
+    type: Schema.Literal("text"),
+    key: Schema.String,
+    message: Schema.String,
+    placeholder: Schema.optional(Schema.String),
+    when: Schema.optional(When),
+  })
+
+  const SelectOption = Schema.Struct({
+    label: Schema.String,
+    value: Schema.String,
+    hint: Schema.optional(Schema.String),
+  })
+
+  const SelectPrompt = Schema.Struct({
+    type: Schema.Literal("select"),
+    key: Schema.String,
+    message: Schema.String,
+    options: Schema.Array(SelectOption),
+    when: Schema.optional(When),
+  })
+
+  const Prompt = Schema.Union([TextPrompt, SelectPrompt])
+
+  export class Method extends Schema.Class<Method>("ProviderAuthMethod")({
+    type: Schema.Literals(["oauth", "api"]),
+    label: Schema.String,
+    prompts: Schema.optional(Schema.Array(Prompt)),
+  }) {
+    static readonly zod = zod(this)
+  }
+
+  export const Methods = Schema.Record(Schema.String, Schema.Array(Method)).pipe(withStatics((s) => ({ zod: zod(s) })))
+  export type Methods = typeof Methods.Type
+
+  export class Authorization extends Schema.Class<Authorization>("ProviderAuthAuthorization")({
+    url: Schema.String,
+    method: Schema.Literals(["auto", "code"]),
+    instructions: Schema.String,
+  }) {
+    static readonly zod = zod(this)
+  }
 
   export const OauthMissing = NamedError.create("ProviderAuthOauthMissing", z.object({ providerID: ProviderID.zod }))
 
@@ -94,7 +86,7 @@ export namespace ProviderAuth {
   type Hook = NonNullable<Hooks["auth"]>
 
   export interface Interface {
-    readonly methods: () => Effect.Effect<Record<ProviderID, Method[]>>
+    readonly methods: () => Effect.Effect<Methods>
     readonly authorize: (input: {
       providerID: ProviderID
       method: number
@@ -131,11 +123,12 @@ export namespace ProviderAuth {
         }),
       )
 
+      const decode = Schema.decodeUnknownSync(Methods)
       const methods = Effect.fn("ProviderAuth.methods")(function* () {
         const hooks = (yield* InstanceState.get(state)).hooks
-        return Record.map(hooks, (item) =>
-          item.methods.map(
-            (method): Method => ({
+        return decode(
+          Record.map(hooks, (item) =>
+            item.methods.map((method) => ({
               type: method.type,
               label: method.label,
               prompts: method.prompts?.map((prompt) => {
@@ -156,7 +149,7 @@ export namespace ProviderAuth {
                   when: prompt.when,
                 }
               }),
-            }),
+            })),
           ),
         )
       })

packages/opencode/src/provider/index.ts

@@ -0,0 +1 @@
+export * as Provider from "./provider"

packages/opencode/src/provider/schema.ts

@@ -30,7 +30,7 @@ const modelIdSchema = Schema.String.pipe(Schema.brand("ModelID"))
 export type ModelID = typeof modelIdSchema.Type
 
 export const ModelID = modelIdSchema.pipe(
-  withStatics((schema: typeof modelIdSchema) => ({
+  withStatics((_schema: typeof modelIdSchema) => ({
     zod: z.string().pipe(z.custom<ModelID>()),
   })),
 )

packages/opencode/src/provider/transform.ts

@@ -2,7 +2,7 @@ import type { ModelMessage } from "ai"
 import { mergeDeep, unique } from "remeda"
 import type { JSONSchema7 } from "@ai-sdk/provider"
 import type { JSONSchema } from "zod/v4/core"
-import type { Provider } from "./provider"
+import type { Provider } from "."
 import type { ModelsDev } from "./models"
 import { iife } from "@/util/iife"
 import { Flag } from "@/flag/flag"
@@ -49,7 +49,7 @@ export namespace ProviderTransform {
   function normalizeMessages(
     msgs: ModelMessage[],
     model: Provider.Model,
-    options: Record<string, unknown>,
+    _options: Record<string, unknown>,
   ): ModelMessage[] {
     // Anthropic rejects messages with empty content - filter out empty string messages
     // and remove empty text/reasoning parts from array content

