feat: unwrap project namespaces to flat exports + barrel

feat: bridge permission and provider auth routes behind OPENCODE_EXPERIMENTAL_HTTPAPI (#22736 )
feat: enable oxlint suspicious category, fix 24 violations (#22727 )
2026-04-16 19:04:52 +00:00 · 2026-04-15 23:14:54 -04:00 · 2026-04-15 23:02:48 -04:00 · 2026-04-16 02:53:10 +00:00 · 2026-04-16 02:52:34 +00:00 · 2026-04-15 22:50:22 -04:00
214 changed files with 11159 additions and 11387 deletions
--- a/.oxlintrc.json
+++ b/.oxlintrc.json
@@ -1,5 +1,8 @@
 {
  "$schema": "https://raw.githubusercontent.com/nicolo-ribaudo/oxc-project.github.io/refs/heads/json-schema/src/public/.oxlintrc.schema.json",
+  "categories": {
+    "suspicious": "warn"
+  },
  "rules": {
    // Effect uses `function*` with Effect.gen/Effect.fnUntraced that don't always yield
    "require-yield": "off",
@@ -10,7 +13,24 @@
    // Intentional control char matching (ANSI escapes, null byte sanitization)
    "no-control-regex": "off",
    // SST and plugin tools require triple-slash references
-    "triple-slash-reference": "off"
+    "triple-slash-reference": "off",
+
+    // Suspicious category: suppress noisy rules
+    // Effect's nested function* closures inherently shadow outer scope
+    "no-shadow": "off",
+    // Namespace-heavy codebase makes this too noisy
+    "unicorn/consistent-function-scoping": "off",
+    // Opinionated — .sort()/.reverse() mutation is fine in this codebase
+    "unicorn/no-array-sort": "off",
+    "unicorn/no-array-reverse": "off",
+    // Not relevant — this isn't a DOM event handler codebase
+    "unicorn/prefer-add-event-listener": "off",
+    // Bundler handles module resolution
+    "unicorn/require-module-specifiers": "off",
+    // postMessage target origin not relevant for this codebase
+    "unicorn/require-post-message-target-origin": "off",
+    // Side-effectful constructors are intentional in some places
+    "no-new": "off"
  },
  "ignorePatterns": ["**/node_modules", "**/dist", "**/.build", "**/.sst", "**/*.d.ts"]
 }
--- a/bun.lock
+++ b/bun.lock
@@ -358,7 +358,6 @@
        "@opencode-ai/plugin": "workspace:*",
        "@opencode-ai/script": "workspace:*",
        "@opencode-ai/sdk": "workspace:*",
-        "@opencode-ai/server": "workspace:*",
        "@openrouter/ai-sdk-provider": "2.5.1",
        "@opentelemetry/api": "1.9.0",
        "@opentelemetry/context-async-hooks": "2.6.1",
@@ -506,17 +505,6 @@
        "typescript": "catalog:",
      },
    },
-    "packages/server": {
-      "name": "@opencode-ai/server",
-      "version": "1.4.6",
-      "dependencies": {
-        "effect": "catalog:",
-      },
-      "devDependencies": {
-        "@typescript/native-preview": "catalog:",
-        "typescript": "catalog:",
-      },
-    },
    "packages/shared": {
      "name": "@opencode-ai/shared",
      "version": "1.4.6",
@@ -1568,8 +1556,6 @@

    "@opencode-ai/sdk": ["@opencode-ai/sdk@workspace:packages/sdk/js"],

-    "@opencode-ai/server": ["@opencode-ai/server@workspace:packages/server"],
-
    "@opencode-ai/shared": ["@opencode-ai/shared@workspace:packages/shared"],

    "@opencode-ai/slack": ["@opencode-ai/slack@workspace:packages/slack"],
--- a/github/index.ts
+++ b/github/index.ts
@@ -542,7 +542,7 @@ async function subscribeSessionEvents() {
                    ? JSON.stringify(part.state.input)
                    : "Unknown"
                console.log()
-                console.log(color + `|`, "\x1b[0m\x1b[2m" + ` ${tool.padEnd(7, " ")}`, "", "\x1b[0m" + title)
+                console.log(`${color}|`, `\x1b[0m\x1b[2m ${tool.padEnd(7, " ")}`, "", `\x1b[0m${title}`)
              }

              if (part.type === "text") {
@@ -776,7 +776,7 @@ async function assertPermissions() {
    console.log(`  permission: ${permission}`)
  } catch (error) {
    console.error(`Failed to check permissions: ${error}`)
-    throw new Error(`Failed to check permissions for user ${actor}: ${error}`)
+    throw new Error(`Failed to check permissions for user ${actor}: ${error}`, { cause: error })
  }

  if (!["admin", "write"].includes(permission)) throw new Error(`User ${actor} does not have write permissions`)
--- a/infra/enterprise.ts
+++ b/infra/enterprise.ts
@@ -3,7 +3,7 @@ import { shortDomain } from "./stage"

 const storage = new sst.cloudflare.Bucket("EnterpriseStorage")

-const teams = new sst.cloudflare.x.SolidStart("Teams", {
+new sst.cloudflare.x.SolidStart("Teams", {
  domain: shortDomain,
  path: "packages/enterprise",
  buildCommand: "bun run build:cloudflare",
--- a/nix/hashes.json
+++ b/nix/hashes.json
@@ -1,8 +1,8 @@
 {
  "nodeModules": {
-    "x86_64-linux": "sha256-PvIx2g1J5QIUIzkz2ABaAM4K/k/+xlBPDUExoOJNNuo=",
-    "aarch64-linux": "sha256-YTAL+P13L5hgNJdDSiBED/UNa5zdTntnUUYDYL+Jdzo=",
-    "aarch64-darwin": "sha256-y2VCJifYAp+H0lpDcJ0QfKNMG00Q/usFElaUIpdc8Vs=",
-    "x86_64-darwin": "sha256-yz8edIlqLp06Y95ad8YjKz5azP7YATPle4TcDx6lM+U="
+    "x86_64-linux": "sha256-VIgTxIjmZ4Bfwwdj/YFmRJdBpPHYhJSY31kh06EXX+0=",
+    "aarch64-linux": "sha256-9118AS1ED0nrliURgZYBRuF/18RqXpUouhYJRlZ6jeA=",
+    "aarch64-darwin": "sha256-ppo3MfSIGKQHJCdYEZiLFRc61PtcJ9J0kAXH1pNIonA=",
+    "x86_64-darwin": "sha256-m+CZSOglBCTfNzbdBX6hXdDqqOzHNMzAddVp6BZVDtU="
  }
 }
--- a/packages/app/src/addons/serialize.test.ts
+++ b/packages/app/src/addons/serialize.test.ts
@@ -180,8 +180,8 @@ describe("SerializeAddon", () => {
      await writeAndWait(term, input)

      const origLine = term.buffer.active.getLine(0)
-      const origFg = origLine!.getCell(0)!.getFgColor()
-      const origBg = origLine!.getCell(0)!.getBgColor()
+      const _origFg = origLine!.getCell(0)!.getFgColor()
+      const _origBg = origLine!.getCell(0)!.getBgColor()
      expect(origLine!.getCell(0)!.isBold()).toBe(1)

      const serialized = addon.serialize({ range: { start: 0, end: 0 } })
--- a/packages/app/src/app.tsx
+++ b/packages/app/src/app.tsx
@@ -10,7 +10,7 @@ import { ThemeProvider } from "@opencode-ai/ui/theme/context"
 import { MetaProvider } from "@solidjs/meta"
 import { type BaseRouterProps, Navigate, Route, Router } from "@solidjs/router"
 import { QueryClient, QueryClientProvider } from "@tanstack/solid-query"
-import { type Duration, Effect } from "effect"
+import { Effect } from "effect"
 import {
  type Component,
  createMemo,
@@ -156,11 +156,6 @@ export function AppBaseProviders(props: ParentProps<{ locale?: Locale }>) {
  )
 }

-const effectMinDuration =
-  (duration: Duration.Input) =>
-  <A, E, R>(e: Effect.Effect<A, E, R>) =>
-    Effect.all([e, Effect.sleep(duration)], { concurrency: "unbounded" }).pipe(Effect.map((v) => v[0]))
-
 function ConnectionGate(props: ParentProps<{ disableHealthCheck?: boolean }>) {
  const server = useServer()
  const checkServerHealth = useCheckServerHealth()
--- a/packages/app/src/components/file-tree.tsx
+++ b/packages/app/src/components/file-tree.tsx
@@ -14,7 +14,6 @@ import {
  Switch,
  untrack,
  type ComponentProps,
-  type JSXElement,
  type ParentProps,
 } from "solid-js"
 import { Dynamic } from "solid-js/web"
--- a/packages/app/src/context/global-sdk.tsx
+++ b/packages/app/src/context/global-sdk.tsx
@@ -128,6 +128,7 @@ export const { use: useGlobalSDK, provider: GlobalSDKProvider } = createSimpleCo
      if (started) return run
      started = true
      run = (async () => {
+        // oxlint-disable-next-line no-unmodified-loop-condition -- `started` is set to false by stop() which also aborts; both flags are checked to allow graceful exit
        while (!abort.signal.aborted && started) {
          attempt = new AbortController()
          lastEventAt = Date.now()
--- a/packages/app/src/context/global-sync/bootstrap.ts
+++ b/packages/app/src/context/global-sync/bootstrap.ts
@@ -65,22 +65,6 @@ function runAll(list: Array<() => Promise<unknown>>) {
  return Promise.allSettled(list.map((item) => item()))
 }

-function showErrors(input: {
-  errors: unknown[]
-  title: string
-  translate: (key: string, vars?: Record<string, string | number>) => string
-  formatMoreCount: (count: number) => string
-}) {
-  if (input.errors.length === 0) return
-  const message = formatServerError(input.errors[0], input.translate)
-  const more = input.errors.length > 1 ? input.formatMoreCount(input.errors.length - 1) : ""
-  showToast({
-    variant: "error",
-    title: input.title,
-    description: message + more,
-  })
-}
-
 export async function bootstrapGlobal(input: {
  globalSDK: OpencodeClient
  requestFailedTitle: string
--- a/packages/app/src/context/global-sync/types.ts
+++ b/packages/app/src/context/global-sync/types.ts
@@ -8,7 +8,6 @@ import type {
  Part,
  Path,
  PermissionRequest,
-  Project,
  ProviderListResponse,
  QuestionRequest,
  Session,
--- a/packages/app/src/i18n/ko.ts
+++ b/packages/app/src/i18n/ko.ts
@@ -1,7 +1,5 @@
 import { dict as en } from "./en"

-type Keys = keyof typeof en
-
 export const dict = {
  "command.category.suggested": "추천",
  "command.category.view": "보기",
--- a/packages/app/src/pages/session.tsx
+++ b/packages/app/src/pages/session.tsx
@@ -433,7 +433,6 @@ export default function Page() {
  const isChildSession = createMemo(() => !!info()?.parentID)
  const diffs = createMemo(() => (params.id ? list(sync.data.session_diff[params.id]) : []))
  const sessionCount = createMemo(() => Math.max(info()?.summary?.files ?? 0, diffs().length))
-  const hasSessionReview = createMemo(() => sessionCount() > 0)
  const canReview = createMemo(() => !!sync.project)
  const reviewTab = createMemo(() => isDesktop())
  const tabState = createSessionTabs({
@@ -443,8 +442,6 @@ export default function Page() {
    review: reviewTab,
    hasReview: canReview,
  })
-  const contextOpen = tabState.contextOpen
-  const openedTabs = tabState.openedTabs
  const activeTab = tabState.activeTab
  const activeFileTab = tabState.activeFileTab
  const revertMessageID = createMemo(() => info()?.revert?.messageID)
--- a/packages/app/src/pages/session/file-tabs.tsx
+++ b/packages/app/src/pages/session/file-tabs.tsx
@@ -378,12 +378,6 @@ export function FileTabContent(props: { tab: string }) {
    requestAnimationFrame(() => comments.clearFocus())
  })

-  const cancelCommenting = () => {
-    const p = path()
-    if (p) file.setSelectedLines(p, null)
-    setNote("commenting", null)
-  }
-
  let prev = {
    loaded: false,
    ready: false,
--- a/packages/app/src/utils/runtime-adapters.test.ts
+++ b/packages/app/src/utils/runtime-adapters.test.ts
@@ -46,7 +46,9 @@ describe("runtime adapters", () => {
  })

  test("resolves speech recognition constructor with webkit precedence", () => {
+    // oxlint-disable-next-line no-extraneous-class
    class SpeechCtor {}
+    // oxlint-disable-next-line no-extraneous-class
    class WebkitCtor {}
    const ctor = getSpeechRecognitionCtor({
      SpeechRecognition: SpeechCtor,
--- a/packages/console/app/script/generate-sitemap.ts
+++ b/packages/console/app/script/generate-sitemap.ts
@@ -8,7 +8,6 @@ import { LOCALES, route } from "../src/lib/language.js"
 const __dirname = dirname(fileURLToPath(import.meta.url))
 const BASE_URL = config.baseUrl
 const PUBLIC_DIR = join(__dirname, "../public")
-const ROUTES_DIR = join(__dirname, "../src/routes")
 const DOCS_DIR = join(__dirname, "../../../web/src/content/docs")

 interface SitemapEntry {
--- a/packages/console/app/src/component/icon.tsx
+++ b/packages/console/app/src/component/icon.tsx
@@ -1,6 +1,6 @@
 import { JSX } from "solid-js"

-export function IconZen(props: JSX.SvgSVGAttributes<SVGSVGElement>) {
+export function IconZen(_props: JSX.SvgSVGAttributes<SVGSVGElement>) {
  return (
    <svg width="84" height="30" viewBox="0 0 84 30" fill="none" xmlns="http://www.w3.org/2000/svg">
      <path d="M24 24H6V18H18V12H24V24ZM6 18H0V12H6V18Z" fill="currentColor" fill-opacity="0.2" />
@@ -13,7 +13,7 @@ export function IconZen(props: JSX.SvgSVGAttributes<SVGSVGElement>) {
  )
 }

-export function IconGo(props: JSX.SvgSVGAttributes<SVGSVGElement>) {
+export function IconGo(_props: JSX.SvgSVGAttributes<SVGSVGElement>) {
  return (
    <svg width="54" height="30" viewBox="0 0 54 30" fill="none" xmlns="http://www.w3.org/2000/svg">
      <path d="M24 30H0V0H24V6H6V24H18V18H12V12H24V30Z" fill="currentColor" />
--- a/packages/console/app/src/routes/auth/status.ts
+++ b/packages/console/app/src/routes/auth/status.ts
@@ -1,7 +1,7 @@
 import { APIEvent } from "@solidjs/start"
 import { useAuthSession } from "~/context/auth"

-export async function GET(input: APIEvent) {
+export async function GET(_input: APIEvent) {
  const session = await useAuthSession()
  return Response.json(session.data)
 }
--- a/packages/console/app/src/routes/debug/index.ts
+++ b/packages/console/app/src/routes/debug/index.ts
@@ -3,7 +3,7 @@ import { json } from "@solidjs/router"
 import { Database } from "@opencode-ai/console-core/drizzle/index.js"
 import { UserTable } from "@opencode-ai/console-core/schema/user.sql.js"

-export async function GET(evt: APIEvent) {
+export async function GET(_evt: APIEvent) {
  return json({
    data: await Database.use(async (tx) => {
      const result = await tx.$count(UserTable)
--- a/packages/console/app/src/routes/index.tsx
+++ b/packages/console/app/src/routes/index.tsx
@@ -31,8 +31,6 @@ export default function Home() {
  const i18n = useI18n()
  const language = useLanguage()
  const githubData = createAsync(() => github())
-  const release = createMemo(() => githubData()?.release)
-
  const handleCopyClick = (event: Event) => {
    const button = event.currentTarget as HTMLButtonElement
    const text = button.textContent
--- a/packages/console/app/src/routes/user-menu.tsx
+++ b/packages/console/app/src/routes/user-menu.tsx
@@ -6,7 +6,7 @@ import { useI18n } from "~/context/i18n"
 import { useLanguage } from "~/context/language"
 import "./user-menu.css"

-const logout = action(async () => {
+const _logout = action(async () => {
  "use server"
  const auth = await useAuthSession()
  const event = getRequestEvent()
--- a/packages/console/app/src/routes/workspace/[id]/billing/reload-section.tsx
+++ b/packages/console/app/src/routes/workspace/[id]/billing/reload-section.tsx
@@ -90,7 +90,7 @@ export function ReloadSection() {
    }
    const info = billingInfo()!
    setStore("show", true)
-    setStore("reload", info.reload ? true : true)
+    setStore("reload", true)
    setStore("reloadAmount", info.reloadAmount.toString())
    setStore("reloadTrigger", info.reloadTrigger.toString())
  }
--- a/packages/console/app/src/routes/zen/util/provider/openai-compatible.ts
+++ b/packages/console/app/src/routes/zen/util/provider/openai-compatible.ts
@@ -30,7 +30,7 @@ export const oaCompatHelper: ProviderHelper = ({ adjustCacheUsage, safetyIdentif
    headers.set("authorization", `Bearer ${apiKey}`)
    headers.set("x-session-affinity", headers.get("x-opencode-session") ?? "")
  },
-  modifyBody: (body: Record<string, any>, workspaceID?: string) => {
+  modifyBody: (body: Record<string, any>, _workspaceID?: string) => {
    return {
      ...body,
      ...(body.stream ? { stream_options: { include_usage: true } } : {}),
--- a/packages/console/app/src/routes/zen/v1/models.ts
+++ b/packages/console/app/src/routes/zen/v1/models.ts
@@ -5,7 +5,7 @@ import { WorkspaceTable } from "@opencode-ai/console-core/schema/workspace.sql.j
 import { ModelTable } from "@opencode-ai/console-core/schema/model.sql.js"
 import { ZenData } from "@opencode-ai/console-core/model.js"

-export async function OPTIONS(input: APIEvent) {
+export async function OPTIONS(_input: APIEvent) {
  return new Response(null, {
    status: 200,
    headers: {
--- a/packages/console/app/src/routes/zen/v1/models/[model].ts
+++ b/packages/console/app/src/routes/zen/v1/models/[model].ts
@@ -6,8 +6,8 @@ export function POST(input: APIEvent) {
    format: "google",
    modelList: "full",
    parseApiKey: (headers: Headers) => headers.get("x-goog-api-key") ?? undefined,
-    parseModel: (url: string, body: any) => url.split("/").pop()?.split(":")?.[0] ?? "",
-    parseIsStream: (url: string, body: any) =>
+    parseModel: (url: string, _body: any) => url.split("/").pop()?.split(":")?.[0] ?? "",
+    parseIsStream: (url: string, _body: any) =>
      // ie. url: https://opencode.ai/zen/v1/models/gemini-3-pro:streamGenerateContent?alt=sse'
      url.split("/").pop()?.split(":")?.[1]?.startsWith("streamGenerateContent") ?? false,
  })
--- a/packages/desktop-electron/src/main/apps.ts
+++ b/packages/desktop-electron/src/main/apps.ts
@@ -28,7 +28,7 @@ export function wslPath(path: string, mode: "windows" | "linux" | null): string
    const output = execFileSync("wsl", ["-e", "wslpath", flag, path])
    return output.toString().trim()
  } catch (error) {
-    throw new Error(`Failed to run wslpath: ${String(error)}`)
+    throw new Error(`Failed to run wslpath: ${String(error)}`, { cause: error })
  }
 }

--- a/packages/function/src/api.ts
+++ b/packages/function/src/api.ts
@@ -12,21 +12,8 @@ type Env = {
  WEB_DOMAIN: string
 }

-async function getFeishuTenantToken(): Promise<string> {
-  const response = await fetch("https://open.feishu.cn/open-apis/auth/v3/tenant_access_token/internal", {
-    method: "POST",
-    headers: { "Content-Type": "application/json" },
-    body: JSON.stringify({
-      app_id: Resource.FEISHU_APP_ID.value,
-      app_secret: Resource.FEISHU_APP_SECRET.value,
-    }),
-  })
-  const data = (await response.json()) as { tenant_access_token?: string }
-  if (!data.tenant_access_token) throw new Error("Failed to get Feishu tenant token")
-  return data.tenant_access_token
-}
-
 export class SyncServer extends DurableObject<Env> {
+  // oxlint-disable-next-line no-useless-constructor
  constructor(ctx: DurableObjectState, env: Env) {
    super(ctx, env)
  }
@@ -49,9 +36,9 @@ export class SyncServer extends DurableObject<Env> {
    })
  }

-  async webSocketMessage(ws, message) {}
+  async webSocketMessage(_ws, _message) {}

-  async webSocketClose(ws, code, reason, wasClean) {
+  async webSocketClose(ws, code, _reason, _wasClean) {
    ws.close(code, "Durable Object is closing WebSocket")
  }

@@ -195,7 +182,7 @@ export default new Hono<{ Bindings: Env }>()
    let info
    const messages: Record<string, any> = {}
    data.forEach((d) => {
-      const [root, type, ...splits] = d.key.split("/")
+      const [root, type] = d.key.split("/")
      if (root !== "session") return
      if (type === "info") {
        info = d.content
--- a/packages/opencode/package.json
+++ b/packages/opencode/package.json
@@ -115,7 +115,6 @@
    "@opencode-ai/plugin": "workspace:*",
    "@opencode-ai/script": "workspace:*",
    "@opencode-ai/sdk": "workspace:*",
-    "@opencode-ai/server": "workspace:*",
    "@openrouter/ai-sdk-provider": "2.5.1",
    "@opentelemetry/api": "1.9.0",
    "@opentelemetry/context-async-hooks": "2.6.1",
--- a/packages/opencode/script/postinstall.mjs
+++ b/packages/opencode/script/postinstall.mjs
@@ -64,7 +64,7 @@ function findBinary() {

    return { binaryPath, binaryName }
  } catch (error) {
-    throw new Error(`Could not find package ${packageName}: ${error.message}`)
+    throw new Error(`Could not find package ${packageName}: ${error.message}`, { cause: error })
  }
 }

@@ -85,18 +85,6 @@ function prepareBinDirectory(binaryName) {
  return { binDir, targetPath }
 }

-function symlinkBinary(sourcePath, binaryName) {
-  const { targetPath } = prepareBinDirectory(binaryName)
-
-  fs.symlinkSync(sourcePath, targetPath)
-  console.log(`opencode binary symlinked: ${targetPath} -> ${sourcePath}`)
-
-  // Verify the file exists after operation
-  if (!fs.existsSync(targetPath)) {
-    throw new Error(`Failed to symlink binary to ${targetPath}`)
-  }
-}
-
 async function main() {
  try {
    if (os.platform() === "win32") {
--- a/packages/opencode/script/unwrap-namespace.ts
+++ b/packages/opencode/script/unwrap-namespace.ts
@@ -5,16 +5,17 @@
 * Usage:
 *   bun script/unwrap-namespace.ts src/bus/index.ts
 *   bun script/unwrap-namespace.ts src/bus/index.ts --dry-run
+ *   bun script/unwrap-namespace.ts src/pty/index.ts --name service   # avoid collision with pty.ts
 *
 * What it does:
 *   1. Reads the file and finds the `export namespace Foo { ... }` block
 *      (uses ast-grep for accurate AST-based boundary detection)
 *   2. Removes the namespace wrapper and dedents the body
- *   3. If the file is index.ts, renames it to <lowercase-name>.ts
- *   4. Creates/updates index.ts with `export * as Foo from "./<file>"`
- *   5. Prints the import rewrite commands to run across the codebase
- *
- * Does NOT auto-rewrite imports — prints the commands so you can review them.
+ *   3. Fixes self-references (e.g. Config.PermissionAction → PermissionAction)
+ *   4. If the file is index.ts, renames it to <lowercase-name>.ts
+ *   5. Creates/updates index.ts with `export * as Foo from "./<file>"`
+ *   6. Rewrites import paths across src/, test/, and script/
+ *   7. Fixes sibling imports within the same directory
 *
 * Requires: ast-grep (`brew install ast-grep` or `cargo install ast-grep`)
 */
@@ -24,10 +25,11 @@ import fs from "fs"

 const args = process.argv.slice(2)
 const dryRun = args.includes("--dry-run")
-const filePath = args.find((a) => !a.startsWith("--"))
+const nameFlag = args.find((a, i) => args[i - 1] === "--name")
+const filePath = args.find((a) => !a.startsWith("--") && args[args.indexOf(a) - 1] !== "--name")

 if (!filePath) {
-  console.error("Usage: bun script/unwrap-namespace.ts <file> [--dry-run]")
+  console.error("Usage: bun script/unwrap-namespace.ts <file> [--dry-run] [--name <impl-name>]")
  process.exit(1)
 }

@@ -90,22 +92,107 @@ const after = lines.slice(closeLine + 1)
 const dedented = body.map((line) => {
  if (line === "") return ""
  if (line.startsWith("  ")) return line.slice(2)
-  return line // don't touch lines that aren't indented (shouldn't happen)
+  return line
 })

-const newContent = [...before, ...dedented, ...after].join("\n")
+let newContent = [...before, ...dedented, ...after].join("\n")
+
+// --- Fix self-references ---
+// After unwrapping, references like `Config.PermissionAction` inside the same file
+// need to become just `PermissionAction`. Only fix code positions, not strings.
+const exportedNames = new Set<string>()
+const exportRegex = /export\s+(?:const|function|class|interface|type|enum|abstract\s+class)\s+(\w+)/g
+for (const line of dedented) {
+  for (const m of line.matchAll(exportRegex)) exportedNames.add(m[1])
+}
+const reExportRegex = /export\s*\{\s*([^}]+)\}/g
+for (const line of dedented) {
+  for (const m of line.matchAll(reExportRegex)) {
+    for (const name of m[1].split(",")) {
+      const trimmed = name
+        .trim()
+        .split(/\s+as\s+/)
+        .pop()!
+        .trim()
+      if (trimmed) exportedNames.add(trimmed)
+    }
+  }
+}
+
+let selfRefCount = 0
+if (exportedNames.size > 0) {
+  const fixedLines = newContent.split("\n").map((line) => {
+    // Split line into string-literal and code segments to avoid replacing inside strings
+    const segments: Array<{ text: string; isString: boolean }> = []
+    let i = 0
+    let current = ""
+    let inString: string | null = null
+
+    while (i < line.length) {
+      const ch = line[i]
+      if (inString) {
+        current += ch
+        if (ch === "\\" && i + 1 < line.length) {
+          current += line[i + 1]
+          i += 2
+          continue
+        }
+        if (ch === inString) {
+          segments.push({ text: current, isString: true })
+          current = ""
+          inString = null
+        }
+        i++
+        continue
+      }
+      if (ch === '"' || ch === "'" || ch === "`") {
+        if (current) segments.push({ text: current, isString: false })
+        current = ch
+        inString = ch
+        i++
+        continue
+      }
+      if (ch === "/" && i + 1 < line.length && line[i + 1] === "/") {
+        current += line.slice(i)
+        segments.push({ text: current, isString: true })
+        current = ""
+        i = line.length
+        continue
+      }
+      current += ch
+      i++
+    }
+    if (current) segments.push({ text: current, isString: !!inString })
+
+    return segments
+      .map((seg) => {
+        if (seg.isString) return seg.text
+        let result = seg.text
+        for (const name of exportedNames) {
+          const pattern = `${nsName}.${name}`
+          while (result.includes(pattern)) {
+            const idx = result.indexOf(pattern)
+            const charBefore = idx > 0 ? result[idx - 1] : " "
+            const charAfter = idx + pattern.length < result.length ? result[idx + pattern.length] : " "
+            if (/\w/.test(charBefore) || /\w/.test(charAfter)) break
+            result = result.slice(0, idx) + name + result.slice(idx + pattern.length)
+            selfRefCount++
+          }
+        }
+        return result
+      })
+      .join("")
+  })
+  newContent = fixedLines.join("\n")
+}

 // Figure out file naming
 const dir = path.dirname(absPath)
 const basename = path.basename(absPath, ".ts")
 const isIndex = basename === "index"
-
-// The implementation file name (lowercase namespace name if currently index.ts)
-const implName = isIndex ? nsName.replace(/([a-z])([A-Z])/g, "$1-$2").toLowerCase() : basename
+const implName = nameFlag ?? (isIndex ? nsName.replace(/([a-z])([A-Z])/g, "$1-$2").toLowerCase() : basename)
 const implFile = path.join(dir, `${implName}.ts`)
 const indexFile = path.join(dir, "index.ts")
-
-// The barrel line
 const barrelLine = `export * as ${nsName} from "./${implName}"\n`

 console.log("")
@@ -114,6 +201,7 @@ if (isIndex) {
 } else {
  console.log(`Plan: rewrite ${basename}.ts in place, create index.ts barrel`)
 }
+if (selfRefCount > 0) console.log(`Fixed ${selfRefCount} self-reference(s) (${nsName}.X → X)`)
 console.log("")

 if (dryRun) {
@@ -128,19 +216,23 @@ if (dryRun) {
  console.log("")
  console.log(`=== index.ts ===`)
  console.log(`  ${barrelLine.trim()}`)
+  console.log("")
+  if (!isIndex) {
+    const relDir = path.relative(path.resolve("src"), dir)
+    console.log(`=== Import rewrites (would apply) ===`)
+    console.log(`  ${relDir}/${basename}" → ${relDir}" across src/, test/, script/`)
+  } else {
+    console.log("No import rewrites needed (was index.ts)")
+  }
 } else {
-  // Write the implementation file
  if (isIndex) {
-    // Rename: write new content to implFile, then overwrite index.ts with barrel
    fs.writeFileSync(implFile, newContent)
    fs.writeFileSync(indexFile, barrelLine)
    console.log(`Wrote ${implName}.ts (${newContent.split("\n").length} lines)`)
    console.log(`Wrote index.ts (barrel)`)
  } else {
-    // Rewrite in place, create index.ts
    fs.writeFileSync(absPath, newContent)
    if (fs.existsSync(indexFile)) {
-      // Append to existing barrel
      const existing = fs.readFileSync(indexFile, "utf-8")
      if (!existing.includes(`export * as ${nsName}`)) {
        fs.appendFileSync(indexFile, barrelLine)
@@ -154,37 +246,60 @@ if (dryRun) {
    }
    console.log(`Rewrote ${basename}.ts (${newContent.split("\n").length} lines)`)
  }
-}

-// Print the import rewrite guidance
-const relDir = path.relative(path.resolve("src"), dir)
+  // --- Rewrite import paths across src/, test/, script/ ---
+  const relDir = path.relative(path.resolve("src"), dir)
+  if (!isIndex) {
+    const oldTail = `${relDir}/${basename}`
+    const searchDirs = ["src", "test", "script"].filter((d) => fs.existsSync(d))
+    const rgResult = Bun.spawnSync(["rg", "-l", `from.*${oldTail}"`, ...searchDirs], {
+      stdout: "pipe",
+      stderr: "pipe",
+    })
+    const filesToRewrite = rgResult.stdout
+      .toString()
+      .trim()
+      .split("\n")
+      .filter((f) => f.length > 0)

-console.log("")
-console.log("=== Import rewrites ===")
-console.log("")
+    if (filesToRewrite.length > 0) {
+      console.log(`\nRewriting imports in ${filesToRewrite.length} file(s)...`)
+      for (const file of filesToRewrite) {
+        const content = fs.readFileSync(file, "utf-8")
+        fs.writeFileSync(file, content.replaceAll(`${oldTail}"`, `${relDir}"`))
+      }
+      console.log(`  Done: ${oldTail}" → ${relDir}"`)
+    } else {
+      console.log("\nNo import rewrites needed")
+    }
+  } else {
+    console.log("\nNo import rewrites needed (was index.ts)")
+  }

-if (!isIndex) {
-  // Non-index files: imports like "../provider/provider" need to become "../provider"
-  const oldTail = `${relDir}/${basename}`
+  // --- Fix sibling imports within the same directory ---
+  const siblingFiles = fs.readdirSync(dir).filter((f) => {
+    if (!f.endsWith(".ts")) return false
+    if (f === "index.ts" || f === `${implName}.ts`) return false
+    return true
+  })

-  console.log(`# Find all imports to rewrite:`)
-  console.log(`rg 'from.*${oldTail}' src/ --files-with-matches`)
-  console.log("")
-
-  // Auto-rewrite with sed (safe: only rewrites the import path, not other occurrences)
-  console.log("# Auto-rewrite (review diff afterward):")
-  console.log(`rg -l 'from.*${oldTail}' src/ | xargs sed -i '' 's|${oldTail}"|${relDir}"|g'`)
-  console.log("")
-  console.log("# What changes:")
-  console.log(`#   import { ${nsName} } from ".../${oldTail}"`)
-  console.log(`#   import { ${nsName} } from ".../${relDir}"`)
-} else {
-  console.log("# File was index.ts — import paths already resolve correctly.")
-  console.log("# No import rewrites needed!")
+  let siblingFixCount = 0
+  for (const sibFile of siblingFiles) {
+    const sibPath = path.join(dir, sibFile)
+    const content = fs.readFileSync(sibPath, "utf-8")
+    const pattern = new RegExp(`from\\s+["']\\./${basename}["']`, "g")
+    if (pattern.test(content)) {
+      fs.writeFileSync(sibPath, content.replace(pattern, `from "."`))
+      siblingFixCount++
+    }
+  }
+  if (siblingFixCount > 0) {
+    console.log(`Fixed ${siblingFixCount} sibling import(s) in ${path.basename(dir)}/ (./${basename} → .)`)
+  }
 }

 console.log("")
 console.log("=== Verify ===")
 console.log("")
-console.log("bun typecheck     # from packages/opencode")
-console.log("bun run test      # run tests")
+console.log("bunx --bun tsgo --noEmit   # typecheck")
+console.log("bun run test               # run tests")
--- a/packages/opencode/specs/effect/http-api.md
+++ b/packages/opencode/specs/effect/http-api.md
@@ -121,17 +121,46 @@ Why `question` first:

 Do not re-architect business logic during the HTTP migration. `HttpApi` handlers should call the same Effect services already used by the Hono handlers.