packages/opencode/src/question/index.ts

@@ -1,229 +1 @@
-import { Deferred, Effect, Layer, Schema, Context } from "effect"
-import { Bus } from "@/bus"
-import { BusEvent } from "@/bus/bus-event"
-import { InstanceState } from "@/effect/instance-state"
-import { SessionID, MessageID } from "@/session/schema"
-import { zod } from "@/util/effect-zod"
-import { Log } from "@/util/log"
-import { withStatics } from "@/util/schema"
-import { QuestionID } from "./schema"
-
-export namespace Question {
-  const log = Log.create({ service: "question" })
-
-  // Schemas
-
-  export class Option extends Schema.Class<Option>("QuestionOption")({
-    label: Schema.String.annotate({
-      description: "Display text (1-5 words, concise)",
-    }),
-    description: Schema.String.annotate({
-      description: "Explanation of choice",
-    }),
-  }) {
-    static readonly zod = zod(this)
-  }
-
-  const base = {
-    question: Schema.String.annotate({
-      description: "Complete question",
-    }),
-    header: Schema.String.annotate({
-      description: "Very short label (max 30 chars)",
-    }),
-    options: Schema.Array(Option).annotate({
-      description: "Available choices",
-    }),
-    multiple: Schema.optional(Schema.Boolean).annotate({
-      description: "Allow selecting multiple choices",
-    }),
-  }
-
-  export class Info extends Schema.Class<Info>("QuestionInfo")({
-    ...base,
-    custom: Schema.optional(Schema.Boolean).annotate({
-      description: "Allow typing a custom answer (default: true)",
-    }),
-  }) {
-    static readonly zod = zod(this)
-  }
-
-  export class Prompt extends Schema.Class<Prompt>("QuestionPrompt")(base) {
-    static readonly zod = zod(this)
-  }
-
-  export class Tool extends Schema.Class<Tool>("QuestionTool")({
-    messageID: MessageID,
-    callID: Schema.String,
-  }) {
-    static readonly zod = zod(this)
-  }
-
-  export class Request extends Schema.Class<Request>("QuestionRequest")({
-    id: QuestionID,
-    sessionID: SessionID,
-    questions: Schema.Array(Info).annotate({
-      description: "Questions to ask",
-    }),
-    tool: Schema.optional(Tool),
-  }) {
-    static readonly zod = zod(this)
-  }
-
-  export const Answer = Schema.Array(Schema.String)
-    .annotate({ identifier: "QuestionAnswer" })
-    .pipe(withStatics((s) => ({ zod: zod(s) })))
-  export type Answer = Schema.Schema.Type<typeof Answer>
-
-  export class Reply extends Schema.Class<Reply>("QuestionReply")({
-    answers: Schema.Array(Answer).annotate({
-      description: "User answers in order of questions (each answer is an array of selected labels)",
-    }),
-  }) {
-    static readonly zod = zod(this)
-  }
-
-  class Replied extends Schema.Class<Replied>("QuestionReplied")({
-    sessionID: SessionID,
-    requestID: QuestionID,
-    answers: Schema.Array(Answer),
-  }) {}
-
-  class Rejected extends Schema.Class<Rejected>("QuestionRejected")({
-    sessionID: SessionID,
-    requestID: QuestionID,
-  }) {}
-
-  export const Event = {
-    Asked: BusEvent.define("question.asked", Request.zod),
-    Replied: BusEvent.define("question.replied", zod(Replied)),
-    Rejected: BusEvent.define("question.rejected", zod(Rejected)),
-  }
-
-  export class RejectedError extends Schema.TaggedErrorClass<RejectedError>()("QuestionRejectedError", {}) {
-    override get message() {
-      return "The user dismissed this question"
-    }
-  }
-
-  interface PendingEntry {
-    info: Request
-    deferred: Deferred.Deferred<ReadonlyArray<Answer>, RejectedError>
-  }
-
-  interface State {
-    pending: Map<QuestionID, PendingEntry>
-  }
-
-  // Service
-
-  export interface Interface {
-    readonly ask: (input: {
-      sessionID: SessionID
-      questions: ReadonlyArray<Info>
-      tool?: Tool
-    }) => Effect.Effect<ReadonlyArray<Answer>, RejectedError>
-    readonly reply: (input: { requestID: QuestionID; answers: ReadonlyArray<Answer> }) => Effect.Effect<void>
-    readonly reject: (requestID: QuestionID) => Effect.Effect<void>
-    readonly list: () => Effect.Effect<ReadonlyArray<Request>>
-  }
-
-  export class Service extends Context.Service<Service, Interface>()("@opencode/Question") {}
-
-  export const layer = Layer.effect(
-    Service,
-    Effect.gen(function* () {
-      const bus = yield* Bus.Service
-      const state = yield* InstanceState.make<State>(
-        Effect.fn("Question.state")(function* () {
-          const state = {
-            pending: new Map<QuestionID, PendingEntry>(),
-          }
-
-          yield* Effect.addFinalizer(() =>
-            Effect.gen(function* () {
-              for (const item of state.pending.values()) {
-                yield* Deferred.fail(item.deferred, new RejectedError())
-              }
-              state.pending.clear()
-            }),
-          )
-
-          return state
-        }),
-      )
-
-      const ask = Effect.fn("Question.ask")(function* (input: {
-        sessionID: SessionID
-        questions: ReadonlyArray<Info>
-        tool?: Tool
-      }) {
-        const pending = (yield* InstanceState.get(state)).pending
-        const id = QuestionID.ascending()
-        log.info("asking", { id, questions: input.questions.length })
-
-        const deferred = yield* Deferred.make<ReadonlyArray<Answer>, RejectedError>()
-        const info = Schema.decodeUnknownSync(Request)({
-          id,
-          sessionID: input.sessionID,
-          questions: input.questions,
-          tool: input.tool,
-        })
-        pending.set(id, { info, deferred })
-        yield* bus.publish(Event.Asked, info)
-
-        return yield* Effect.ensuring(
-          Deferred.await(deferred),
-          Effect.sync(() => {
-            pending.delete(id)
-          }),
-        )
-      })
-
-      const reply = Effect.fn("Question.reply")(function* (input: {
-        requestID: QuestionID
-        answers: ReadonlyArray<Answer>
-      }) {
-        const pending = (yield* InstanceState.get(state)).pending
-        const existing = pending.get(input.requestID)
-        if (!existing) {
-          log.warn("reply for unknown request", { requestID: input.requestID })
-          return
-        }
-        pending.delete(input.requestID)
-        log.info("replied", { requestID: input.requestID, answers: input.answers })
-        yield* bus.publish(Event.Replied, {
-          sessionID: existing.info.sessionID,
-          requestID: existing.info.id,
-          answers: input.answers,
-        })
-        yield* Deferred.succeed(existing.deferred, input.answers)
-      })
-
-      const reject = Effect.fn("Question.reject")(function* (requestID: QuestionID) {
-        const pending = (yield* InstanceState.get(state)).pending
-        const existing = pending.get(requestID)
-        if (!existing) {
-          log.warn("reject for unknown request", { requestID })
-          return
-        }
-        pending.delete(requestID)
-        log.info("rejected", { requestID })
-        yield* bus.publish(Event.Rejected, {
-          sessionID: existing.info.sessionID,
-          requestID: existing.info.id,
-        })
-        yield* Deferred.fail(existing.deferred, new RejectedError())
-      })
-
-      const list = Effect.fn("Question.list")(function* () {
-        const pending = (yield* InstanceState.get(state)).pending
-        return Array.from(pending.values(), (x) => x.info)
-      })
-
-      return Service.of({ ask, reply, reject, list })
-    }),
-  )
-
-  export const defaultLayer = layer.pipe(Layer.provide(Bus.layer))
-}
+export * as Question from "./question"

packages/opencode/src/question/question.ts

@@ -0,0 +1,227 @@
+import { Deferred, Effect, Layer, Schema, Context } from "effect"
+import { Bus } from "@/bus"
+import { BusEvent } from "@/bus/bus-event"
+import { InstanceState } from "@/effect/instance-state"
+import { SessionID, MessageID } from "@/session/schema"
+import { zod } from "@/util/effect-zod"
+import { Log } from "@/util/log"
+import { withStatics } from "@/util/schema"
+import { QuestionID } from "./schema"
+
+const log = Log.create({ service: "question" })
+
+// Schemas
+
+export class Option extends Schema.Class<Option>("QuestionOption")({
+  label: Schema.String.annotate({
+    description: "Display text (1-5 words, concise)",
+  }),
+  description: Schema.String.annotate({
+    description: "Explanation of choice",
+  }),
+}) {
+  static readonly zod = zod(this)
+}
+
+const base = {
+  question: Schema.String.annotate({
+    description: "Complete question",
+  }),
+  header: Schema.String.annotate({
+    description: "Very short label (max 30 chars)",
+  }),
+  options: Schema.Array(Option).annotate({
+    description: "Available choices",
+  }),
+  multiple: Schema.optional(Schema.Boolean).annotate({
+    description: "Allow selecting multiple choices",
+  }),
+}
+
+export class Info extends Schema.Class<Info>("QuestionInfo")({
+  ...base,
+  custom: Schema.optional(Schema.Boolean).annotate({
+    description: "Allow typing a custom answer (default: true)",
+  }),
+}) {
+  static readonly zod = zod(this)
+}
+
+export class Prompt extends Schema.Class<Prompt>("QuestionPrompt")(base) {
+  static readonly zod = zod(this)
+}
+
+export class Tool extends Schema.Class<Tool>("QuestionTool")({
+  messageID: MessageID,
+  callID: Schema.String,
+}) {
+  static readonly zod = zod(this)
+}
+
+export class Request extends Schema.Class<Request>("QuestionRequest")({
+  id: QuestionID,
+  sessionID: SessionID,
+  questions: Schema.Array(Info).annotate({
+    description: "Questions to ask",
+  }),
+  tool: Schema.optional(Tool),
+}) {
+  static readonly zod = zod(this)
+}
+
+export const Answer = Schema.Array(Schema.String)
+  .annotate({ identifier: "QuestionAnswer" })
+  .pipe(withStatics((s) => ({ zod: zod(s) })))
+export type Answer = Schema.Schema.Type<typeof Answer>
+
+export class Reply extends Schema.Class<Reply>("QuestionReply")({
+  answers: Schema.Array(Answer).annotate({
+    description: "User answers in order of questions (each answer is an array of selected labels)",
+  }),
+}) {
+  static readonly zod = zod(this)
+}
+
+class Replied extends Schema.Class<Replied>("QuestionReplied")({
+  sessionID: SessionID,
+  requestID: QuestionID,
+  answers: Schema.Array(Answer),
+}) {}
+
+class Rejected extends Schema.Class<Rejected>("QuestionRejected")({
+  sessionID: SessionID,
+  requestID: QuestionID,
+}) {}
+
+export const Event = {
+  Asked: BusEvent.define("question.asked", Request.zod),
+  Replied: BusEvent.define("question.replied", zod(Replied)),
+  Rejected: BusEvent.define("question.rejected", zod(Rejected)),
+}
+
+export class RejectedError extends Schema.TaggedErrorClass<RejectedError>()("QuestionRejectedError", {}) {
+  override get message() {
+    return "The user dismissed this question"
+  }
+}
+
+interface PendingEntry {
+  info: Request
+  deferred: Deferred.Deferred<ReadonlyArray<Answer>, RejectedError>
+}
+
+interface State {
+  pending: Map<QuestionID, PendingEntry>
+}
+
+// Service
+
+export interface Interface {
+  readonly ask: (input: {
+    sessionID: SessionID
+    questions: ReadonlyArray<Info>
+    tool?: Tool
+  }) => Effect.Effect<ReadonlyArray<Answer>, RejectedError>
+  readonly reply: (input: { requestID: QuestionID; answers: ReadonlyArray<Answer> }) => Effect.Effect<void>
+  readonly reject: (requestID: QuestionID) => Effect.Effect<void>
+  readonly list: () => Effect.Effect<ReadonlyArray<Request>>
+}
+
+export class Service extends Context.Service<Service, Interface>()("@opencode/Question") {}
+
+export const layer = Layer.effect(
+  Service,
+  Effect.gen(function* () {
+    const bus = yield* Bus.Service
+    const state = yield* InstanceState.make<State>(
+      Effect.fn("Question.state")(function* () {
+        const state = {
+          pending: new Map<QuestionID, PendingEntry>(),
+        }
+
+        yield* Effect.addFinalizer(() =>
+          Effect.gen(function* () {
+            for (const item of state.pending.values()) {
+              yield* Deferred.fail(item.deferred, new RejectedError())
+            }
+            state.pending.clear()
+          }),
+        )
+
+        return state
+      }),
+    )
+
+    const ask = Effect.fn("Question.ask")(function* (input: {
+      sessionID: SessionID
+      questions: ReadonlyArray<Info>
+      tool?: Tool
+    }) {
+      const pending = (yield* InstanceState.get(state)).pending
+      const id = QuestionID.ascending()
+      log.info("asking", { id, questions: input.questions.length })
+
+      const deferred = yield* Deferred.make<ReadonlyArray<Answer>, RejectedError>()
+      const info = Schema.decodeUnknownSync(Request)({
+        id,
+        sessionID: input.sessionID,
+        questions: input.questions,
+        tool: input.tool,
+      })
+      pending.set(id, { info, deferred })
+      yield* bus.publish(Event.Asked, info)
+
+      return yield* Effect.ensuring(
+        Deferred.await(deferred),
+        Effect.sync(() => {
+          pending.delete(id)
+        }),
+      )
+    })
+
+    const reply = Effect.fn("Question.reply")(function* (input: {
+      requestID: QuestionID
+      answers: ReadonlyArray<Answer>
+    }) {
+      const pending = (yield* InstanceState.get(state)).pending
+      const existing = pending.get(input.requestID)
+      if (!existing) {
+        log.warn("reply for unknown request", { requestID: input.requestID })
+        return
+      }
+      pending.delete(input.requestID)
+      log.info("replied", { requestID: input.requestID, answers: input.answers })
+      yield* bus.publish(Event.Replied, {
+        sessionID: existing.info.sessionID,
+        requestID: existing.info.id,
+        answers: input.answers,
+      })
+      yield* Deferred.succeed(existing.deferred, input.answers)
+    })
+
+    const reject = Effect.fn("Question.reject")(function* (requestID: QuestionID) {
+      const pending = (yield* InstanceState.get(state)).pending
+      const existing = pending.get(requestID)
+      if (!existing) {
+        log.warn("reject for unknown request", { requestID })
+        return
+      }
+      pending.delete(requestID)
+      log.info("rejected", { requestID })
+      yield* bus.publish(Event.Rejected, {
+        sessionID: existing.info.sessionID,
+        requestID: existing.info.id,
+      })
+      yield* Deferred.fail(existing.deferred, new RejectedError())
+    })
+
+    const list = Effect.fn("Question.list")(function* () {
+      const pending = (yield* InstanceState.get(state)).pending
+      return Array.from(pending.values(), (x) => x.info)
+    })
+
+    return Service.of({ ask, reply, reject, list })
+  }),
+)
+
+export const defaultLayer = layer.pipe(Layer.provide(Bus.layer))

packages/opencode/src/server/fence.ts

@@ -40,7 +40,7 @@ export function parse(headers: Headers) {
 
   try {
     data = JSON.parse(raw)
-  } catch (err) {
+  } catch {
     return
   }
 

packages/opencode/src/server/instance/config.ts

@@ -2,7 +2,7 @@ import { Hono } from "hono"
 import { describeRoute, validator, resolver } from "hono-openapi"
 import z from "zod"
 import { Config } from "../../config"
-import { Provider } from "../../provider/provider"
+import { Provider } from "../../provider"
 import { mapValues } from "remeda"
 import { errors } from "../error"
 import { lazy } from "../../util/lazy"