-### 4. Build in parallel, do not bridge into Hono
+### 4. Bridge into Hono behind a feature flag

-The `HttpApi` implementation lives under `src/server/instance/httpapi/` as a standalone Effect HTTP server. It is **not mounted into the Hono app**. There is no `toWebHandler` bridge, no Hono `Handler` export, and no `.route()` call wiring it into `experimental.ts`.
+The `HttpApi` routes are bridged into the Hono server via `HttpRouter.toWebHandler` with a shared `memoMap`. This means:

-The standalone server (`httpapi/server.ts`) can be started independently and proves the routes work. Tests exercise it via `HttpRouter.serve` with `NodeHttpServer.layerTest`.
+- one process, one port — no separate server
+- the Effect handler shares layer instances with `AppRuntime` (same `Question.Service`, etc.)
+- Effect middleware handles auth and instance lookup independently from Hono middleware
+- Hono's `.all()` catch-all intercepts matching paths before the Hono route handlers

-The goal is to build enough route coverage in the Effect server that the Hono server can eventually be replaced entirely. Until then, the two implementations exist side by side but are completely separate processes.
+The bridge is gated behind `OPENCODE_EXPERIMENTAL_HTTPAPI` (or `OPENCODE_EXPERIMENTAL`). When the flag is off (default), all requests go through the original Hono handlers unchanged.

-### 5. Migrate JSON route groups gradually
+```ts
+// in instance/index.ts
+if (Flag.OPENCODE_EXPERIMENTAL_HTTPAPI) {
+  const handler = ExperimentalHttpApiServer.webHandler().handler
+  app.all("/question", (c) => handler(c.req.raw)).all("/question/*", (c) => handler(c.req.raw))
+}
+```

-If the parallel slice works well, migrate additional JSON route groups one at a time. Leave streaming-style endpoints on Hono until there is a clear reason to move them.
+The Hono route handlers are always registered (after the bridge) so `hono-openapi` generates the OpenAPI spec entries that feed SDK codegen. When the flag is on, these handlers are dead code — the `.all()` bridge matches first.
+
+### 5. Observability
+
+The `webHandler` provides `Observability.layer` via `Layer.provideMerge`. Since the `memoMap` is shared with `AppRuntime`, the tracing provider is deduplicated — no extra initialization cost.
+
+This gives:
+
+- **spans**: `Effect.fn("QuestionHttpApi.list")` etc. appear in traces alongside service-layer spans
+- **HTTP logs**: `HttpMiddleware.logger` emits structured `Effect.log` entries with `http.method`, `http.url`, `http.status` annotations, flowing to motel via `OtlpLogger`
+
+### 6. Migrate JSON route groups gradually
+
+As each route group is ported to `HttpApi`:
+
+1. change its `root` path from `/experimental/httpapi/<group>` to `/<group>`
+2. add `.all("/<group>", handler)` / `.all("/<group>/*", handler)` to the flag block in `instance/index.ts`
+3. for partial ports (e.g. only `GET /provider/auth`), bridge only the specific path
+4. verify SDK output is unchanged
+
+Leave streaming-style endpoints on Hono until there is a clear reason to move them.

 ## Schema rule for HttpApi work

@@ -156,6 +185,14 @@ Ordering for a route-group migration:
 3. move tagged route-facing errors to `Schema.TaggedErrorClass` where needed
 4. switch existing Zod boundary validators to derived `.zod`
 5. define the `HttpApi` contract from the canonical Effect schemas
+6. regenerate the SDK (`./packages/sdk/js/script/build.ts`) and verify zero diff against `dev`
+
+SDK shape rule:
+
+- every schema migration must preserve the generated SDK output byte-for-byte
+- `Schema.Class` emits a named `$ref` in OpenAPI via its identifier — use it only for types that already had `.meta({ ref })` in the old Zod schema
+- inner / nested types that were anonymous in the old Zod schema should stay as `Schema.Struct` (not `Schema.Class`) to avoid introducing new named components in the OpenAPI spec
+- if a diff appears in `packages/sdk/js/src/v2/gen/types.gen.ts`, the migration introduced an unintended API surface change — fix it before merging

 Temporary exception:

@@ -195,8 +232,9 @@ Use the same sequence for each route group.
 4. Define the `HttpApi` contract separately from the handlers.
 5. Implement handlers by yielding the existing service from context.
 6. Mount the new surface in parallel under an experimental prefix.
-7. Add one end-to-end test and one OpenAPI-focused test.
-8. Compare ergonomics before migrating the next endpoint.
+7. Regenerate the SDK and verify zero diff against `dev` (see SDK shape rule above).
+8. Add one end-to-end test and one OpenAPI-focused test.
+9. Compare ergonomics before migrating the next endpoint.

 Rule of thumb:

@@ -293,36 +331,43 @@ The first slice is successful if:
 - OpenAPI is generated from the `HttpApi` contract
 - the tests are straightforward enough that the next slice feels mechanical

-## Learnings from the question slice
+## Learnings

-The first parallel `question` spike gave us a concrete pattern to reuse.
+### Schema

 - `Schema.Class` works well for route DTOs such as `Question.Request`, `Question.Info`, and `Question.Reply`.
 - scalar or collection schemas such as `Question.Answer` should stay as schemas and use helpers like `withStatics(...)` instead of being forced into classes.
 - if an `HttpApi` success schema uses `Schema.Class`, the handler or underlying service needs to return real schema instances rather than plain objects.
 - internal event payloads can stay anonymous when we want to avoid adding extra named OpenAPI component churn for non-route shapes.
- the experimental slice should stay as a standalone Effect server and keep calling the existing service layer unchanged.
- compare generated OpenAPI semantically at the route and schema level.
+- `Schema.Class` emits named `$ref` in OpenAPI — only use it for types that already had `.meta({ ref })` in the old Zod schema. Inner/nested types should stay as `Schema.Struct` to avoid SDK shape changes.
+
+### Integration
+
+- `HttpRouter.toWebHandler` with the shared `memoMap` from `run-service.ts` cleanly bridges Effect routes into Hono — one process, one port, shared layer instances.
+- `Observability.layer` must be explicitly provided via `Layer.provideMerge` in the routes layer for OTEL spans and HTTP logs to flow. The `memoMap` deduplicates it with `AppRuntime` — no extra cost.
+- `HttpMiddleware.logger` (enabled by default when `disableLogger` is not set) emits structured `Effect.log` entries with `http.method`, `http.url`, `http.status` — these flow through `OtlpLogger` to motel.
+- Hono OpenAPI stubs must remain registered for SDK codegen until the SDK pipeline reads from the Effect OpenAPI spec instead.
+- the `OPENCODE_EXPERIMENTAL_HTTPAPI` flag gates the bridge at the Hono router level — default off, no behavior change unless opted in.

 ## Route inventory

 Status legend:

- `done` - parallel `HttpApi` slice exists
+- `bridged` - Effect HttpApi slice exists and is bridged into Hono behind the flag
+- `done` - Effect HttpApi slice exists but not yet bridged
 - `next` - good near-term candidate
 - `later` - possible, but not first wave
 - `defer` - not a good early `HttpApi` target

 Current instance route inventory:

- `question` - `done`
-  endpoints in slice: `GET /question`, `POST /question/:requestID/reply`
- `permission` - `done`
-  endpoints in slice: `GET /permission`, `POST /permission/:requestID/reply`
- `provider` - `next`
-  best next endpoint: `GET /provider/auth`
-  later endpoint: `GET /provider`
-  defer first-wave OAuth mutations
+- `question` - `bridged`
+  endpoints: `GET /question`, `POST /question/:requestID/reply`, `POST /question/:requestID/reject`
+- `permission` - `bridged`
+  endpoints: `GET /permission`, `POST /permission/:requestID/reply`
+- `provider` - `bridged` (partial)
+  bridged endpoint: `GET /provider/auth`
+  not yet ported: `GET /provider`, OAuth mutations
 - `config` - `next`
  best next endpoint: `GET /config/providers`
  later endpoint: `GET /config`
@@ -362,7 +407,13 @@ Recommended near-term sequence after the first spike:
 - [x] keep the underlying service calls identical to the current handlers
 - [x] compare generated OpenAPI against the current Hono/OpenAPI setup
 - [x] document how auth, instance lookup, and error mapping would compose in the new stack
- [ ] decide after the spike whether `HttpApi` should stay parallel, replace only some groups, or become the long-term default
+- [x] bridge Effect routes into Hono via `toWebHandler` with shared `memoMap`
+- [x] gate behind `OPENCODE_EXPERIMENTAL_HTTPAPI` flag
+- [x] verify OTEL spans and HTTP logs flow to motel
+- [x] bridge question, permission, and provider auth routes
+- [ ] port remaining provider endpoints (`GET /provider`, OAuth mutations)
+- [ ] port `config` read endpoints
+- [ ] decide when to remove the flag and make Effect routes the default