packages/opencode/src/server/instance/httpapi/provider.ts

@@ -0,0 +1,46 @@
+import { ProviderAuth } from "@/provider/auth"
+import { Effect, Layer } from "effect"
+import { HttpApi, HttpApiBuilder, HttpApiEndpoint, HttpApiGroup, OpenApi } from "effect/unstable/httpapi"
+
+const root = "/experimental/httpapi/provider"
+
+export const ProviderApi = HttpApi.make("provider")
+  .add(
+    HttpApiGroup.make("provider")
+      .add(
+        HttpApiEndpoint.get("auth", `${root}/auth`, {
+          success: ProviderAuth.Methods,
+        }).annotateMerge(
+          OpenApi.annotations({
+            identifier: "provider.auth",
+            summary: "Get provider auth methods",
+            description: "Retrieve available authentication methods for all AI providers.",
+          }),
+        ),
+      )
+      .annotateMerge(
+        OpenApi.annotations({
+          title: "provider",
+          description: "Experimental HttpApi provider routes.",
+        }),
+      ),
+  )
+  .annotateMerge(
+    OpenApi.annotations({
+      title: "opencode experimental HttpApi",
+      version: "0.0.1",
+      description: "Experimental HttpApi surface for selected instance routes.",
+    }),
+  )
+
+export const ProviderLive = Layer.unwrap(
+  Effect.gen(function* () {
+    const svc = yield* ProviderAuth.Service
+
+    const auth = Effect.fn("ProviderHttpApi.auth")(function* () {
+      return yield* svc.methods()
+    })
+
+    return HttpApiBuilder.group(ProviderApi, "provider", (handlers) => handlers.handle("auth", auth))
+  }),
+).pipe(Layer.provide(ProviderAuth.defaultLayer))

packages/opencode/src/server/instance/httpapi/server.ts

@@ -10,8 +10,10 @@ import { InstanceBootstrap } from "@/project/bootstrap"
 import { Instance } from "@/project/instance"
 import { Filesystem } from "@/util/filesystem"
 import { Permission } from "@/permission"
+import { ProviderAuth } from "@/provider/auth"
 import { Question } from "@/question"
 import { PermissionApi, PermissionLive } from "./permission"
+import { ProviderApi, ProviderLive } from "./provider"
 import { QuestionApi, QuestionLive } from "./question"
 
 const Query = Schema.Struct({
@@ -26,10 +28,6 @@ const Headers = Schema.Struct({
 })
 
 export namespace ExperimentalHttpApiServer {
-  function text(input: string, status: number, headers?: Record<string, string>) {
-    return HttpServerResponse.text(input, { status, headers })
-  }
-
   function decode(input: string) {
     try {
       return decodeURIComponent(input)
@@ -112,6 +110,7 @@ export namespace ExperimentalHttpApiServer {
 
   const QuestionSecured = QuestionApi.middleware(Authorization)
   const PermissionSecured = PermissionApi.middleware(Authorization)
+  const ProviderSecured = ProviderApi.middleware(Authorization)
 
   export const routes = Layer.mergeAll(
     HttpApiBuilder.layer(QuestionSecured, { openapiPath: "/experimental/httpapi/question/doc" }).pipe(
@@ -120,6 +119,9 @@ export namespace ExperimentalHttpApiServer {
     HttpApiBuilder.layer(PermissionSecured, { openapiPath: "/experimental/httpapi/permission/doc" }).pipe(
       Layer.provide(PermissionLive),
     ),
+    HttpApiBuilder.layer(ProviderSecured, { openapiPath: "/experimental/httpapi/provider/doc" }).pipe(
+      Layer.provide(ProviderLive),
+    ),
   ).pipe(Layer.provide(auth), Layer.provide(normalize), Layer.provide(instance))
 
   export const layer = (opts: { hostname: string; port: number }) =>
@@ -131,5 +133,6 @@ export namespace ExperimentalHttpApiServer {
     Layer.provideMerge(NodeHttpServer.layerTest),
     Layer.provideMerge(Question.defaultLayer),
     Layer.provideMerge(Permission.defaultLayer),
+    Layer.provideMerge(ProviderAuth.defaultLayer),
   )
 }

packages/opencode/src/server/instance/middleware.ts

@@ -16,8 +16,6 @@ import { AppFileSystem } from "@opencode-ai/shared/filesystem"
 
 type Rule = { method?: string; path: string; exact?: boolean; action: "local" | "forward" }
 
-const OPENCODE_WORKSPACE = process.env.OPENCODE_WORKSPACE
-
 const RULES: Array<Rule> = [
   { path: "/session/status", action: "forward" },
   { method: "GET", path: "/session", action: "local" },

packages/opencode/src/server/instance/provider.ts

@@ -2,7 +2,7 @@ import { Hono } from "hono"
 import { describeRoute, validator, resolver } from "hono-openapi"
 import z from "zod"
 import { Config } from "../../config"
-import { Provider } from "../../provider/provider"
+import { Provider } from "../../provider"
 import { ModelsDev } from "../../provider/models"
 import { ProviderAuth } from "../../provider/auth"
 import { ProviderID } from "../../provider/schema"
@@ -10,11 +10,8 @@ import { AppRuntime } from "../../effect/app-runtime"
 import { mapValues } from "remeda"
 import { errors } from "../error"
 import { lazy } from "../../util/lazy"
-import { Log } from "../../util/log"
 import { Effect } from "effect"
 
-const log = Log.create({ service: "server" })
-
 export const ProviderRoutes = lazy(() =>
   new Hono()
     .get(
@@ -85,7 +82,7 @@ export const ProviderRoutes = lazy(() =>
             description: "Provider auth methods",
             content: {
               "application/json": {
-                schema: resolver(z.record(z.string(), z.array(ProviderAuth.Method))),
+                schema: resolver(ProviderAuth.Methods.zod),
               },
             },
           },
@@ -106,7 +103,7 @@ export const ProviderRoutes = lazy(() =>
             description: "Authorization URL and method",
             content: {
               "application/json": {
-                schema: resolver(ProviderAuth.Authorization.optional()),
+                schema: resolver(ProviderAuth.Authorization.zod.optional()),
               },
             },
           },

packages/opencode/src/server/middleware.ts

@@ -1,4 +1,4 @@
-import { Provider } from "../provider/provider"
+import { Provider } from "../provider"
 import { NamedError } from "@opencode-ai/shared/util/error"
 import { NotFoundError } from "../storage/db"
 import { Session } from "../session"

packages/opencode/src/session/compaction.ts

@@ -2,7 +2,7 @@ import { BusEvent } from "@/bus/bus-event"
 import { Bus } from "@/bus"
 import { Session } from "."
 import { SessionID, MessageID, PartID } from "./schema"
-import { Provider } from "../provider/provider"
+import { Provider } from "../provider"
 import { MessageV2 } from "./message-v2"
 import z from "zod"
 import { Token } from "../util/token"

packages/opencode/src/session/index.ts

@@ -24,7 +24,7 @@ import { ProjectID } from "../project/schema"
 import { WorkspaceID } from "../control-plane/schema"
 import { SessionID, MessageID, PartID } from "./schema"
 
-import type { Provider } from "@/provider/provider"
+import type { Provider } from "@/provider"
 import { Permission } from "@/permission"
 import { Global } from "@/global"
 import { Effect, Layer, Option, Context } from "effect"

packages/opencode/src/session/llm.ts

@@ -1,4 +1,4 @@
-import { Provider } from "@/provider/provider"
+import { Provider } from "@/provider"
 import { Log } from "@/util/log"
 import { Context, Effect, Layer, Record } from "effect"
 import * as Stream from "effect/Stream"

packages/opencode/src/session/message-v2.ts

@@ -12,7 +12,7 @@ import { ProviderError } from "@/provider/error"
 import { iife } from "@/util/iife"
 import { errorMessage } from "@/util/error"
 import type { SystemError } from "bun"
-import type { Provider } from "@/provider/provider"
+import type { Provider } from "@/provider"
 import { ModelID, ProviderID } from "@/provider/schema"
 import { Effect } from "effect"
 import { EffectLogger } from "@/effect/logger"

packages/opencode/src/session/overflow.ts

@@ -1,5 +1,5 @@
 import type { Config } from "@/config"
-import type { Provider } from "@/provider/provider"
+import type { Provider } from "@/provider"
 import { ProviderTransform } from "@/provider/transform"
 import type { MessageV2 } from "./message-v2"
 

packages/opencode/src/session/processor.ts

@@ -15,7 +15,7 @@ import type { SessionID } from "./schema"
 import { SessionRetry } from "./retry"
 import { SessionStatus } from "./status"
 import { SessionSummary } from "./summary"
-import type { Provider } from "@/provider/provider"
+import type { Provider } from "@/provider"
 import { Question } from "@/question"
 import { errorMessage } from "@/util/error"
 import { Log } from "@/util/log"

packages/opencode/src/session/prompt.ts

@@ -7,7 +7,7 @@ import { Log } from "../util/log"
 import { SessionRevert } from "./revert"
 import { Session } from "."
 import { Agent } from "../agent/agent"
-import { Provider } from "../provider/provider"
+import { Provider } from "../provider"
 import { ModelID, ProviderID } from "../provider/schema"
 import { type Tool as AITool, tool, jsonSchema, type ToolExecutionOptions, asSchema } from "ai"
 import { SessionCompaction } from "./compaction"
@@ -1825,7 +1825,7 @@ NOTE: At any point in time through this workflow you should feel free to ask the
     onSuccess: (output: unknown) => void
   }): AITool {
     // Remove $schema property if present (not needed for tool input)
-    const { $schema, ...toolSchema } = input.schema
+    const { $schema: _, ...toolSchema } = input.schema
 
     return tool({
       id: "StructuredOutput" as any,

packages/opencode/src/session/system.ts

@@ -11,7 +11,7 @@ import PROMPT_KIMI from "./prompt/kimi.txt"
 
 import PROMPT_CODEX from "./prompt/codex.txt"
 import PROMPT_TRINITY from "./prompt/trinity.txt"
-import type { Provider } from "@/provider/provider"
+import type { Provider } from "@/provider"
 import type { Agent } from "@/agent/agent"
 import { Permission } from "@/permission"
 import { Skill } from "@/skill"

packages/opencode/src/share/share-next.ts

@@ -4,7 +4,7 @@ import { FetchHttpClient, HttpClient, HttpClientRequest, HttpClientResponse } fr
 import { Account } from "@/account"
 import { Bus } from "@/bus"
 import { InstanceState } from "@/effect/instance-state"
-import { Provider } from "@/provider/provider"
+import { Provider } from "@/provider"
 import { ModelID, ProviderID } from "@/provider/schema"
 import { Session } from "@/session"
 import { MessageV2 } from "@/session/message-v2"

packages/opencode/src/tool/plan.ts

@@ -5,7 +5,7 @@ import { Tool } from "./tool"
 import { Question } from "../question"
 import { Session } from "../session"
 import { MessageV2 } from "../session/message-v2"
-import { Provider } from "../provider/provider"
+import { Provider } from "../provider"
 import { Instance } from "../project/instance"
 import { type SessionID, MessageID, PartID } from "../session/schema"
 import EXIT_DESCRIPTION from "./plan-exit.txt"

packages/opencode/src/tool/registry.ts

@@ -17,7 +17,7 @@ import { Config } from "../config"
 import { type ToolContext as PluginToolContext, type ToolDefinition } from "@opencode-ai/plugin"
 import z from "zod"
 import { Plugin } from "../plugin"
-import { Provider } from "../provider/provider"
+import { Provider } from "../provider"
 import { ProviderID, type ModelID } from "../provider/schema"
 import { WebSearchTool } from "./websearch"
 import { CodeSearchTool } from "./codesearch"
@@ -176,7 +176,7 @@ export namespace ToolRegistry {
             }
           }
 
-          const cfg = yield* config.get()
+          yield* config.get()
           const questionEnabled =
             ["app", "cli", "desktop"].includes(Flag.OPENCODE_CLIENT) || Flag.OPENCODE_ENABLE_QUESTION_TOOL
 

packages/opencode/src/v2/session.ts

@@ -40,11 +40,11 @@ export namespace SessionV2 {
     Effect.gen(function* () {
       const session = yield* Session.Service
 
-      const create: Interface["create"] = Effect.fn("Session.create")(function* (input) {
+      const create: Interface["create"] = Effect.fn("Session.create")(function* (_input) {
         throw new Error("Not implemented")
       })
 
-      const prompt: Interface["prompt"] = Effect.fn("Session.prompt")(function* (input) {
+      const prompt: Interface["prompt"] = Effect.fn("Session.prompt")(function* (_input) {
         throw new Error("Not implemented")
       })
 

packages/opencode/test/fake/provider.ts

@@ -1,5 +1,5 @@
 import { Effect, Layer } from "effect"
-import { Provider } from "../../src/provider/provider"
+import { Provider } from "../../src/provider"
 import { ModelID, ProviderID } from "../../src/provider/schema"
 
 export namespace ProviderTest {

packages/opencode/test/file/index.test.ts

@@ -276,7 +276,7 @@ describe("file/index Filesystem patterns", () => {
 
     test("returns empty array buffer on error for images", async () => {
       await using tmp = await tmpdir()
-      const filepath = path.join(tmp.path, "broken.png")
+      const _filepath = path.join(tmp.path, "broken.png")
       // Don't create the file
 
       await Instance.provide({

packages/opencode/test/fixture/lsp/fake-lsp-server.js

@@ -1,8 +1,6 @@
 // Simple JSON-RPC 2.0 LSP-like fake server over stdio
 // Implements a minimal LSP handshake and triggers a request upon notification
 
-const net = require("net")
-
 let nextId = 1
 
 function encode(message) {

packages/opencode/test/lib/llm-server.ts

@@ -596,35 +596,11 @@ function hit(url: string, body: unknown) {
   } satisfies Hit
 }
 
-/** Auto-acknowledging tool-result follow-ups avoids requiring tests to queue two responses per tool call. */
-function isToolResultFollowUp(body: unknown): boolean {
-  if (!body || typeof body !== "object") return false
-  // OpenAI chat format: last message has role "tool"
-  if ("messages" in body && Array.isArray(body.messages)) {
-    const last = body.messages[body.messages.length - 1]
-    return last?.role === "tool"
-  }
-  // Responses API: input contains function_call_output
-  if ("input" in body && Array.isArray(body.input)) {
-    return body.input.some((item: Record<string, unknown>) => item?.type === "function_call_output")
-  }
-  return false
-}
-
 function isTitleRequest(body: unknown): boolean {
   if (!body || typeof body !== "object") return false
   return JSON.stringify(body).includes("Generate a title for this conversation")
 }
 