 ## Rule of thumb

--- a/packages/opencode/src/account/account.ts
+++ b/packages/opencode/src/account/account.ts
@@ -0,0 +1,454 @@
+import { Cache, Clock, Duration, Effect, Layer, Option, Schema, SchemaGetter, Context } from "effect"
+import {
+  FetchHttpClient,
+  HttpClient,
+  HttpClientError,
+  HttpClientRequest,
+  HttpClientResponse,
+} from "effect/unstable/http"
+
+import { withTransientReadRetry } from "@/util/effect-http-client"
+import { AccountRepo, type AccountRow } from "./repo"
+import { normalizeServerUrl } from "./url"
+import {
+  type AccountError,
+  AccessToken,
+  AccountID,
+  DeviceCode,
+  Info,
+  RefreshToken,
+  AccountServiceError,
+  AccountTransportError,
+  Login,
+  Org,
+  OrgID,
+  PollDenied,
+  PollError,
+  PollExpired,
+  PollPending,
+  type PollResult,
+  PollSlow,
+  PollSuccess,
+  UserCode,
+} from "./schema"
+
+export {
+  AccountID,
+  type AccountError,
+  AccountRepoError,
+  AccountServiceError,
+  AccountTransportError,
+  AccessToken,
+  RefreshToken,
+  DeviceCode,
+  UserCode,
+  Info,
+  Org,
+  OrgID,
+  Login,
+  PollSuccess,
+  PollPending,
+  PollSlow,
+  PollExpired,
+  PollDenied,
+  PollError,
+  PollResult,
+} from "./schema"
+
+export type AccountOrgs = {
+  account: Info
+  orgs: readonly Org[]
+}
+
+export type ActiveOrg = {
+  account: Info
+  org: Org
+}
+
+class RemoteConfig extends Schema.Class<RemoteConfig>("RemoteConfig")({
+  config: Schema.Record(Schema.String, Schema.Json),
+}) {}
+
+const DurationFromSeconds = Schema.Number.pipe(
+  Schema.decodeTo(Schema.Duration, {
+    decode: SchemaGetter.transform((n) => Duration.seconds(n)),
+    encode: SchemaGetter.transform((d) => Duration.toSeconds(d)),
+  }),
+)
+
+class TokenRefresh extends Schema.Class<TokenRefresh>("TokenRefresh")({
+  access_token: AccessToken,
+  refresh_token: RefreshToken,
+  expires_in: DurationFromSeconds,
+}) {}
+
+class DeviceAuth extends Schema.Class<DeviceAuth>("DeviceAuth")({
+  device_code: DeviceCode,
+  user_code: UserCode,
+  verification_uri_complete: Schema.String,
+  expires_in: DurationFromSeconds,
+  interval: DurationFromSeconds,
+}) {}
+
+class DeviceTokenSuccess extends Schema.Class<DeviceTokenSuccess>("DeviceTokenSuccess")({
+  access_token: AccessToken,
+  refresh_token: RefreshToken,
+  token_type: Schema.Literal("Bearer"),
+  expires_in: DurationFromSeconds,
+}) {}
+
+class DeviceTokenError extends Schema.Class<DeviceTokenError>("DeviceTokenError")({
+  error: Schema.String,
+  error_description: Schema.String,
+}) {
+  toPollResult(): PollResult {
+    if (this.error === "authorization_pending") return new PollPending()
+    if (this.error === "slow_down") return new PollSlow()
+    if (this.error === "expired_token") return new PollExpired()
+    if (this.error === "access_denied") return new PollDenied()
+    return new PollError({ cause: this.error })
+  }
+}
+
+const DeviceToken = Schema.Union([DeviceTokenSuccess, DeviceTokenError])
+
+class User extends Schema.Class<User>("User")({
+  id: AccountID,
+  email: Schema.String,
+}) {}
+
+class ClientId extends Schema.Class<ClientId>("ClientId")({ client_id: Schema.String }) {}
+
+class DeviceTokenRequest extends Schema.Class<DeviceTokenRequest>("DeviceTokenRequest")({
+  grant_type: Schema.String,
+  device_code: DeviceCode,
+  client_id: Schema.String,
+}) {}
+
+class TokenRefreshRequest extends Schema.Class<TokenRefreshRequest>("TokenRefreshRequest")({
+  grant_type: Schema.String,
+  refresh_token: RefreshToken,
+  client_id: Schema.String,
+}) {}
+
+const clientId = "opencode-cli"
+const eagerRefreshThreshold = Duration.minutes(5)
+const eagerRefreshThresholdMs = Duration.toMillis(eagerRefreshThreshold)
+
+const isTokenFresh = (tokenExpiry: number | null, now: number) =>
+  tokenExpiry != null && tokenExpiry > now + eagerRefreshThresholdMs
+
+const mapAccountServiceError =
+  (message = "Account service operation failed") =>
+  <A, E, R>(effect: Effect.Effect<A, E, R>): Effect.Effect<A, AccountError, R> =>
+    effect.pipe(Effect.mapError((cause) => accountErrorFromCause(cause, message)))
+
+const accountErrorFromCause = (cause: unknown, message: string): AccountError => {
+  if (cause instanceof AccountServiceError || cause instanceof AccountTransportError) {
+    return cause
+  }
+
+  if (HttpClientError.isHttpClientError(cause)) {
+    switch (cause.reason._tag) {
+      case "TransportError": {
+        return AccountTransportError.fromHttpClientError(cause.reason)
+      }
+      default: {
+        return new AccountServiceError({ message, cause })
+      }
+    }
+  }
+
+  return new AccountServiceError({ message, cause })
+}
+
+export interface Interface {
+  readonly active: () => Effect.Effect<Option.Option<Info>, AccountError>
+  readonly activeOrg: () => Effect.Effect<Option.Option<ActiveOrg>, AccountError>
+  readonly list: () => Effect.Effect<Info[], AccountError>
+  readonly orgsByAccount: () => Effect.Effect<readonly AccountOrgs[], AccountError>
+  readonly remove: (accountID: AccountID) => Effect.Effect<void, AccountError>
+  readonly use: (accountID: AccountID, orgID: Option.Option<OrgID>) => Effect.Effect<void, AccountError>
+  readonly orgs: (accountID: AccountID) => Effect.Effect<readonly Org[], AccountError>
+  readonly config: (
+    accountID: AccountID,
+    orgID: OrgID,
+  ) => Effect.Effect<Option.Option<Record<string, unknown>>, AccountError>
+  readonly token: (accountID: AccountID) => Effect.Effect<Option.Option<AccessToken>, AccountError>
+  readonly login: (url: string) => Effect.Effect<Login, AccountError>
+  readonly poll: (input: Login) => Effect.Effect<PollResult, AccountError>
+}
+
+export class Service extends Context.Service<Service, Interface>()("@opencode/Account") {}
+
+export const layer: Layer.Layer<Service, never, AccountRepo | HttpClient.HttpClient> = Layer.effect(
+  Service,
+  Effect.gen(function* () {
+    const repo = yield* AccountRepo
+    const http = yield* HttpClient.HttpClient
+    const httpRead = withTransientReadRetry(http)
+    const httpOk = HttpClient.filterStatusOk(http)
+    const httpReadOk = HttpClient.filterStatusOk(httpRead)
+
+    const executeRead = (request: HttpClientRequest.HttpClientRequest) =>
+      httpRead.execute(request).pipe(mapAccountServiceError("HTTP request failed"))
+
+    const executeReadOk = (request: HttpClientRequest.HttpClientRequest) =>
+      httpReadOk.execute(request).pipe(mapAccountServiceError("HTTP request failed"))
+
+    const executeEffectOk = <E>(request: Effect.Effect<HttpClientRequest.HttpClientRequest, E>) =>
+      request.pipe(
+        Effect.flatMap((req) => httpOk.execute(req)),
+        mapAccountServiceError("HTTP request failed"),
+      )
+
+    const executeEffect = <E>(request: Effect.Effect<HttpClientRequest.HttpClientRequest, E>) =>
+      request.pipe(
+        Effect.flatMap((req) => http.execute(req)),
+        mapAccountServiceError("HTTP request failed"),
+      )
+
+    const refreshToken = Effect.fnUntraced(function* (row: AccountRow) {
+      const now = yield* Clock.currentTimeMillis
+
+      const response = yield* executeEffectOk(
+        HttpClientRequest.post(`${row.url}/auth/device/token`).pipe(
+          HttpClientRequest.acceptJson,
+          HttpClientRequest.schemaBodyJson(TokenRefreshRequest)(
+            new TokenRefreshRequest({
+              grant_type: "refresh_token",
+              refresh_token: row.refresh_token,
+              client_id: clientId,
+            }),
+          ),
+        ),
+      )
+
+      const parsed = yield* HttpClientResponse.schemaBodyJson(TokenRefresh)(response).pipe(
+        mapAccountServiceError("Failed to decode response"),
+      )
+
+      const expiry = Option.some(now + Duration.toMillis(parsed.expires_in))
+
+      yield* repo.persistToken({
+        accountID: row.id,
+        accessToken: parsed.access_token,
+        refreshToken: parsed.refresh_token,
+        expiry,
+      })
+
+      return parsed.access_token
+    })
+
+    const refreshTokenCache = yield* Cache.make<AccountID, AccessToken, AccountError>({
+      capacity: Number.POSITIVE_INFINITY,
+      timeToLive: Duration.zero,
+      lookup: Effect.fnUntraced(function* (accountID) {
+        const maybeAccount = yield* repo.getRow(accountID)
+        if (Option.isNone(maybeAccount)) {
+          return yield* Effect.fail(new AccountServiceError({ message: "Account not found during token refresh" }))
+        }
+
+        const account = maybeAccount.value
+        const now = yield* Clock.currentTimeMillis
+        if (isTokenFresh(account.token_expiry, now)) {
+          return account.access_token
+        }
+
+        return yield* refreshToken(account)
+      }),
+    })
+
+    const resolveToken = Effect.fnUntraced(function* (row: AccountRow) {
+      const now = yield* Clock.currentTimeMillis
+      if (isTokenFresh(row.token_expiry, now)) {
+        return row.access_token
+      }
+
+      return yield* Cache.get(refreshTokenCache, row.id)
+    })
+
+    const resolveAccess = Effect.fnUntraced(function* (accountID: AccountID) {
+      const maybeAccount = yield* repo.getRow(accountID)
+      if (Option.isNone(maybeAccount)) return Option.none()
+
+      const account = maybeAccount.value
+      const accessToken = yield* resolveToken(account)
+      return Option.some({ account, accessToken })
+    })
+
+    const fetchOrgs = Effect.fnUntraced(function* (url: string, accessToken: AccessToken) {
+      const response = yield* executeReadOk(
+        HttpClientRequest.get(`${url}/api/orgs`).pipe(
+          HttpClientRequest.acceptJson,
+          HttpClientRequest.bearerToken(accessToken),
+        ),
+      )
+
+      return yield* HttpClientResponse.schemaBodyJson(Schema.Array(Org))(response).pipe(
+        mapAccountServiceError("Failed to decode response"),
+      )
+    })
+
+    const fetchUser = Effect.fnUntraced(function* (url: string, accessToken: AccessToken) {
+      const response = yield* executeReadOk(
+        HttpClientRequest.get(`${url}/api/user`).pipe(
+          HttpClientRequest.acceptJson,
+          HttpClientRequest.bearerToken(accessToken),
+        ),
+      )
+
+      return yield* HttpClientResponse.schemaBodyJson(User)(response).pipe(
+        mapAccountServiceError("Failed to decode response"),
+      )
+    })
+
+    const token = Effect.fn("Account.token")((accountID: AccountID) =>
+      resolveAccess(accountID).pipe(Effect.map(Option.map((r) => r.accessToken))),
+    )
+
+    const activeOrg = Effect.fn("Account.activeOrg")(function* () {
+      const activeAccount = yield* repo.active()
+      if (Option.isNone(activeAccount)) return Option.none<ActiveOrg>()
+
+      const account = activeAccount.value
+      if (!account.active_org_id) return Option.none<ActiveOrg>()
+
+      const accountOrgs = yield* orgs(account.id)
+      const org = accountOrgs.find((item) => item.id === account.active_org_id)
+      if (!org) return Option.none<ActiveOrg>()
+
+      return Option.some({ account, org })
+    })
+
+    const orgsByAccount = Effect.fn("Account.orgsByAccount")(function* () {
+      const accounts = yield* repo.list()
+      return yield* Effect.forEach(
+        accounts,
+        (account) =>
+          orgs(account.id).pipe(
+            Effect.catch(() => Effect.succeed([] as readonly Org[])),
+            Effect.map((orgs) => ({ account, orgs })),
+          ),
+        { concurrency: 3 },
+      )
+    })
+
+    const orgs = Effect.fn("Account.orgs")(function* (accountID: AccountID) {
+      const resolved = yield* resolveAccess(accountID)
+      if (Option.isNone(resolved)) return []
+
+      const { account, accessToken } = resolved.value
+
+      return yield* fetchOrgs(account.url, accessToken)
+    })
+
+    const config = Effect.fn("Account.config")(function* (accountID: AccountID, orgID: OrgID) {
+      const resolved = yield* resolveAccess(accountID)
+      if (Option.isNone(resolved)) return Option.none()
+
+      const { account, accessToken } = resolved.value
+
+      const response = yield* executeRead(
+        HttpClientRequest.get(`${account.url}/api/config`).pipe(
+          HttpClientRequest.acceptJson,
+          HttpClientRequest.bearerToken(accessToken),
+          HttpClientRequest.setHeaders({ "x-org-id": orgID }),
+        ),
+      )
+
+      if (response.status === 404) return Option.none()
+
+      const ok = yield* HttpClientResponse.filterStatusOk(response).pipe(mapAccountServiceError())
+
+      const parsed = yield* HttpClientResponse.schemaBodyJson(RemoteConfig)(ok).pipe(
+        mapAccountServiceError("Failed to decode response"),
+      )
+      return Option.some(parsed.config)
+    })
+
+    const login = Effect.fn("Account.login")(function* (server: string) {
+      const normalizedServer = normalizeServerUrl(server)
+      const response = yield* executeEffectOk(
+        HttpClientRequest.post(`${normalizedServer}/auth/device/code`).pipe(
+          HttpClientRequest.acceptJson,
+          HttpClientRequest.schemaBodyJson(ClientId)(new ClientId({ client_id: clientId })),
+        ),
+      )
+
+      const parsed = yield* HttpClientResponse.schemaBodyJson(DeviceAuth)(response).pipe(
+        mapAccountServiceError("Failed to decode response"),
+      )
+      return new Login({
+        code: parsed.device_code,
+        user: parsed.user_code,
+        url: `${normalizedServer}${parsed.verification_uri_complete}`,
+        server: normalizedServer,
+        expiry: parsed.expires_in,
+        interval: parsed.interval,
+      })
+    })
+
+    const poll = Effect.fn("Account.poll")(function* (input: Login) {
+      const response = yield* executeEffect(
+        HttpClientRequest.post(`${input.server}/auth/device/token`).pipe(
+          HttpClientRequest.acceptJson,
+          HttpClientRequest.schemaBodyJson(DeviceTokenRequest)(
+            new DeviceTokenRequest({
+              grant_type: "urn:ietf:params:oauth:grant-type:device_code",
+              device_code: input.code,
+              client_id: clientId,
+            }),
+          ),
+        ),
+      )
+
+      const parsed = yield* HttpClientResponse.schemaBodyJson(DeviceToken)(response).pipe(
+        mapAccountServiceError("Failed to decode response"),
+      )
+
+      if (parsed instanceof DeviceTokenError) return parsed.toPollResult()
+      const accessToken = parsed.access_token
+
+      const user = fetchUser(input.server, accessToken)
+      const orgs = fetchOrgs(input.server, accessToken)
+
+      const [account, remoteOrgs] = yield* Effect.all([user, orgs], { concurrency: 2 })
+
+      // TODO: When there are multiple orgs, let the user choose
+      const firstOrgID = remoteOrgs.length > 0 ? Option.some(remoteOrgs[0].id) : Option.none<OrgID>()
+
+      const now = yield* Clock.currentTimeMillis
+      const expiry = now + Duration.toMillis(parsed.expires_in)
+      const refreshToken = parsed.refresh_token
+
+      yield* repo.persistAccount({
+        id: account.id,
+        email: account.email,
+        url: input.server,
+        accessToken,
+        refreshToken,
+        expiry,
+        orgID: firstOrgID,
+      })
+
+      return new PollSuccess({ email: account.email })
+    })
+
+    return Service.of({
+      active: repo.active,
+      activeOrg,
+      list: repo.list,
+      orgsByAccount,
+      remove: repo.remove,
+      use: repo.use,
+      orgs,
+      config,
+      token,
+      login,
+      poll,
+    })
+  }),
+)
+
+export const defaultLayer = layer.pipe(Layer.provide(AccountRepo.layer), Layer.provide(FetchHttpClient.layer))
--- a/packages/opencode/src/account/index.ts
+++ b/packages/opencode/src/account/index.ts
@@ -1,37 +1,4 @@
-import { Cache, Clock, Duration, Effect, Layer, Option, Schema, SchemaGetter, Context } from "effect"
-import {
-  FetchHttpClient,
-  HttpClient,
-  HttpClientError,
-  HttpClientRequest,
-  HttpClientResponse,
-} from "effect/unstable/http"
-
-import { withTransientReadRetry } from "@/util/effect-http-client"
-import { AccountRepo, type AccountRow } from "./repo"
-import { normalizeServerUrl } from "./url"
-import {
-  type AccountError,
-  AccessToken,
-  AccountID,
-  DeviceCode,
-  Info,
-  RefreshToken,
-  AccountServiceError,
-  AccountTransportError,
-  Login,
-  Org,
-  OrgID,
-  PollDenied,
-  PollError,
-  PollExpired,
-  PollPending,
-  type PollResult,
-  PollSlow,
-  PollSuccess,
-  UserCode,
-} from "./schema"
-
+export * as Account from "./account"
 export {
  AccountID,
  type AccountError,
@@ -52,405 +19,6 @@ export {
  PollExpired,
  PollDenied,
  PollError,
-  PollResult,
+  type PollResult,
 } from "./schema"
-
-export type AccountOrgs = {
-  account: Info
-  orgs: readonly Org[]
-}
-
-export type ActiveOrg = {
-  account: Info
-  org: Org
-}
-
-class RemoteConfig extends Schema.Class<RemoteConfig>("RemoteConfig")({
-  config: Schema.Record(Schema.String, Schema.Json),
-}) {}
-
-const DurationFromSeconds = Schema.Number.pipe(
-  Schema.decodeTo(Schema.Duration, {
-    decode: SchemaGetter.transform((n) => Duration.seconds(n)),
-    encode: SchemaGetter.transform((d) => Duration.toSeconds(d)),
-  }),
-)
-
-class TokenRefresh extends Schema.Class<TokenRefresh>("TokenRefresh")({
-  access_token: AccessToken,
-  refresh_token: RefreshToken,
-  expires_in: DurationFromSeconds,
-}) {}
-
-class DeviceAuth extends Schema.Class<DeviceAuth>("DeviceAuth")({
-  device_code: DeviceCode,
-  user_code: UserCode,
-  verification_uri_complete: Schema.String,
-  expires_in: DurationFromSeconds,
-  interval: DurationFromSeconds,
-}) {}
-
-class DeviceTokenSuccess extends Schema.Class<DeviceTokenSuccess>("DeviceTokenSuccess")({
-  access_token: AccessToken,
-  refresh_token: RefreshToken,
-  token_type: Schema.Literal("Bearer"),
-  expires_in: DurationFromSeconds,
-}) {}
-
-class DeviceTokenError extends Schema.Class<DeviceTokenError>("DeviceTokenError")({
-  error: Schema.String,
-  error_description: Schema.String,
-}) {
-  toPollResult(): PollResult {
-    if (this.error === "authorization_pending") return new PollPending()
-    if (this.error === "slow_down") return new PollSlow()
-    if (this.error === "expired_token") return new PollExpired()
-    if (this.error === "access_denied") return new PollDenied()
-    return new PollError({ cause: this.error })
-  }
-}
-
-const DeviceToken = Schema.Union([DeviceTokenSuccess, DeviceTokenError])
-
-class User extends Schema.Class<User>("User")({
-  id: AccountID,
-  email: Schema.String,
-}) {}
-
-class ClientId extends Schema.Class<ClientId>("ClientId")({ client_id: Schema.String }) {}
-
-class DeviceTokenRequest extends Schema.Class<DeviceTokenRequest>("DeviceTokenRequest")({
-  grant_type: Schema.String,
-  device_code: DeviceCode,
-  client_id: Schema.String,
-}) {}
-
-class TokenRefreshRequest extends Schema.Class<TokenRefreshRequest>("TokenRefreshRequest")({
-  grant_type: Schema.String,
-  refresh_token: RefreshToken,
-  client_id: Schema.String,
-}) {}
-
-const clientId = "opencode-cli"
-const eagerRefreshThreshold = Duration.minutes(5)
-const eagerRefreshThresholdMs = Duration.toMillis(eagerRefreshThreshold)
-
-const isTokenFresh = (tokenExpiry: number | null, now: number) =>
-  tokenExpiry != null && tokenExpiry > now + eagerRefreshThresholdMs
-
-const mapAccountServiceError =
-  (message = "Account service operation failed") =>
-  <A, E, R>(effect: Effect.Effect<A, E, R>): Effect.Effect<A, AccountError, R> =>
-    effect.pipe(Effect.mapError((cause) => accountErrorFromCause(cause, message)))
-
-const accountErrorFromCause = (cause: unknown, message: string): AccountError => {
-  if (cause instanceof AccountServiceError || cause instanceof AccountTransportError) {
-    return cause
-  }
-
-  if (HttpClientError.isHttpClientError(cause)) {
-    switch (cause.reason._tag) {
-      case "TransportError": {
-        return AccountTransportError.fromHttpClientError(cause.reason)
-      }
-      default: {
-        return new AccountServiceError({ message, cause })
-      }
-    }
-  }
-
-  return new AccountServiceError({ message, cause })
-}
-
-export namespace Account {
-  export interface Interface {
-    readonly active: () => Effect.Effect<Option.Option<Info>, AccountError>
-    readonly activeOrg: () => Effect.Effect<Option.Option<ActiveOrg>, AccountError>
-    readonly list: () => Effect.Effect<Info[], AccountError>
-    readonly orgsByAccount: () => Effect.Effect<readonly AccountOrgs[], AccountError>
-    readonly remove: (accountID: AccountID) => Effect.Effect<void, AccountError>
-    readonly use: (accountID: AccountID, orgID: Option.Option<OrgID>) => Effect.Effect<void, AccountError>
-    readonly orgs: (accountID: AccountID) => Effect.Effect<readonly Org[], AccountError>
-    readonly config: (
-      accountID: AccountID,
-      orgID: OrgID,
-    ) => Effect.Effect<Option.Option<Record<string, unknown>>, AccountError>
-    readonly token: (accountID: AccountID) => Effect.Effect<Option.Option<AccessToken>, AccountError>
-    readonly login: (url: string) => Effect.Effect<Login, AccountError>
-    readonly poll: (input: Login) => Effect.Effect<PollResult, AccountError>
-  }
-
-  export class Service extends Context.Service<Service, Interface>()("@opencode/Account") {}
-
-  export const layer: Layer.Layer<Service, never, AccountRepo | HttpClient.HttpClient> = Layer.effect(
-    Service,
-    Effect.gen(function* () {
-      const repo = yield* AccountRepo
-      const http = yield* HttpClient.HttpClient
-      const httpRead = withTransientReadRetry(http)
-      const httpOk = HttpClient.filterStatusOk(http)
-      const httpReadOk = HttpClient.filterStatusOk(httpRead)
-
-      const executeRead = (request: HttpClientRequest.HttpClientRequest) =>
-        httpRead.execute(request).pipe(mapAccountServiceError("HTTP request failed"))
-
-      const executeReadOk = (request: HttpClientRequest.HttpClientRequest) =>
-        httpReadOk.execute(request).pipe(mapAccountServiceError("HTTP request failed"))
-
-      const executeEffectOk = <E>(request: Effect.Effect<HttpClientRequest.HttpClientRequest, E>) =>
-        request.pipe(
-          Effect.flatMap((req) => httpOk.execute(req)),
-          mapAccountServiceError("HTTP request failed"),
-        )
-
-      const executeEffect = <E>(request: Effect.Effect<HttpClientRequest.HttpClientRequest, E>) =>
-        request.pipe(
-          Effect.flatMap((req) => http.execute(req)),
-          mapAccountServiceError("HTTP request failed"),
-        )
-
-      const refreshToken = Effect.fnUntraced(function* (row: AccountRow) {
-        const now = yield* Clock.currentTimeMillis
-
-        const response = yield* executeEffectOk(
-          HttpClientRequest.post(`${row.url}/auth/device/token`).pipe(
-            HttpClientRequest.acceptJson,
-            HttpClientRequest.schemaBodyJson(TokenRefreshRequest)(
-              new TokenRefreshRequest({
-                grant_type: "refresh_token",
-                refresh_token: row.refresh_token,
-                client_id: clientId,
-              }),
-            ),
-          ),
-        )
-
-        const parsed = yield* HttpClientResponse.schemaBodyJson(TokenRefresh)(response).pipe(
-          mapAccountServiceError("Failed to decode response"),
-        )
-
-        const expiry = Option.some(now + Duration.toMillis(parsed.expires_in))
-
-        yield* repo.persistToken({
-          accountID: row.id,
-          accessToken: parsed.access_token,
-          refreshToken: parsed.refresh_token,
-          expiry,
-        })
-
-        return parsed.access_token
-      })
-
-      const refreshTokenCache = yield* Cache.make<AccountID, AccessToken, AccountError>({
-        capacity: Number.POSITIVE_INFINITY,
-        timeToLive: Duration.zero,
-        lookup: Effect.fnUntraced(function* (accountID) {
-          const maybeAccount = yield* repo.getRow(accountID)
-          if (Option.isNone(maybeAccount)) {
-            return yield* Effect.fail(new AccountServiceError({ message: "Account not found during token refresh" }))
-          }
-
-          const account = maybeAccount.value
-          const now = yield* Clock.currentTimeMillis
-          if (isTokenFresh(account.token_expiry, now)) {
-            return account.access_token
-          }
-
-          return yield* refreshToken(account)
-        }),
-      })
-
-      const resolveToken = Effect.fnUntraced(function* (row: AccountRow) {
-        const now = yield* Clock.currentTimeMillis
-        if (isTokenFresh(row.token_expiry, now)) {
-          return row.access_token
-        }
-
-        return yield* Cache.get(refreshTokenCache, row.id)
-      })
-
-      const resolveAccess = Effect.fnUntraced(function* (accountID: AccountID) {
-        const maybeAccount = yield* repo.getRow(accountID)
-        if (Option.isNone(maybeAccount)) return Option.none()
-
-        const account = maybeAccount.value
-        const accessToken = yield* resolveToken(account)
-        return Option.some({ account, accessToken })
-      })
-
-      const fetchOrgs = Effect.fnUntraced(function* (url: string, accessToken: AccessToken) {
-        const response = yield* executeReadOk(
-          HttpClientRequest.get(`${url}/api/orgs`).pipe(
-            HttpClientRequest.acceptJson,
-            HttpClientRequest.bearerToken(accessToken),
-          ),
-        )
-
-        return yield* HttpClientResponse.schemaBodyJson(Schema.Array(Org))(response).pipe(
-          mapAccountServiceError("Failed to decode response"),
-        )
-      })
-
-      const fetchUser = Effect.fnUntraced(function* (url: string, accessToken: AccessToken) {
-        const response = yield* executeReadOk(
-          HttpClientRequest.get(`${url}/api/user`).pipe(
-            HttpClientRequest.acceptJson,
-            HttpClientRequest.bearerToken(accessToken),
-          ),
-        )
-
-        return yield* HttpClientResponse.schemaBodyJson(User)(response).pipe(
-          mapAccountServiceError("Failed to decode response"),
-        )
-      })
-
-      const token = Effect.fn("Account.token")((accountID: AccountID) =>
-        resolveAccess(accountID).pipe(Effect.map(Option.map((r) => r.accessToken))),
-      )
-
-      const activeOrg = Effect.fn("Account.activeOrg")(function* () {
-        const activeAccount = yield* repo.active()
-        if (Option.isNone(activeAccount)) return Option.none<ActiveOrg>()
-
-        const account = activeAccount.value
-        if (!account.active_org_id) return Option.none<ActiveOrg>()
-
-        const accountOrgs = yield* orgs(account.id)
-        const org = accountOrgs.find((item) => item.id === account.active_org_id)
-        if (!org) return Option.none<ActiveOrg>()
-
-        return Option.some({ account, org })
-      })
-
-      const orgsByAccount = Effect.fn("Account.orgsByAccount")(function* () {
-        const accounts = yield* repo.list()
-        return yield* Effect.forEach(
-          accounts,
-          (account) =>
-            orgs(account.id).pipe(
-              Effect.catch(() => Effect.succeed([] as readonly Org[])),
-              Effect.map((orgs) => ({ account, orgs })),
-            ),
-          { concurrency: 3 },
-        )
-      })
-
-      const orgs = Effect.fn("Account.orgs")(function* (accountID: AccountID) {
-        const resolved = yield* resolveAccess(accountID)
-        if (Option.isNone(resolved)) return []
-
-        const { account, accessToken } = resolved.value
-
-        return yield* fetchOrgs(account.url, accessToken)
-      })
-
-      const config = Effect.fn("Account.config")(function* (accountID: AccountID, orgID: OrgID) {
-        const resolved = yield* resolveAccess(accountID)
-        if (Option.isNone(resolved)) return Option.none()
-
-        const { account, accessToken } = resolved.value
-
-        const response = yield* executeRead(
-          HttpClientRequest.get(`${account.url}/api/config`).pipe(
-            HttpClientRequest.acceptJson,
-            HttpClientRequest.bearerToken(accessToken),
-            HttpClientRequest.setHeaders({ "x-org-id": orgID }),
-          ),
-        )
-
-        if (response.status === 404) return Option.none()
-
-        const ok = yield* HttpClientResponse.filterStatusOk(response).pipe(mapAccountServiceError())
-
-        const parsed = yield* HttpClientResponse.schemaBodyJson(RemoteConfig)(ok).pipe(
-          mapAccountServiceError("Failed to decode response"),
-        )
-        return Option.some(parsed.config)
-      })
-
-      const login = Effect.fn("Account.login")(function* (server: string) {
-        const normalizedServer = normalizeServerUrl(server)
-        const response = yield* executeEffectOk(
-          HttpClientRequest.post(`${normalizedServer}/auth/device/code`).pipe(
-            HttpClientRequest.acceptJson,
-            HttpClientRequest.schemaBodyJson(ClientId)(new ClientId({ client_id: clientId })),
-          ),
-        )
-
-        const parsed = yield* HttpClientResponse.schemaBodyJson(DeviceAuth)(response).pipe(
-          mapAccountServiceError("Failed to decode response"),
-        )
-        return new Login({
-          code: parsed.device_code,
-          user: parsed.user_code,
-          url: `${normalizedServer}${parsed.verification_uri_complete}`,
-          server: normalizedServer,
-          expiry: parsed.expires_in,
-          interval: parsed.interval,
-        })
-      })
-
-      const poll = Effect.fn("Account.poll")(function* (input: Login) {
-        const response = yield* executeEffect(
-          HttpClientRequest.post(`${input.server}/auth/device/token`).pipe(
-            HttpClientRequest.acceptJson,
-            HttpClientRequest.schemaBodyJson(DeviceTokenRequest)(
-              new DeviceTokenRequest({
-                grant_type: "urn:ietf:params:oauth:grant-type:device_code",
-                device_code: input.code,
-                client_id: clientId,
-              }),
-            ),
-          ),
-        )
-
-        const parsed = yield* HttpClientResponse.schemaBodyJson(DeviceToken)(response).pipe(
-          mapAccountServiceError("Failed to decode response"),
-        )
-
-        if (parsed instanceof DeviceTokenError) return parsed.toPollResult()
-        const accessToken = parsed.access_token
-
-        const user = fetchUser(input.server, accessToken)
-        const orgs = fetchOrgs(input.server, accessToken)
-
-        const [account, remoteOrgs] = yield* Effect.all([user, orgs], { concurrency: 2 })
-
-        // TODO: When there are multiple orgs, let the user choose
-        const firstOrgID = remoteOrgs.length > 0 ? Option.some(remoteOrgs[0].id) : Option.none<OrgID>()
-
-        const now = yield* Clock.currentTimeMillis
-        const expiry = now + Duration.toMillis(parsed.expires_in)
-        const refreshToken = parsed.refresh_token
-
-        yield* repo.persistAccount({
-          id: account.id,
-          email: account.email,
-          url: input.server,
-          accessToken,
-          refreshToken,
-          expiry,
-          orgID: firstOrgID,
-        })
-
-        return new PollSuccess({ email: account.email })
-      })
-
-      return Service.of({
-        active: repo.active,
-        activeOrg,
-        list: repo.list,
-        orgsByAccount,
-        remove: repo.remove,
-        use: repo.use,
-        orgs,
-        config,
-        token,
-        login,
-        poll,
-      })
-    }),
-  )
-
-  export const defaultLayer = layer.pipe(Layer.provide(AccountRepo.layer), Layer.provide(FetchHttpClient.layer))
-}
+export type { AccountOrgs, ActiveOrg } from "./account"
--- a/packages/opencode/src/acp/agent.ts
+++ b/packages/opencode/src/acp/agent.ts
@@ -37,7 +37,7 @@ import { Filesystem } from "../util/filesystem"
 import { Hash } from "@opencode-ai/shared/util/hash"
 import { ACPSessionManager } from "./session"
 import type { ACPConfig } from "./types"
-import { Provider } from "../provider/provider"
+import { Provider } from "../provider"
 import { ModelID, ProviderID } from "../provider/schema"
 import { Agent as AgentModule } from "../agent/agent"
 import { AppRuntime } from "@/effect/app-runtime"
--- a/packages/opencode/src/agent/agent.ts
+++ b/packages/opencode/src/agent/agent.ts
@@ -1,6 +1,6 @@
 import { Config } from "../config"
 import z from "zod"
-import { Provider } from "../provider/provider"
+import { Provider } from "../provider"
 import { ModelID, ProviderID } from "../provider/schema"
 import { generateObject, streamObject, type ModelMessage } from "ai"
 import { Instance } from "../project/instance"
@@ -20,7 +20,7 @@ import path from "path"
 import { Plugin } from "@/plugin"
 import { Skill } from "../skill"
 import { Effect, Context, Layer } from "effect"
-import { InstanceState } from "@/effect/instance-state"
+import { InstanceState } from "@/effect"
 import * as Option from "effect/Option"
 import * as OtelTracer from "@effect/opentelemetry/Tracer"

@@ -80,7 +80,7 @@ export namespace Agent {
      const provider = yield* Provider.Service

      const state = yield* InstanceState.make<State>(
-        Effect.fn("Agent.state")(function* (ctx) {
+        Effect.fn("Agent.state")(function* (_ctx) {
          const cfg = yield* config.get()
          const skillDirs = yield* skill.dirs()
          const whitelistedDirs = [Truncate.GLOB, ...skillDirs.map((dir) => path.join(dir, "*"))]
--- a/packages/opencode/src/auth/auth.ts
+++ b/packages/opencode/src/auth/auth.ts
@@ -0,0 +1,89 @@
+import path from "path"
+import { Effect, Layer, Record, Result, Schema, Context } from "effect"
+import { zod } from "@/util/effect-zod"
+import { Global } from "../global"
+import { AppFileSystem } from "@opencode-ai/shared/filesystem"
+
+export const OAUTH_DUMMY_KEY = "opencode-oauth-dummy-key"
+
+const file = path.join(Global.Path.data, "auth.json")
+
+const fail = (message: string) => (cause: unknown) => new AuthError({ message, cause })
+
+export class Oauth extends Schema.Class<Oauth>("OAuth")({
+  type: Schema.Literal("oauth"),
+  refresh: Schema.String,
+  access: Schema.String,
+  expires: Schema.Number,
+  accountId: Schema.optional(Schema.String),
+  enterpriseUrl: Schema.optional(Schema.String),
+}) {}
+
+export class Api extends Schema.Class<Api>("ApiAuth")({
+  type: Schema.Literal("api"),
+  key: Schema.String,
+  metadata: Schema.optional(Schema.Record(Schema.String, Schema.String)),
+}) {}
+
+export class WellKnown extends Schema.Class<WellKnown>("WellKnownAuth")({
+  type: Schema.Literal("wellknown"),
+  key: Schema.String,
+  token: Schema.String,
+}) {}
+
+const _Info = Schema.Union([Oauth, Api, WellKnown]).annotate({ discriminator: "type", identifier: "Auth" })
+export const Info = Object.assign(_Info, { zod: zod(_Info) })
+export type Info = Schema.Schema.Type<typeof _Info>
+
+export class AuthError extends Schema.TaggedErrorClass<AuthError>()("AuthError", {
+  message: Schema.String,
+  cause: Schema.optional(Schema.Defect),
+}) {}
+
+export interface Interface {
+  readonly get: (providerID: string) => Effect.Effect<Info | undefined, AuthError>
+  readonly all: () => Effect.Effect<Record<string, Info>, AuthError>
+  readonly set: (key: string, info: Info) => Effect.Effect<void, AuthError>
+  readonly remove: (key: string) => Effect.Effect<void, AuthError>
+}
+
+export class Service extends Context.Service<Service, Interface>()("@opencode/Auth") {}
+
+export const layer = Layer.effect(
+  Service,
+  Effect.gen(function* () {
+    const fsys = yield* AppFileSystem.Service
+    const decode = Schema.decodeUnknownOption(Info)
+
+    const all = Effect.fn("Auth.all")(function* () {
+      const data = (yield* fsys.readJson(file).pipe(Effect.orElseSucceed(() => ({})))) as Record<string, unknown>
+      return Record.filterMap(data, (value) => Result.fromOption(decode(value), () => undefined))
+    })
+
+    const get = Effect.fn("Auth.get")(function* (providerID: string) {
+      return (yield* all())[providerID]
+    })
+
+    const set = Effect.fn("Auth.set")(function* (key: string, info: Info) {
+      const norm = key.replace(/\/+$/, "")
+      const data = yield* all()
+      if (norm !== key) delete data[key]
+      delete data[norm + "/"]
+      yield* fsys
+        .writeJson(file, { ...data, [norm]: info }, 0o600)
+        .pipe(Effect.mapError(fail("Failed to write auth data")))
+    })
+
+    const remove = Effect.fn("Auth.remove")(function* (key: string) {
+      const norm = key.replace(/\/+$/, "")
+      const data = yield* all()
+      delete data[key]
+      delete data[norm]
+      yield* fsys.writeJson(file, data, 0o600).pipe(Effect.mapError(fail("Failed to write auth data")))
+    })
+
+    return Service.of({ get, all, set, remove })
+  }),
+)
+
+export const defaultLayer = layer.pipe(Layer.provide(AppFileSystem.defaultLayer))
--- a/packages/opencode/src/auth/index.ts
+++ b/packages/opencode/src/auth/index.ts
@@ -1,91 +1,2 @@
-import path from "path"
-import { Effect, Layer, Record, Result, Schema, Context } from "effect"
-import { zod } from "@/util/effect-zod"
-import { Global } from "../global"
-import { AppFileSystem } from "@opencode-ai/shared/filesystem"
-
-export const OAUTH_DUMMY_KEY = "opencode-oauth-dummy-key"
-
-const file = path.join(Global.Path.data, "auth.json")
-
-const fail = (message: string) => (cause: unknown) => new Auth.AuthError({ message, cause })
-
-export namespace Auth {
-  export class Oauth extends Schema.Class<Oauth>("OAuth")({
-    type: Schema.Literal("oauth"),
-    refresh: Schema.String,
-    access: Schema.String,
-    expires: Schema.Number,
-    accountId: Schema.optional(Schema.String),
-    enterpriseUrl: Schema.optional(Schema.String),
-  }) {}
-
-  export class Api extends Schema.Class<Api>("ApiAuth")({
-    type: Schema.Literal("api"),
-    key: Schema.String,
-    metadata: Schema.optional(Schema.Record(Schema.String, Schema.String)),
-  }) {}
-
-  export class WellKnown extends Schema.Class<WellKnown>("WellKnownAuth")({
-    type: Schema.Literal("wellknown"),
-    key: Schema.String,
-    token: Schema.String,
-  }) {}
-
-  const _Info = Schema.Union([Oauth, Api, WellKnown]).annotate({ discriminator: "type", identifier: "Auth" })
-  export const Info = Object.assign(_Info, { zod: zod(_Info) })
-  export type Info = Schema.Schema.Type<typeof _Info>
-
-  export class AuthError extends Schema.TaggedErrorClass<AuthError>()("AuthError", {
-    message: Schema.String,
-    cause: Schema.optional(Schema.Defect),
-  }) {}
-
-  export interface Interface {
-    readonly get: (providerID: string) => Effect.Effect<Info | undefined, AuthError>
-    readonly all: () => Effect.Effect<Record<string, Info>, AuthError>
-    readonly set: (key: string, info: Info) => Effect.Effect<void, AuthError>
-    readonly remove: (key: string) => Effect.Effect<void, AuthError>
-  }
-
-  export class Service extends Context.Service<Service, Interface>()("@opencode/Auth") {}
-
-  export const layer = Layer.effect(
-    Service,
-    Effect.gen(function* () {
-      const fsys = yield* AppFileSystem.Service
-      const decode = Schema.decodeUnknownOption(Info)
-
-      const all = Effect.fn("Auth.all")(function* () {
-        const data = (yield* fsys.readJson(file).pipe(Effect.orElseSucceed(() => ({})))) as Record<string, unknown>
-        return Record.filterMap(data, (value) => Result.fromOption(decode(value), () => undefined))
-      })
-
-      const get = Effect.fn("Auth.get")(function* (providerID: string) {
-        return (yield* all())[providerID]
-      })
-
-      const set = Effect.fn("Auth.set")(function* (key: string, info: Info) {
-        const norm = key.replace(/\/+$/, "")
-        const data = yield* all()
-        if (norm !== key) delete data[key]
-        delete data[norm + "/"]
-        yield* fsys
-          .writeJson(file, { ...data, [norm]: info }, 0o600)
-          .pipe(Effect.mapError(fail("Failed to write auth data")))
-      })
-
-      const remove = Effect.fn("Auth.remove")(function* (key: string) {
-        const norm = key.replace(/\/+$/, "")
-        const data = yield* all()
-        delete data[key]
-        delete data[norm]
-        yield* fsys.writeJson(file, data, 0o600).pipe(Effect.mapError(fail("Failed to write auth data")))
-      })
-
-      return Service.of({ get, all, set, remove })
-    }),
-  )
-
-  export const defaultLayer = layer.pipe(Layer.provide(AppFileSystem.defaultLayer))
-}
+export * as Auth from "./auth"
+export { OAUTH_DUMMY_KEY } from "./auth"
--- a/packages/opencode/src/bus/bus-event.ts
+++ b/packages/opencode/src/bus/bus-event.ts
@@ -25,7 +25,7 @@ export namespace BusEvent {
            properties: def.properties,
          })
          .meta({
-            ref: "Event" + "." + def.type,
+            ref: `Event.${def.type}`,
          })
      })
      .toArray()
--- a/packages/opencode/src/bus/bus.ts
+++ b/packages/opencode/src/bus/bus.ts
@@ -1,11 +1,10 @@
 import z from "zod"
 import { Effect, Exit, Layer, PubSub, Scope, Context, Stream } from "effect"
-import { EffectBridge } from "@/effect/bridge"
+import { EffectBridge } from "@/effect"
 import { Log } from "../util/log"
 import { BusEvent } from "./bus-event"
 import { GlobalBus } from "./global"
-import { WorkspaceContext } from "@/control-plane/workspace-context"
-import { InstanceState } from "@/effect/instance-state"
+import { InstanceState } from "@/effect"
 import { makeRuntime } from "@/effect/run-service"