-function requestSummary(body: unknown): string {
-  if (!body || typeof body !== "object") return "empty body"
-  if ("messages" in body && Array.isArray(body.messages)) {
-    const roles = body.messages.map((m: Record<string, unknown>) => m.role).join(",")
-    return `messages=[${roles}]`
-  }
-  return `keys=[${Object.keys(body).join(",")}]`
-}
-
 namespace TestLLMServer {
   export interface Service {
     readonly url: string

packages/opencode/test/provider/amazon-bedrock.test.ts

@@ -5,7 +5,7 @@ import { unlink } from "fs/promises"
 import { ProviderID } from "../../src/provider/schema"
 import { tmpdir } from "../fixture/fixture"
 import { Instance } from "../../src/project/instance"
-import { Provider } from "../../src/provider/provider"
+import { Provider } from "../../src/provider"
 import { Env } from "../../src/env"
 import { Global } from "../../src/global"
 import { Filesystem } from "../../src/util/filesystem"

packages/opencode/test/provider/gitlab-duo.test.ts

@@ -9,7 +9,7 @@ export {}
 // import { ProviderID, ModelID } from "../../src/provider/schema"
 // import { tmpdir } from "../fixture/fixture"
 // import { Instance } from "../../src/project/instance"
-// import { Provider } from "../../src/provider/provider"
+// import { Provider } from "../../src/provider"
 // import { Env } from "../../src/env"
 // import { Global } from "../../src/global"
 // import { GitLabWorkflowLanguageModel } from "gitlab-ai-provider"

packages/opencode/test/provider/provider.test.ts

@@ -7,7 +7,7 @@ import { Global } from "../../src/global"
 import { Instance } from "../../src/project/instance"
 import { Plugin } from "../../src/plugin/index"
 import { ModelsDev } from "../../src/provider/models"
-import { Provider } from "../../src/provider/provider"
+import { Provider } from "../../src/provider"
 import { ProviderID, ModelID } from "../../src/provider/schema"
 import { Filesystem } from "../../src/util/filesystem"
 import { Env } from "../../src/env"

packages/opencode/test/provider/transform.test.ts

@@ -2,8 +2,6 @@ import { describe, expect, test } from "bun:test"
 import { ProviderTransform } from "../../src/provider/transform"
 import { ModelID, ProviderID } from "../../src/provider/schema"
 
-const OUTPUT_TOKEN_MAX = 32000
-
 describe("ProviderTransform.options - setCacheKey", () => {
   const sessionID = "test-session-123"
 

packages/opencode/test/server/session-list.test.ts

@@ -67,7 +67,7 @@ describe("session.list", () => {
     await Instance.provide({
       directory: tmp.path,
       fn: async () => {
-        const session = await svc.create({ title: "new-session" })
+        await svc.create({ title: "new-session" })
         const futureStart = Date.now() + 86400000
 
         const sessions = [...svc.list({ start: futureStart })]

packages/opencode/test/session/compaction.test.ts

@@ -20,7 +20,7 @@ import { MessageID, PartID, SessionID } from "../../src/session/schema"
 import { SessionStatus } from "../../src/session/status"
 import { SessionSummary } from "../../src/session/summary"
 import { ModelID, ProviderID } from "../../src/provider/schema"
-import type { Provider } from "../../src/provider/provider"
+import type { Provider } from "../../src/provider"
 import * as SessionProcessorModule from "../../src/session/processor"
 import { Snapshot } from "../../src/snapshot"
 import { ProviderTest } from "../fake/provider"
@@ -143,25 +143,6 @@ async function assistant(sessionID: SessionID, parentID: MessageID, root: string
   return msg
 }
 
-async function tool(sessionID: SessionID, messageID: MessageID, tool: string, output: string) {
-  return svc.updatePart({
-    id: PartID.ascending(),
-    messageID,
-    sessionID,
-    type: "tool",
-    callID: crypto.randomUUID(),
-    tool,
-    state: {
-      status: "completed",
-      input: {},
-      output,
-      title: "done",
-      metadata: {},
-      time: { start: Date.now(), end: Date.now() },
-    },
-  })
-}
-
 function fake(
   input: Parameters<SessionProcessorModule.SessionProcessor.Interface["create"]>[0],
   result: "continue" | "compact",

packages/opencode/test/session/llm.test.ts

@@ -6,7 +6,7 @@ import z from "zod"
 import { makeRuntime } from "../../src/effect/run-service"
 import { LLM } from "../../src/session/llm"
 import { Instance } from "../../src/project/instance"
-import { Provider } from "../../src/provider/provider"
+import { Provider } from "../../src/provider"
 import { ProviderTransform } from "../../src/provider/transform"
 import { ModelsDev } from "../../src/provider/models"
 import { ProviderID, ModelID } from "../../src/provider/schema"
@@ -1181,7 +1181,6 @@ describe("session.llm.stream", () => {
     const providerID = "google"
     const modelID = "gemini-2.5-flash"
     const fixture = await loadFixture(providerID, modelID)
-    const provider = fixture.provider
     const model = fixture.model
     const pathSuffix = `/v1beta/models/${model.id}:streamGenerateContent`
 

packages/opencode/test/session/message-v2.test.ts

@@ -1,7 +1,7 @@
 import { describe, expect, test } from "bun:test"
 import { APICallError } from "ai"
 import { MessageV2 } from "../../src/session/message-v2"
-import type { Provider } from "../../src/provider/provider"
+import type { Provider } from "../../src/provider"
 import { ModelID, ProviderID } from "../../src/provider/schema"
 import { SessionID, MessageID, PartID } from "../../src/session/schema"
 import { Question } from "../../src/question"

packages/opencode/test/session/messages-pagination.test.ts

@@ -724,7 +724,7 @@ describe("MessageV2.filterCompacted", () => {
 
         const u1 = await addUser(session.id, "hello")
         await addCompactionPart(session.id, u1)
-        const u2 = await addUser(session.id, "world")
+        await addUser(session.id, "world")
 
         const result = MessageV2.filterCompacted(MessageV2.stream(session.id))
         expect(result).toHaveLength(2)
@@ -748,7 +748,7 @@ describe("MessageV2.filterCompacted", () => {
           isRetryable: true,
         }).toObject() as MessageV2.Assistant["error"]
         await addAssistant(session.id, u1, { summary: true, finish: "end_turn", error })
-        const u2 = await addUser(session.id, "retry")
+        await addUser(session.id, "retry")
 
         const result = MessageV2.filterCompacted(MessageV2.stream(session.id))
         // Error assistant doesn't add to completed, so compaction boundary never triggers
@@ -770,7 +770,7 @@ describe("MessageV2.filterCompacted", () => {
 
         // summary=true but no finish
         await addAssistant(session.id, u1, { summary: true })
-        const u2 = await addUser(session.id, "next")
+        await addUser(session.id, "next")
 
         const result = MessageV2.filterCompacted(MessageV2.stream(session.id))
         expect(result).toHaveLength(3)
@@ -892,7 +892,7 @@ describe("MessageV2 consistency", () => {
       directory: root,
       fn: async () => {
         const session = await svc.create({})
-        const ids = await fill(session.id, 4)
+        await fill(session.id, 4)
 
         const filtered = MessageV2.filterCompacted(MessageV2.stream(session.id))
         const all = Array.from(MessageV2.stream(session.id)).reverse()

packages/opencode/test/session/processor-effect.test.ts

@@ -8,7 +8,7 @@ import { Bus } from "../../src/bus"
 import { Config } from "../../src/config"
 import { Permission } from "../../src/permission"
 import { Plugin } from "../../src/plugin"
-import { Provider } from "../../src/provider/provider"
+import { Provider } from "../../src/provider"
 import { ModelID, ProviderID } from "../../src/provider/schema"
 import { Session } from "../../src/session"
 import { LLM } from "../../src/session/llm"

packages/opencode/test/session/prompt-effect.test.ts

@@ -12,9 +12,9 @@ import { LSP } from "../../src/lsp"
 import { MCP } from "../../src/mcp"
 import { Permission } from "../../src/permission"
 import { Plugin } from "../../src/plugin"
-import { Provider as ProviderSvc } from "../../src/provider/provider"
+import { Provider as ProviderSvc } from "../../src/provider"
 import { Env } from "../../src/env"
-import type { Provider } from "../../src/provider/provider"
+import type { Provider } from "../../src/provider"
 import { ModelID, ProviderID } from "../../src/provider/schema"
 import { Question } from "../../src/question"
 import { Todo } from "../../src/session/todo"
@@ -786,7 +786,7 @@ it.live(
           const { task } = yield* registry.named()
           const original = task.execute
           task.execute = (_args, ctx) =>
-            Effect.callback<never>((resume) => {
+            Effect.callback<never>((_resume) => {
               ready.resolve()
               ctx.abort.addEventListener("abort", () => aborted.resolve(), { once: true })
               return Effect.sync(() => aborted.resolve())
@@ -856,7 +856,7 @@ it.live(
 
 it.live("concurrent loop callers get same result", () =>
   provideTmpdirInstance(
-    (dir) =>
+    (_dir) =>
       Effect.gen(function* () {
         const { prompt, run, chat } = yield* boot()
         yield* seed(chat.id, { finish: "stop" })
@@ -997,7 +997,7 @@ it.live(
 
 it.live("assertNotBusy succeeds when idle", () =>
   provideTmpdirInstance(
-    (dir) =>
+    (_dir) =>
       Effect.gen(function* () {
         const run = yield* SessionRunState.Service
         const sessions = yield* Session.Service
@@ -1042,7 +1042,7 @@ it.live(
 
 unix("shell captures stdout and stderr in completed tool output", () =>
   provideTmpdirInstance(
-    (dir) =>
+    (_dir) =>
       Effect.gen(function* () {
         const { prompt, run, chat } = yield* boot()
         const result = yield* prompt.shell({
@@ -1117,7 +1117,7 @@ unix("shell lists files from the project directory", () =>
 
 unix("shell captures stderr from a failing command", () =>
   provideTmpdirInstance(
-    (dir) =>
+    (_dir) =>
       Effect.gen(function* () {
         const { prompt, run, chat } = yield* boot()
         const result = yield* prompt.shell({
@@ -1143,7 +1143,7 @@ unix(
   () =>
     withSh(() =>
       provideTmpdirInstance(
-        (dir) =>
+        (_dir) =>
           Effect.gen(function* () {
             const { prompt, chat } = yield* boot()
 
@@ -1255,7 +1255,7 @@ unix(
   () =>
     withSh(() =>
       provideTmpdirInstance(
-        (dir) =>
+        (_dir) =>
           Effect.gen(function* () {
             const { prompt, run, chat } = yield* boot()
 
@@ -1292,7 +1292,7 @@ unix(
   () =>
     withSh(() =>
       provideTmpdirInstance(
-        (dir) =>
+        (_dir) =>
           Effect.gen(function* () {
             const { prompt, chat } = yield* boot()
 
@@ -1374,7 +1374,7 @@ unix(
   "cancel interrupts loop queued behind shell",
   () =>
     provideTmpdirInstance(
-      (dir) =>
+      (_dir) =>
         Effect.gen(function* () {
           const { prompt, chat } = yield* boot()
 
@@ -1403,7 +1403,7 @@ unix(
   () =>
     withSh(() =>
       provideTmpdirInstance(
-        (dir) =>
+        (_dir) =>
           Effect.gen(function* () {
             const { prompt, chat } = yield* boot()
 

packages/opencode/test/session/retry.test.ts

@@ -239,7 +239,7 @@ describe("session.message-v2.fromError", () => {
       using server = Bun.serve({
         port: 0,
         idleTimeout: 8,
-        async fetch(req) {
+        async fetch(_req) {
           return new Response(
             new ReadableStream({
               async pull(controller) {

packages/opencode/test/session/snapshot-tool-race.test.ts

@@ -38,7 +38,7 @@ import { LSP } from "../../src/lsp"
 import { MCP } from "../../src/mcp"
 import { Permission } from "../../src/permission"
 import { Plugin } from "../../src/plugin"
-import { Provider as ProviderSvc } from "../../src/provider/provider"
+import { Provider as ProviderSvc } from "../../src/provider"
 import { Env } from "../../src/env"
 import { Question } from "../../src/question"
 import { Skill } from "../../src/skill"

packages/opencode/test/share/share-next.test.ts

@@ -9,7 +9,7 @@ import { AccountRepo } from "../../src/account/repo"
 import * as CrossSpawnSpawner from "../../src/effect/cross-spawn-spawner"
 import { Bus } from "../../src/bus"
 import { Config } from "../../src/config"
-import { Provider } from "../../src/provider/provider"
+import { Provider } from "../../src/provider"
 import { Session } from "../../src/session"
 import type { SessionID } from "../../src/session/schema"
 import { ShareNext } from "../../src/share/share-next"

packages/plugin/src/example.ts

@@ -1,7 +1,7 @@
 import { Plugin } from "./index.js"
 import { tool } from "./tool.js"
 