 const log = Log.create({ service: "bus" })
--- a/packages/opencode/src/cli/cmd/agent.ts
+++ b/packages/opencode/src/cli/cmd/agent.ts
@@ -4,7 +4,7 @@ import { AppRuntime } from "@/effect/app-runtime"
 import { UI } from "../ui"
 import { Global } from "../../global"
 import { Agent } from "../../agent/agent"
-import { Provider } from "../../provider/provider"
+import { Provider } from "../../provider"
 import path from "path"
 import fs from "fs/promises"
 import { Filesystem } from "../../util/filesystem"
--- a/packages/opencode/src/cli/cmd/debug/agent.ts
+++ b/packages/opencode/src/cli/cmd/debug/agent.ts
@@ -2,7 +2,7 @@ import { EOL } from "os"
 import { basename } from "path"
 import { Effect } from "effect"
 import { Agent } from "../../../agent/agent"
-import { Provider } from "../../../provider/provider"
+import { Provider } from "../../../provider"
 import { Session } from "../../../session"
 import type { MessageV2 } from "../../../session/message-v2"
 import { MessageID, PartID } from "../../../session/schema"
@@ -111,6 +111,7 @@ function parseToolParams(input?: string) {
      } catch (evalError) {
        throw new Error(
          `Failed to parse --params. Use JSON or a JS object literal. JSON error: ${jsonError}. Eval error: ${evalError}.`,
+          { cause: evalError },
        )
      }
    }
--- a/packages/opencode/src/cli/cmd/debug/scrap.ts
+++ b/packages/opencode/src/cli/cmd/debug/scrap.ts
@@ -1,5 +1,5 @@
 import { EOL } from "os"
-import { Project } from "../../../project/project"
+import { Project } from "../../../project"
 import { Log } from "../../../util/log"
 import { cmd } from "../cmd"

--- a/packages/opencode/src/cli/cmd/github.ts
+++ b/packages/opencode/src/cli/cmd/github.ts
@@ -25,7 +25,7 @@ import { SessionShare } from "@/share/session"
 import { Session } from "../../session"
 import type { SessionID } from "../../session/schema"
 import { MessageID, PartID } from "../../session/schema"
-import { Provider } from "../../provider/provider"
+import { Provider } from "../../provider"
 import { Bus } from "../../bus"
 import { MessageV2 } from "../../session/message-v2"
 import { SessionPrompt } from "@/session/prompt"
@@ -1031,6 +1031,7 @@ export const GithubRunCommand = cmd({
          console.error("Failed to get OIDC token:", error instanceof Error ? error.message : error)
          throw new Error(
            "Could not fetch an OIDC token. Make sure to add `id-token: write` to your workflow permissions.",
+            { cause: error },
          )
        }
      }
@@ -1221,7 +1222,7 @@ export const GithubRunCommand = cmd({
          console.log(`  permission: ${permission}`)
        } catch (error) {
          console.error(`Failed to check permissions: ${error}`)
-          throw new Error(`Failed to check permissions for user ${actor}: ${error}`)
+          throw new Error(`Failed to check permissions for user ${actor}: ${error}`, { cause: error })
        }

        if (!["admin", "write"].includes(permission)) throw new Error(`User ${actor} does not have write permissions`)
--- a/packages/opencode/src/cli/cmd/models.ts
+++ b/packages/opencode/src/cli/cmd/models.ts
@@ -1,6 +1,6 @@
 import type { Argv } from "yargs"
 import { Instance } from "../../project/instance"
-import { Provider } from "../../provider/provider"
+import { Provider } from "../../provider"
 import { ProviderID } from "../../provider/schema"
 import { ModelsDev } from "../../provider/models"
 import { cmd } from "./cmd"
--- a/packages/opencode/src/cli/cmd/run.ts
+++ b/packages/opencode/src/cli/cmd/run.ts
@@ -9,7 +9,7 @@ import { EOL } from "os"
 import { Filesystem } from "../../util/filesystem"
 import { createOpencodeClient, type OpencodeClient, type ToolPart } from "@opencode-ai/sdk/v2"
 import { Server } from "../../server/server"
-import { Provider } from "../../provider/provider"
+import { Provider } from "../../provider"
 import { Agent } from "../../agent/agent"
 import { Permission } from "../../permission"
 import { Tool } from "../../tool/tool"
--- a/packages/opencode/src/cli/cmd/stats.ts
+++ b/packages/opencode/src/cli/cmd/stats.ts
@@ -4,7 +4,7 @@ import { Session } from "../../session"
 import { bootstrap } from "../bootstrap"
 import { Database } from "../../storage/db"
 import { SessionTable } from "../../session/session.sql"
-import { Project } from "../../project/project"
+import { Project } from "../../project"
 import { Instance } from "../../project/instance"
 import { AppRuntime } from "@/effect/app-runtime"

--- a/packages/opencode/src/cli/cmd/tui/app.tsx
+++ b/packages/opencode/src/cli/cmd/tui/app.tsx
@@ -52,7 +52,7 @@ import { ExitProvider, useExit } from "./context/exit"
 import { Session as SessionApi } from "@/session"
 import { TuiEvent } from "./event"
 import { KVProvider, useKV } from "./context/kv"
-import { Provider } from "@/provider/provider"
+import { Provider } from "@/provider"
 import { ArgsProvider, useArgs, type Args } from "./context/args"
 import open from "open"
 import { PromptRefProvider, usePromptRef } from "./context/prompt"
--- a/packages/opencode/src/cli/cmd/tui/component/dialog-mcp.tsx
+++ b/packages/opencode/src/cli/cmd/tui/component/dialog-mcp.tsx
@@ -78,7 +78,7 @@ export function DialogMcp() {
      title="MCPs"
      options={options()}
      keybind={keybinds()}
-      onSelect={(option) => {
+      onSelect={(_option) => {
        // Don't close on select, only on escape
      }}
    />
--- a/packages/opencode/src/cli/cmd/tui/component/prompt/autocomplete.tsx
+++ b/packages/opencode/src/cli/cmd/tui/component/prompt/autocomplete.tsx
@@ -111,7 +111,7 @@ export function Autocomplete(props: {

  const position = createMemo(() => {
    if (!store.visible) return { x: 0, y: 0, width: 0 }
-    const dims = dimensions()
+    dimensions()
    positionTick()
    const anchor = props.anchor()
    const parent = anchor.parent
--- a/packages/opencode/src/cli/cmd/tui/context/local.tsx
+++ b/packages/opencode/src/cli/cmd/tui/context/local.tsx
@@ -8,7 +8,7 @@ import { Global } from "@/global"
 import { iife } from "@/util/iife"
 import { createSimpleContext } from "./helper"
 import { useToast } from "../ui/toast"
-import { Provider } from "@/provider/provider"
+import { Provider } from "@/provider"
 import { useArgs } from "./args"
 import { useSDK } from "./sdk"
 import { RGBA } from "@opentui/core"
--- a/packages/opencode/src/cli/cmd/tui/context/sdk.tsx
+++ b/packages/opencode/src/cli/cmd/tui/context/sdk.tsx
@@ -1,5 +1,5 @@
 import { createOpencodeClient } from "@opencode-ai/sdk/v2"
-import type { GlobalEvent, Event } from "@opencode-ai/sdk/v2"
+import type { GlobalEvent } from "@opencode-ai/sdk/v2"
 import { createSimpleContext } from "./helper"
 import { createGlobalEmitter } from "@solid-primitives/event-bus"
 import { batch, onCleanup, onMount } from "solid-js"
--- a/packages/opencode/src/cli/cmd/tui/plugin/api.tsx
+++ b/packages/opencode/src/cli/cmd/tui/plugin/api.tsx
@@ -19,7 +19,6 @@ import { Prompt } from "../component/prompt"
 import { Slot as HostSlot } from "./slots"
 import type { useToast } from "../ui/toast"
 import { Installation } from "@/installation"
-import { type OpencodeClient } from "@opencode-ai/sdk/v2"

 type RouteEntry = {
  key: symbol
--- a/packages/opencode/src/cli/cmd/tui/routes/session/index.tsx
+++ b/packages/opencode/src/cli/cmd/tui/routes/session/index.tsx
@@ -157,10 +157,10 @@ export function Session() {
  const [showThinking, setShowThinking] = kv.signal("thinking_visibility", true)
  const [timestamps, setTimestamps] = kv.signal<"hide" | "show">("timestamps", "hide")
  const [showDetails, setShowDetails] = kv.signal("tool_details_visibility", true)
-  const [showAssistantMetadata, setShowAssistantMetadata] = kv.signal("assistant_metadata_visibility", true)
+  const [showAssistantMetadata, _setShowAssistantMetadata] = kv.signal("assistant_metadata_visibility", true)
  const [showScrollbar, setShowScrollbar] = kv.signal("scrollbar_visible", false)
  const [diffWrapMode] = kv.signal<"word" | "none">("diff_wrap_mode", "word")
-  const [animationsEnabled, setAnimationsEnabled] = kv.signal("animations_enabled", true)
+  const [_animationsEnabled, _setAnimationsEnabled] = kv.signal("animations_enabled", true)
  const [showGenericToolOutput, setShowGenericToolOutput] = kv.signal("generic_tool_output_visibility", false)

  const wide = createMemo(() => dimensions().width > 120)
--- a/packages/opencode/src/cli/cmd/tui/routes/session/permission.tsx
+++ b/packages/opencode/src/cli/cmd/tui/routes/session/permission.tsx
@@ -599,7 +599,7 @@ function Prompt<const T extends Record<string, string>>(props: {
  })

  const hint = createMemo(() => (store.expanded ? "minimize" : "fullscreen"))
-  const renderer = useRenderer()
+  useRenderer()

  const content = () => (
    <box
--- a/packages/opencode/src/cli/cmd/tui/routes/session/subagent-footer.tsx
+++ b/packages/opencode/src/cli/cmd/tui/routes/session/subagent-footer.tsx
@@ -59,7 +59,7 @@ export function SubagentFooter() {
  const keybind = useKeybind()
  const command = useCommandDialog()
  const [hover, setHover] = createSignal<"parent" | "prev" | "next" | null>(null)
-  const dimensions = useTerminalDimensions()
+  useTerminalDimensions()

  return (
    <box flexShrink={0}>
--- a/packages/opencode/src/cli/cmd/tui/ui/dialog-confirm.tsx
+++ b/packages/opencode/src/cli/cmd/tui/ui/dialog-confirm.tsx
@@ -54,7 +54,7 @@ export function DialogConfirm(props: DialogConfirmProps) {
              paddingLeft={1}
              paddingRight={1}
              backgroundColor={key === store.active ? theme.primary : undefined}
-              onMouseUp={(evt) => {
+              onMouseUp={(_evt) => {
                if (key === "confirm") props.onConfirm?.()
                if (key === "cancel") props.onCancel?.()
                dialog.clear()
--- a/packages/opencode/src/cli/cmd/tui/ui/dialog-export-options.tsx
+++ b/packages/opencode/src/cli/cmd/tui/ui/dialog-export-options.tsx
@@ -2,7 +2,7 @@ import { TextareaRenderable, TextAttributes } from "@opentui/core"
 import { useTheme } from "../context/theme"
 import { useDialog, type DialogContext } from "./dialog"
 import { createStore } from "solid-js/store"
-import { onMount, Show, type JSX } from "solid-js"
+import { onMount, Show } from "solid-js"
 import { useKeyboard } from "@opentui/solid"

 export type DialogExportOptionsProps = {
--- a/packages/opencode/src/cli/cmd/web.ts
+++ b/packages/opencode/src/cli/cmd/web.ts
@@ -34,7 +34,7 @@ export const WebCommand = cmd({
  describe: "start opencode server and open web interface",
  handler: async (args) => {
    if (!Flag.OPENCODE_SERVER_PASSWORD) {
-      UI.println(UI.Style.TEXT_WARNING_BOLD + "!  " + "OPENCODE_SERVER_PASSWORD is not set; server is unsecured.")
+      UI.println(UI.Style.TEXT_WARNING_BOLD + "!  OPENCODE_SERVER_PASSWORD is not set; server is unsecured.")
    }
    const opts = await resolveNetworkOptions(args)
    const server = await Server.listen(opts)
--- a/packages/opencode/src/cli/error.ts
+++ b/packages/opencode/src/cli/error.ts
@@ -3,7 +3,7 @@ import { ConfigMarkdown } from "@/config/markdown"
 import { errorFormat } from "@/util/error"
 import { Config } from "../config"
 import { MCP } from "../mcp"
-import { Provider } from "../provider/provider"
+import { Provider } from "../provider"
 import { UI } from "./ui"