-export const ExamplePlugin: Plugin = async (ctx) => {
+export const ExamplePlugin: Plugin = async (_ctx) => {
   return {
     tool: {
       mytool: tool({

packages/sdk/js/src/v2/data.ts

@@ -5,7 +5,7 @@ export const message = {
     info: UserMessage
     parts: Part[]
   } {
-    const { parts, ...rest } = input
+    const { parts: _parts, ...rest } = input
 
     const info: UserMessage = {
       ...rest,

packages/server/package.json

@@ -1,30 +0,0 @@
-{
-  "$schema": "https://json.schemastore.org/package.json",
-  "name": "@opencode-ai/server",
-  "version": "1.4.6",
-  "type": "module",
-  "license": "MIT",
-  "exports": {
-    ".": "./src/index.ts",
-    "./openapi": "./src/openapi.ts",
-    "./definition": "./src/definition/index.ts",
-    "./definition/api": "./src/definition/api.ts",
-    "./definition/question": "./src/definition/question.ts",
-    "./api": "./src/api/index.ts",
-    "./api/question": "./src/api/question.ts"
-  },
-  "files": [
-    "dist"
-  ],
-  "scripts": {
-    "typecheck": "tsgo --noEmit",
-    "build": "tsc"
-  },
-  "devDependencies": {
-    "@typescript/native-preview": "catalog:",
-    "typescript": "catalog:"
-  },
-  "dependencies": {
-    "effect": "catalog:"
-  }
-}

packages/server/src/api/index.ts

@@ -1,2 +0,0 @@
-export { makeQuestionHandler } from "./question.js"
-export type { QuestionOps } from "./question.js"

packages/server/src/api/question.ts

@@ -1,37 +0,0 @@
-import { Effect, Schema } from "effect"
-import { HttpApiBuilder } from "effect/unstable/httpapi"
-import { QuestionReply, QuestionRequest, questionApi } from "../definition/question.js"
-
-export interface QuestionOps<R = never> {
-  readonly list: () => Effect.Effect<ReadonlyArray<unknown>, never, R>
-  readonly reply: (input: {
-    requestID: string
-    answers: Schema.Schema.Type<typeof QuestionReply>["answers"]
-  }) => Effect.Effect<void, never, R>
-}
-
-export const makeQuestionHandler = <R>(ops: QuestionOps<R>) =>
-  HttpApiBuilder.group(
-    questionApi,
-    "question",
-    Effect.fn("QuestionHttpApi.handlers")(function* (handlers) {
-      const decode = Schema.decodeUnknownSync(Schema.Array(QuestionRequest))
-
-      const list = Effect.fn("QuestionHttpApi.list")(function* () {
-        return decode(yield* ops.list())
-      })
-
-      const reply = Effect.fn("QuestionHttpApi.reply")(function* (ctx: {
-        params: { requestID: string }
-        payload: Schema.Schema.Type<typeof QuestionReply>
-      }) {
-        yield* ops.reply({
-          requestID: ctx.params.requestID,
-          answers: ctx.payload.answers,
-        })
-        return true
-      })
-
-      return handlers.handle("list", list).handle("reply", reply)
-    }),
-  )

packages/server/src/definition/api.ts

@@ -1,12 +0,0 @@
-import { HttpApi, OpenApi } from "effect/unstable/httpapi"
-import { questionApi } from "./question.js"
-
-export const api = HttpApi.make("opencode")
-  .addHttpApi(questionApi)
-  .annotateMerge(
-    OpenApi.annotations({
-      title: "opencode experimental HttpApi",
-      version: "0.0.1",
-      description: "Experimental HttpApi surface for selected instance routes.",
-    }),
-  )

packages/server/src/definition/index.ts

@@ -1,2 +0,0 @@
-export { api } from "./api.js"
-export { questionApi, QuestionReply, QuestionRequest } from "./question.js"

packages/server/src/definition/question.ts

@@ -1,94 +0,0 @@
-import { Schema } from "effect"
-import { HttpApi, HttpApiEndpoint, HttpApiGroup, OpenApi } from "effect/unstable/httpapi"
-
-const root = "/experimental/httpapi/question"
-
-// Temporary transport-local schemas until canonical question schemas move into packages/core.
-export const QuestionID = Schema.String.annotate({ identifier: "QuestionID" })
-export const SessionID = Schema.String.annotate({ identifier: "SessionID" })
-export const MessageID = Schema.String.annotate({ identifier: "MessageID" })
-
-export class QuestionOption extends Schema.Class<QuestionOption>("QuestionOption")({
-  label: Schema.String.annotate({
-    description: "Display text (1-5 words, concise)",
-  }),
-  description: Schema.String.annotate({
-    description: "Explanation of choice",
-  }),
-}) {}
-
-const base = {
-  question: Schema.String.annotate({
-    description: "Complete question",
-  }),
-  header: Schema.String.annotate({
-    description: "Very short label (max 30 chars)",
-  }),
-  options: Schema.Array(QuestionOption).annotate({
-    description: "Available choices",
-  }),
-  multiple: Schema.optional(Schema.Boolean).annotate({
-    description: "Allow selecting multiple choices",
-  }),
-}
-
-export class QuestionInfo extends Schema.Class<QuestionInfo>("QuestionInfo")({
-  ...base,
-  custom: Schema.optional(Schema.Boolean).annotate({
-    description: "Allow typing a custom answer (default: true)",
-  }),
-}) {}
-
-export class QuestionTool extends Schema.Class<QuestionTool>("QuestionTool")({
-  messageID: MessageID,
-  callID: Schema.String,
-}) {}
-
-export class QuestionRequest extends Schema.Class<QuestionRequest>("QuestionRequest")({
-  id: QuestionID,
-  sessionID: SessionID,
-  questions: Schema.Array(QuestionInfo).annotate({
-    description: "Questions to ask",
-  }),
-  tool: Schema.optional(QuestionTool),
-}) {}
-
-export const QuestionAnswer = Schema.Array(Schema.String).annotate({ identifier: "QuestionAnswer" })
-
-export class QuestionReply extends Schema.Class<QuestionReply>("QuestionReply")({
-  answers: Schema.Array(QuestionAnswer).annotate({
-    description: "User answers in order of questions (each answer is an array of selected labels)",
-  }),
-}) {}
-
-export const questionApi = HttpApi.make("question").add(
-  HttpApiGroup.make("question")
-    .add(
-      HttpApiEndpoint.get("list", root, {
-        success: Schema.Array(QuestionRequest),
-      }).annotateMerge(
-        OpenApi.annotations({
-          identifier: "question.list",
-          summary: "List pending questions",
-          description: "Get all pending question requests across all sessions.",
-        }),
-      ),
-      HttpApiEndpoint.post("reply", `${root}/:requestID/reply`, {
-        params: { requestID: QuestionID },
-        payload: QuestionReply,
-        success: Schema.Boolean,
-      }).annotateMerge(
-        OpenApi.annotations({
-          identifier: "question.reply",
-          summary: "Reply to question request",
-          description: "Provide answers to a question request from the AI assistant.",
-        }),
-      ),
-    )
-    .annotateMerge(
-      OpenApi.annotations({
-        title: "question",
-        description: "Experimental HttpApi question routes.",
-      }),
-    ),
-)

packages/server/src/index.ts

@@ -1,6 +0,0 @@
-export { openapi } from "./openapi.js"
-export { makeQuestionHandler } from "./api/question.js"
-export { api } from "./definition/api.js"
-export { questionApi, QuestionReply, QuestionRequest } from "./definition/question.js"
-export type { OpenApiSpec, ServerApi } from "./types.js"
-export type { QuestionOps } from "./api/question.js"

packages/server/src/openapi.ts

@@ -1,5 +0,0 @@
-import { OpenApi } from "effect/unstable/httpapi"
-import { api } from "./definition/api.js"
-import type { OpenApiSpec } from "./types.js"
-
-export const openapi = (): OpenApiSpec => OpenApi.fromApi(api)