 export function FormatError(input: unknown) {
--- a/packages/opencode/src/cli/network.ts
+++ b/packages/opencode/src/cli/network.ts
@@ -43,8 +43,6 @@ export async function resolveNetworkOptions(args: NetworkOptions) {
  const hostnameExplicitlySet = process.argv.includes("--hostname")
  const mdnsExplicitlySet = process.argv.includes("--mdns")
  const mdnsDomainExplicitlySet = process.argv.includes("--mdns-domain")
-  const corsExplicitlySet = process.argv.includes("--cors")
-
  const mdns = mdnsExplicitlySet ? args.mdns : (config?.server?.mdns ?? args.mdns)
  const mdnsDomain = mdnsDomainExplicitlySet ? args["mdns-domain"] : (config?.server?.mdnsDomain ?? args["mdns-domain"])
  const port = portExplicitlySet ? args.port : (config?.server?.port ?? args.port)
--- a/packages/opencode/src/command/command.ts
+++ b/packages/opencode/src/command/command.ts
@@ -0,0 +1,186 @@
+import { BusEvent } from "@/bus/bus-event"
+import { InstanceState } from "@/effect"
+import { EffectBridge } from "@/effect"
+import type { InstanceContext } from "@/project/instance"
+import { SessionID, MessageID } from "@/session/schema"
+import { Effect, Layer, Context } from "effect"
+import z from "zod"
+import { Config } from "../config"
+import { MCP } from "../mcp"
+import { Skill } from "../skill"
+import PROMPT_INITIALIZE from "./template/initialize.txt"
+import PROMPT_REVIEW from "./template/review.txt"
+
+type State = {
+  commands: Record<string, Info>
+}
+
+export const Event = {
+  Executed: BusEvent.define(
+    "command.executed",
+    z.object({
+      name: z.string(),
+      sessionID: SessionID.zod,
+      arguments: z.string(),
+      messageID: MessageID.zod,
+    }),
+  ),
+}
+
+export const Info = z
+  .object({
+    name: z.string(),
+    description: z.string().optional(),
+    agent: z.string().optional(),
+    model: z.string().optional(),
+    source: z.enum(["command", "mcp", "skill"]).optional(),
+    // workaround for zod not supporting async functions natively so we use getters
+    // https://zod.dev/v4/changelog?id=zfunction
+    template: z.promise(z.string()).or(z.string()),
+    subtask: z.boolean().optional(),
+    hints: z.array(z.string()),
+  })
+  .meta({
+    ref: "Command",
+  })
+
+// for some reason zod is inferring `string` for z.promise(z.string()).or(z.string()) so we have to manually override it
+export type Info = Omit<z.infer<typeof Info>, "template"> & { template: Promise<string> | string }
+
+export function hints(template: string) {
+  const result: string[] = []
+  const numbered = template.match(/\$\d+/g)
+  if (numbered) {
+    for (const match of [...new Set(numbered)].sort()) result.push(match)
+  }
+  if (template.includes("$ARGUMENTS")) result.push("$ARGUMENTS")
+  return result
+}
+
+export const Default = {
+  INIT: "init",
+  REVIEW: "review",
+} as const
+
+export interface Interface {
+  readonly get: (name: string) => Effect.Effect<Info | undefined>
+  readonly list: () => Effect.Effect<Info[]>
+}
+
+export class Service extends Context.Service<Service, Interface>()("@opencode/Command") {}
+
+export const layer = Layer.effect(
+  Service,
+  Effect.gen(function* () {
+    const config = yield* Config.Service
+    const mcp = yield* MCP.Service
+    const skill = yield* Skill.Service
+
+    const init = Effect.fn("Command.state")(function* (ctx: InstanceContext) {
+      const cfg = yield* config.get()
+      const bridge = yield* EffectBridge.make()
+      const commands: Record<string, Info> = {}
+
+      commands[Default.INIT] = {
+        name: Default.INIT,
+        description: "guided AGENTS.md setup",
+        source: "command",
+        get template() {
+          return PROMPT_INITIALIZE.replace("${path}", ctx.worktree)
+        },
+        hints: hints(PROMPT_INITIALIZE),
+      }
+      commands[Default.REVIEW] = {
+        name: Default.REVIEW,
+        description: "review changes [commit|branch|pr], defaults to uncommitted",
+        source: "command",
+        get template() {
+          return PROMPT_REVIEW.replace("${path}", ctx.worktree)
+        },
+        subtask: true,
+        hints: hints(PROMPT_REVIEW),
+      }
+
+      for (const [name, command] of Object.entries(cfg.command ?? {})) {
+        commands[name] = {
+          name,
+          agent: command.agent,
+          model: command.model,
+          description: command.description,
+          source: "command",
+          get template() {
+            return command.template
+          },
+          subtask: command.subtask,
+          hints: hints(command.template),
+        }
+      }
+
+      for (const [name, prompt] of Object.entries(yield* mcp.prompts())) {
+        commands[name] = {
+          name,
+          source: "mcp",
+          description: prompt.description,
+          get template() {
+            return bridge.promise(
+              mcp
+                .getPrompt(
+                  prompt.client,
+                  prompt.name,
+                  prompt.arguments
+                    ? Object.fromEntries(prompt.arguments.map((argument, i) => [argument.name, `$${i + 1}`]))
+                    : {},
+                )
+                .pipe(
+                  Effect.map(
+                    (template) =>
+                      template?.messages
+                        .map((message) => (message.content.type === "text" ? message.content.text : ""))
+                        .join("\n") || "",
+                  ),
+                ),
+            )
+          },
+          hints: prompt.arguments?.map((_, i) => `$${i + 1}`) ?? [],
+        }
+      }
+
+      for (const item of yield* skill.all()) {
+        if (commands[item.name]) continue
+        commands[item.name] = {
+          name: item.name,
+          description: item.description,
+          source: "skill",
+          get template() {
+            return item.content
+          },
+          hints: [],
+        }
+      }
+
+      return {
+        commands,
+      }
+    })
+
+    const state = yield* InstanceState.make<State>((ctx) => init(ctx))
+
+    const get = Effect.fn("Command.get")(function* (name: string) {
+      const s = yield* InstanceState.get(state)
+      return s.commands[name]
+    })
+
+    const list = Effect.fn("Command.list")(function* () {
+      const s = yield* InstanceState.get(state)
+      return Object.values(s.commands)
+    })
+
+    return Service.of({ get, list })
+  }),
+)
+
+export const defaultLayer = layer.pipe(
+  Layer.provide(Config.defaultLayer),
+  Layer.provide(MCP.defaultLayer),
+  Layer.provide(Skill.defaultLayer),
+)
--- a/packages/opencode/src/command/index.ts
+++ b/packages/opencode/src/command/index.ts
@@ -1,191 +1 @@
-import { BusEvent } from "@/bus/bus-event"
-import { InstanceState } from "@/effect/instance-state"
-import { EffectBridge } from "@/effect/bridge"
-import type { InstanceContext } from "@/project/instance"
-import { SessionID, MessageID } from "@/session/schema"
-import { Effect, Layer, Context } from "effect"
-import z from "zod"
-import { Config } from "../config"
-import { MCP } from "../mcp"
-import { Skill } from "../skill"
-import { Log } from "../util/log"
-import PROMPT_INITIALIZE from "./template/initialize.txt"
-import PROMPT_REVIEW from "./template/review.txt"
-
-export namespace Command {
-  const log = Log.create({ service: "command" })
-
-  type State = {
-    commands: Record<string, Info>
-  }
-
-  export const Event = {
-    Executed: BusEvent.define(
-      "command.executed",
-      z.object({
-        name: z.string(),
-        sessionID: SessionID.zod,
-        arguments: z.string(),
-        messageID: MessageID.zod,
-      }),
-    ),
-  }
-
-  export const Info = z
-    .object({
-      name: z.string(),
-      description: z.string().optional(),
-      agent: z.string().optional(),
-      model: z.string().optional(),
-      source: z.enum(["command", "mcp", "skill"]).optional(),
-      // workaround for zod not supporting async functions natively so we use getters
-      // https://zod.dev/v4/changelog?id=zfunction
-      template: z.promise(z.string()).or(z.string()),
-      subtask: z.boolean().optional(),
-      hints: z.array(z.string()),
-    })
-    .meta({
-      ref: "Command",
-    })
-
-  // for some reason zod is inferring `string` for z.promise(z.string()).or(z.string()) so we have to manually override it
-  export type Info = Omit<z.infer<typeof Info>, "template"> & { template: Promise<string> | string }
-
-  export function hints(template: string) {
-    const result: string[] = []
-    const numbered = template.match(/\$\d+/g)
-    if (numbered) {
-      for (const match of [...new Set(numbered)].sort()) result.push(match)
-    }
-    if (template.includes("$ARGUMENTS")) result.push("$ARGUMENTS")
-    return result
-  }
-
-  export const Default = {
-    INIT: "init",
-    REVIEW: "review",
-  } as const
-
-  export interface Interface {
-    readonly get: (name: string) => Effect.Effect<Info | undefined>
-    readonly list: () => Effect.Effect<Info[]>
-  }
-
-  export class Service extends Context.Service<Service, Interface>()("@opencode/Command") {}
-
-  export const layer = Layer.effect(
-    Service,
-    Effect.gen(function* () {
-      const config = yield* Config.Service
-      const mcp = yield* MCP.Service
-      const skill = yield* Skill.Service
-
-      const init = Effect.fn("Command.state")(function* (ctx: InstanceContext) {
-        const cfg = yield* config.get()
-        const bridge = yield* EffectBridge.make()
-        const commands: Record<string, Info> = {}
-
-        commands[Default.INIT] = {
-          name: Default.INIT,
-          description: "guided AGENTS.md setup",
-          source: "command",
-          get template() {
-            return PROMPT_INITIALIZE.replace("${path}", ctx.worktree)
-          },
-          hints: hints(PROMPT_INITIALIZE),
-        }
-        commands[Default.REVIEW] = {
-          name: Default.REVIEW,
-          description: "review changes [commit|branch|pr], defaults to uncommitted",
-          source: "command",
-          get template() {
-            return PROMPT_REVIEW.replace("${path}", ctx.worktree)
-          },
-          subtask: true,
-          hints: hints(PROMPT_REVIEW),
-        }
-
-        for (const [name, command] of Object.entries(cfg.command ?? {})) {
-          commands[name] = {
-            name,
-            agent: command.agent,
-            model: command.model,
-            description: command.description,
-            source: "command",
-            get template() {
-              return command.template
-            },
-            subtask: command.subtask,
-            hints: hints(command.template),
-          }
-        }
-
-        for (const [name, prompt] of Object.entries(yield* mcp.prompts())) {
-          commands[name] = {
-            name,
-            source: "mcp",
-            description: prompt.description,
-            get template() {
-              return bridge.promise(
-                mcp
-                  .getPrompt(
-                    prompt.client,
-                    prompt.name,
-                    prompt.arguments
-                      ? Object.fromEntries(prompt.arguments.map((argument, i) => [argument.name, `$${i + 1}`]))
-                      : {},
-                  )
-                  .pipe(
-                    Effect.map(
-                      (template) =>
-                        template?.messages
-                          .map((message) => (message.content.type === "text" ? message.content.text : ""))
-                          .join("\n") || "",
-                    ),
-                  ),
-              )
-            },
-            hints: prompt.arguments?.map((_, i) => `$${i + 1}`) ?? [],
-          }
-        }
-
-        for (const item of yield* skill.all()) {
-          if (commands[item.name]) continue
-          commands[item.name] = {
-            name: item.name,
-            description: item.description,
-            source: "skill",
-            get template() {
-              return item.content
-            },
-            hints: [],
-          }
-        }
-
-        return {
-          commands,
-        }
-      })
-
-      const state = yield* InstanceState.make<State>((ctx) => init(ctx))
-
-      const get = Effect.fn("Command.get")(function* (name: string) {
-        const s = yield* InstanceState.get(state)
-        return s.commands[name]
-      })
-
-      const list = Effect.fn("Command.list")(function* () {
-        const s = yield* InstanceState.get(state)
-        return Object.values(s.commands)
-      })
-
-      return Service.of({ get, list })
-    }),
-  )
-
-  export const defaultLayer = layer.pipe(
-    Layer.provide(Config.defaultLayer),
-    Layer.provide(MCP.defaultLayer),
-    Layer.provide(Skill.defaultLayer),
-  )
-}
+export * as Command from "./command"
--- a/packages/opencode/src/config/config.ts
+++ b/packages/opencode/src/config/config.ts
@@ -32,9 +32,10 @@ import { isRecord } from "@/util/record"
 import { ConfigPaths } from "./paths"
 import type { ConsoleState } from "./console-state"
 import { AppFileSystem } from "@opencode-ai/shared/filesystem"
-import { InstanceState } from "@/effect/instance-state"
+import { InstanceState } from "@/effect"
 import { Context, Duration, Effect, Exit, Fiber, Layer, Option } from "effect"
-import { Flock } from "@opencode-ai/shared/util/flock"
+import { EffectFlock } from "@opencode-ai/shared/util/effect-flock"
+
 import { isPathPluginSpec, parsePluginSpecifier, resolvePathPluginTarget } from "@/plugin/shared"
 import { Npm } from "../npm"
 import { InstanceRef } from "@/effect/instance-ref"
@@ -510,7 +511,7 @@ export const Agent = z
    permission: Permission.optional(),
  })
  .catchall(z.any())
-  .transform((agent, ctx) => {
+  .transform((agent, _ctx) => {
    const knownKeys = new Set([
      "name",
      "model",
@@ -1095,7 +1096,7 @@ function patchJsonc(input: string, patch: unknown, path: string[] = []): string
 }

 function writable(info: Info) {
-  const { plugin_origins, ...next } = info
+  const { plugin_origins: _plugin_origins, ...next } = info
  return next
 }

@@ -1144,497 +1145,483 @@ export const ConfigDirectoryTypoError = NamedError.create(
  }),
 )

-export const layer: Layer.Layer<Service, never, AppFileSystem.Service | Auth.Service | Account.Service | Env.Service> =
-  Layer.effect(
-    Service,
-    Effect.gen(function* () {
-      const fs = yield* AppFileSystem.Service
-      const authSvc = yield* Auth.Service
-      const accountSvc = yield* Account.Service
-      const env = yield* Env.Service
+export const layer: Layer.Layer<
+  Service,
+  never,
+  AppFileSystem.Service | Auth.Service | Account.Service | Env.Service | EffectFlock.Service
+> = Layer.effect(
+  Service,
+  Effect.gen(function* () {
+    const fs = yield* AppFileSystem.Service
+    const authSvc = yield* Auth.Service
+    const accountSvc = yield* Account.Service
+    const env = yield* Env.Service
+    const flock = yield* EffectFlock.Service

-      const readConfigFile = Effect.fnUntraced(function* (filepath: string) {
-        return yield* fs.readFileString(filepath).pipe(
-          Effect.catchIf(
-            (e) => e.reason._tag === "NotFound",
-            () => Effect.succeed(undefined),
-          ),
-          Effect.orDie,
-        )
-      })
-
-      const loadConfig = Effect.fnUntraced(function* (
-        text: string,
-        options: { path: string } | { dir: string; source: string },
-      ) {
-        const original = text
-        const source = "path" in options ? options.path : options.source
-        const isFile = "path" in options
-        const data = yield* Effect.promise(() =>
-          ConfigPaths.parseText(text, "path" in options ? options.path : { source: options.source, dir: options.dir }),
-        )
-
-        const normalized = (() => {
-          if (!data || typeof data !== "object" || Array.isArray(data)) return data
-          const copy = { ...(data as Record<string, unknown>) }
-          const hadLegacy = "theme" in copy || "keybinds" in copy || "tui" in copy
-          if (!hadLegacy) return copy
-          delete copy.theme
-          delete copy.keybinds
-          delete copy.tui
-          log.warn("tui keys in opencode config are deprecated; move them to tui.json", { path: source })
-          return copy
-        })()
-
-        const parsed = Info.safeParse(normalized)
-        if (parsed.success) {
-          if (!parsed.data.$schema && isFile) {
-            parsed.data.$schema = "https://opencode.ai/config.json"
-            const updated = original.replace(/^\s*\{/, '{\n  "$schema": "https://opencode.ai/config.json",')
-            yield* fs.writeFileString(options.path, updated).pipe(Effect.catch(() => Effect.void))
-          }
-          const data = parsed.data
-          if (data.plugin && isFile) {
-            const list = data.plugin
-            for (let i = 0; i < list.length; i++) {
-              list[i] = yield* Effect.promise(() => resolvePluginSpec(list[i], options.path))
-            }
-          }
-          return data
-        }
-
-        throw new InvalidError({
-          path: source,
-          issues: parsed.error.issues,
-        })
-      })
-
-      const loadFile = Effect.fnUntraced(function* (filepath: string) {
-        log.info("loading", { path: filepath })
-        const text = yield* readConfigFile(filepath)
-        if (!text) return {} as Info
-        return yield* loadConfig(text, { path: filepath })
-      })
-
-      const loadGlobal = Effect.fnUntraced(function* () {
-        let result: Info = pipe(
-          {},
-          mergeDeep(yield* loadFile(path.join(Global.Path.config, "config.json"))),
-          mergeDeep(yield* loadFile(path.join(Global.Path.config, "opencode.json"))),
-          mergeDeep(yield* loadFile(path.join(Global.Path.config, "opencode.jsonc"))),
-        )
-
-        const legacy = path.join(Global.Path.config, "config")
-        if (existsSync(legacy)) {
-          yield* Effect.promise(() =>
-            import(pathToFileURL(legacy).href, { with: { type: "toml" } })
-              .then(async (mod) => {
-                const { provider, model, ...rest } = mod.default
-                if (provider && model) result.model = `${provider}/${model}`
-                result["$schema"] = "https://opencode.ai/config.json"
-                result = mergeDeep(result, rest)
-                await fsNode.writeFile(path.join(Global.Path.config, "config.json"), JSON.stringify(result, null, 2))
-                await fsNode.unlink(legacy)
-              })
-              .catch(() => {}),
-          )
-        }
-
-        return result
-      })
-
-      const [cachedGlobal, invalidateGlobal] = yield* Effect.cachedInvalidateWithTTL(
-        loadGlobal().pipe(
-          Effect.tapError((error) =>
-            Effect.sync(() => log.error("failed to load global config, using defaults", { error: String(error) })),
-          ),
-          Effect.orElseSucceed((): Info => ({})),
+    const readConfigFile = Effect.fnUntraced(function* (filepath: string) {
+      return yield* fs.readFileString(filepath).pipe(
+        Effect.catchIf(
+          (e) => e.reason._tag === "NotFound",
+          () => Effect.succeed(undefined),
        ),
-        Duration.infinity,
+        Effect.orDie,
+      )
+    })
+
+    const loadConfig = Effect.fnUntraced(function* (
+      text: string,
+      options: { path: string } | { dir: string; source: string },
+    ) {
+      const original = text
+      const source = "path" in options ? options.path : options.source
+      const isFile = "path" in options
+      const data = yield* Effect.promise(() =>
+        ConfigPaths.parseText(text, "path" in options ? options.path : { source: options.source, dir: options.dir }),
      )

-      const getGlobal = Effect.fn("Config.getGlobal")(function* () {
-        return yield* cachedGlobal
+      const normalized = (() => {
+        if (!data || typeof data !== "object" || Array.isArray(data)) return data
+        const copy = { ...(data as Record<string, unknown>) }
+        const hadLegacy = "theme" in copy || "keybinds" in copy || "tui" in copy
+        if (!hadLegacy) return copy
+        delete copy.theme
+        delete copy.keybinds
+        delete copy.tui
+        log.warn("tui keys in opencode config are deprecated; move them to tui.json", { path: source })
+        return copy
+      })()
+
+      const parsed = Info.safeParse(normalized)
+      if (parsed.success) {
+        if (!parsed.data.$schema && isFile) {
+          parsed.data.$schema = "https://opencode.ai/config.json"
+          const updated = original.replace(/^\s*\{/, '{\n  "$schema": "https://opencode.ai/config.json",')
+          yield* fs.writeFileString(options.path, updated).pipe(Effect.catch(() => Effect.void))
+        }
+        const data = parsed.data
+        if (data.plugin && isFile) {
+          const list = data.plugin
+          for (let i = 0; i < list.length; i++) {
+            list[i] = yield* Effect.promise(() => resolvePluginSpec(list[i], options.path))
+          }
+        }
+        return data
+      }
+
+      throw new InvalidError({
+        path: source,
+        issues: parsed.error.issues,
+      })
+    })
+
+    const loadFile = Effect.fnUntraced(function* (filepath: string) {
+      log.info("loading", { path: filepath })
+      const text = yield* readConfigFile(filepath)
+      if (!text) return {} as Info
+      return yield* loadConfig(text, { path: filepath })
+    })
+
+    const loadGlobal = Effect.fnUntraced(function* () {
+      let result: Info = pipe(
+        {},
+        mergeDeep(yield* loadFile(path.join(Global.Path.config, "config.json"))),
+        mergeDeep(yield* loadFile(path.join(Global.Path.config, "opencode.json"))),
+        mergeDeep(yield* loadFile(path.join(Global.Path.config, "opencode.jsonc"))),
+      )
+
+      const legacy = path.join(Global.Path.config, "config")
+      if (existsSync(legacy)) {
+        yield* Effect.promise(() =>
+          import(pathToFileURL(legacy).href, { with: { type: "toml" } })
+            .then(async (mod) => {
+              const { provider, model, ...rest } = mod.default
+              if (provider && model) result.model = `${provider}/${model}`
+              result["$schema"] = "https://opencode.ai/config.json"
+              result = mergeDeep(result, rest)
+              await fsNode.writeFile(path.join(Global.Path.config, "config.json"), JSON.stringify(result, null, 2))
+              await fsNode.unlink(legacy)
+            })
+            .catch(() => {}),
+        )
+      }
+
+      return result
+    })
+
+    const [cachedGlobal, invalidateGlobal] = yield* Effect.cachedInvalidateWithTTL(
+      loadGlobal().pipe(
+        Effect.tapError((error) =>
+          Effect.sync(() => log.error("failed to load global config, using defaults", { error: String(error) })),
+        ),
+        Effect.orElseSucceed((): Info => ({})),
+      ),
+      Duration.infinity,
+    )
+
+    const getGlobal = Effect.fn("Config.getGlobal")(function* () {
+      return yield* cachedGlobal
+    })
+
+    const install = Effect.fn("Config.install")(function* (dir: string) {
+      const pkg = path.join(dir, "package.json")
+      const gitignore = path.join(dir, ".gitignore")
+      const plugin = path.join(dir, "node_modules", "@opencode-ai", "plugin", "package.json")
+      const target = Installation.isLocal() ? "*" : Installation.VERSION
+      const json = yield* fs.readJson(pkg).pipe(
+        Effect.catch(() => Effect.succeed({} satisfies Package)),
+        Effect.map((x): Package => (isRecord(x) ? (x as Package) : {})),
+      )
+      const hasDep = json.dependencies?.["@opencode-ai/plugin"] === target
+      const hasIgnore = yield* fs.existsSafe(gitignore)
+      const hasPkg = yield* fs.existsSafe(plugin)
+
+      if (!hasDep) {
+        yield* fs.writeJson(pkg, {
+          ...json,
+          dependencies: {
+            ...json.dependencies,
+            "@opencode-ai/plugin": target,
+          },
+        })
+      }
+
+      if (!hasIgnore) {
+        yield* fs.writeFileString(
+          gitignore,
+          ["node_modules", "package.json", "package-lock.json", "bun.lock", ".gitignore"].join("\n"),
+        )
+      }
+
+      if (hasDep && hasIgnore && hasPkg) return
+
+      yield* Effect.promise(() => Npm.install(dir))
+    })
+
+    const installDependencies = Effect.fn("Config.installDependencies")(function* (dir: string, input?: InstallInput) {
+      if (
+        !(yield* fs.access(dir, { writable: true }).pipe(
+          Effect.as(true),
+          Effect.orElseSucceed(() => false),
+        ))
+      )
+        return
+
+      const key = process.platform === "win32" ? "config-install:win32" : `config-install:${AppFileSystem.resolve(dir)}`
+
+      yield* flock.withLock(install(dir), key).pipe(Effect.orDie)
+    })
+
+    const loadInstanceState = Effect.fn("Config.loadInstanceState")(function* (ctx: InstanceContext) {
+      const auth = yield* authSvc.all().pipe(Effect.orDie)
+
+      let result: Info = {}
+      const consoleManagedProviders = new Set<string>()
+      let activeOrgName: string | undefined
+
+      const scope = Effect.fnUntraced(function* (source: string) {
+        if (source.startsWith("http://") || source.startsWith("https://")) return "global"
+        if (source === "OPENCODE_CONFIG_CONTENT") return "local"
+        if (yield* InstanceRef.use((ctx) => Effect.succeed(Instance.containsPath(source, ctx)))) return "local"
+        return "global"
      })

-      const install = Effect.fn("Config.install")(function* (dir: string) {
-        const pkg = path.join(dir, "package.json")
-        const gitignore = path.join(dir, ".gitignore")
-        const plugin = path.join(dir, "node_modules", "@opencode-ai", "plugin", "package.json")
-        const target = Installation.isLocal() ? "*" : Installation.VERSION
-        const json = yield* fs.readJson(pkg).pipe(
-          Effect.catch(() => Effect.succeed({} satisfies Package)),
-          Effect.map((x): Package => (isRecord(x) ? (x as Package) : {})),
-        )
-        const hasDep = json.dependencies?.["@opencode-ai/plugin"] === target
-        const hasIgnore = yield* fs.existsSafe(gitignore)
-        const hasPkg = yield* fs.existsSafe(plugin)
+      const track = Effect.fnUntraced(function* (source: string, list: PluginSpec[] | undefined, kind?: PluginScope) {
+        if (!list?.length) return
+        const hit = kind ?? (yield* scope(source))
+        const plugins = deduplicatePluginOrigins([
+          ...(result.plugin_origins ?? []),
+          ...list.map((spec) => ({ spec, source, scope: hit })),
+        ])
+        result.plugin = plugins.map((item) => item.spec)
+        result.plugin_origins = plugins
+      })

-        if (!hasDep) {
-          yield* fs.writeJson(pkg, {
-            ...json,
-            dependencies: {
-              ...json.dependencies,
-              "@opencode-ai/plugin": target,
-            },
+      const merge = (source: string, next: Info, kind?: PluginScope) => {
+        result = mergeConfigConcatArrays(result, next)
+        return track(source, next.plugin, kind)
+      }
+
+      for (const [key, value] of Object.entries(auth)) {
+        if (value.type === "wellknown") {
+          const url = key.replace(/\/+$/, "")
+          process.env[value.key] = value.token
+          log.debug("fetching remote config", { url: `${url}/.well-known/opencode` })
+          const response = yield* Effect.promise(() => fetch(`${url}/.well-known/opencode`))
+          if (!response.ok) {
+            throw new Error(`failed to fetch remote config from ${url}: ${response.status}`)
+          }
+          const wellknown = (yield* Effect.promise(() => response.json())) as any
+          const remoteConfig = wellknown.config ?? {}
+          if (!remoteConfig.$schema) remoteConfig.$schema = "https://opencode.ai/config.json"
+          const source = `${url}/.well-known/opencode`
+          const next = yield* loadConfig(JSON.stringify(remoteConfig), {
+            dir: path.dirname(source),
+            source,
          })
+          yield* merge(source, next, "global")
+          log.debug("loaded remote config from well-known", { url })
+        }
+      }
+
+      const global = yield* getGlobal()
+      yield* merge(Global.Path.config, global, "global")
+
+      if (Flag.OPENCODE_CONFIG) {
+        yield* merge(Flag.OPENCODE_CONFIG, yield* loadFile(Flag.OPENCODE_CONFIG))
+        log.debug("loaded custom config", { path: Flag.OPENCODE_CONFIG })
+      }
+
+      if (!Flag.OPENCODE_DISABLE_PROJECT_CONFIG) {
+        for (const file of yield* Effect.promise(() =>
+          ConfigPaths.projectFiles("opencode", ctx.directory, ctx.worktree),
+        )) {
+          yield* merge(file, yield* loadFile(file), "local")
+        }
+      }
+
+      result.agent = result.agent || {}
+      result.mode = result.mode || {}
+      result.plugin = result.plugin || []
+
+      const directories = yield* Effect.promise(() => ConfigPaths.directories(ctx.directory, ctx.worktree))
+
+      if (Flag.OPENCODE_CONFIG_DIR) {
+        log.debug("loading config from OPENCODE_CONFIG_DIR", { path: Flag.OPENCODE_CONFIG_DIR })
+      }
+
+      const deps: Fiber.Fiber<void, never>[] = []
+
+      for (const dir of unique(directories)) {
+        if (dir.endsWith(".opencode") || dir === Flag.OPENCODE_CONFIG_DIR) {
+          for (const file of ["opencode.json", "opencode.jsonc"]) {
+            const source = path.join(dir, file)
+            log.debug(`loading config from ${source}`)
+            yield* merge(source, yield* loadFile(source))
+            result.agent ??= {}
+            result.mode ??= {}
+            result.plugin ??= []
+          }
        }

-        if (!hasIgnore) {
-          yield* fs.writeFileString(
-            gitignore,
-            ["node_modules", "package.json", "package-lock.json", "bun.lock", ".gitignore"].join("\n"),
-          )
-        }
-
-        if (hasDep && hasIgnore && hasPkg) return
-
-        yield* Effect.promise(() => Npm.install(dir))
-      })
-
-      const installDependencies = Effect.fn("Config.installDependencies")(function* (
-        dir: string,
-        input?: InstallInput,
-      ) {
-        if (
-          !(yield* fs.access(dir, { writable: true }).pipe(
-            Effect.as(true),
-            Effect.orElseSucceed(() => false),
-          ))
-        )
-          return
-
-        const key =
-          process.platform === "win32" ? "config-install:win32" : `config-install:${AppFileSystem.resolve(dir)}`
-
-        yield* Effect.acquireUseRelease(
-          Effect.promise((signal) =>
-            Flock.acquire(key, {
-              signal,
-              onWait: (tick) =>
-                input?.waitTick?.({
-                  dir,
-                  attempt: tick.attempt,
-                  delay: tick.delay,
-                  waited: tick.waited,
-                }),
-            }),
+        const dep = yield* installDependencies(dir).pipe(
+          Effect.exit,
+          Effect.tap((exit) =>
+            Exit.isFailure(exit)
+              ? Effect.sync(() => {
+                  log.warn("background dependency install failed", { dir, error: String(exit.cause) })
+                })
+              : Effect.void,
          ),
-          () => install(dir),
-          (lease) => Effect.promise(() => lease.release()),
+          Effect.asVoid,
+          Effect.forkScoped,
        )
-      })
+        deps.push(dep)

-      const loadInstanceState = Effect.fn("Config.loadInstanceState")(function* (ctx: InstanceContext) {
-        const auth = yield* authSvc.all().pipe(Effect.orDie)
+        result.command = mergeDeep(result.command ?? {}, yield* Effect.promise(() => loadCommand(dir)))
+        result.agent = mergeDeep(result.agent, yield* Effect.promise(() => loadAgent(dir)))
+        result.agent = mergeDeep(result.agent, yield* Effect.promise(() => loadMode(dir)))
+        const list = yield* Effect.promise(() => loadPlugin(dir))
+        yield* track(dir, list)
+      }

-        let result: Info = {}
-        const consoleManagedProviders = new Set<string>()
-        let activeOrgName: string | undefined
-
-        const scope = Effect.fnUntraced(function* (source: string) {
-          if (source.startsWith("http://") || source.startsWith("https://")) return "global"
-          if (source === "OPENCODE_CONFIG_CONTENT") return "local"
-          if (yield* InstanceRef.use((ctx) => Effect.succeed(Instance.containsPath(source, ctx)))) return "local"
-          return "global"
+      if (process.env.OPENCODE_CONFIG_CONTENT) {
+        const source = "OPENCODE_CONFIG_CONTENT"
+        const next = yield* loadConfig(process.env.OPENCODE_CONFIG_CONTENT, {
+          dir: ctx.directory,
+          source,
        })
+        yield* merge(source, next, "local")
+        log.debug("loaded custom config from OPENCODE_CONFIG_CONTENT")
+      }

-        const track = Effect.fnUntraced(function* (source: string, list: PluginSpec[] | undefined, kind?: PluginScope) {
-          if (!list?.length) return
-          const hit = kind ?? (yield* scope(source))
-          const plugins = deduplicatePluginOrigins([
-            ...(result.plugin_origins ?? []),
-            ...list.map((spec) => ({ spec, source, scope: hit })),
-          ])
-          result.plugin = plugins.map((item) => item.spec)
-          result.plugin_origins = plugins
-        })
+      const activeAccount = Option.getOrUndefined(
+        yield* accountSvc.active().pipe(Effect.catch(() => Effect.succeed(Option.none()))),
+      )
+      if (activeAccount?.active_org_id) {
+        const accountID = activeAccount.id
+        const orgID = activeAccount.active_org_id
+        const url = activeAccount.url
+        yield* Effect.gen(function* () {
+          const [configOpt, tokenOpt] = yield* Effect.all(
+            [accountSvc.config(accountID, orgID), accountSvc.token(accountID)],
+            { concurrency: 2 },
+          )
+          if (Option.isSome(tokenOpt)) {
+            process.env["OPENCODE_CONSOLE_TOKEN"] = tokenOpt.value
+            yield* env.set("OPENCODE_CONSOLE_TOKEN", tokenOpt.value)
+          }

-        const merge = (source: string, next: Info, kind?: PluginScope) => {
-          result = mergeConfigConcatArrays(result, next)
-          return track(source, next.plugin, kind)
-        }
-
-        for (const [key, value] of Object.entries(auth)) {
-          if (value.type === "wellknown") {
-            const url = key.replace(/\/+$/, "")
-            process.env[value.key] = value.token
-            log.debug("fetching remote config", { url: `${url}/.well-known/opencode` })
-            const response = yield* Effect.promise(() => fetch(`${url}/.well-known/opencode`))
-            if (!response.ok) {
-              throw new Error(`failed to fetch remote config from ${url}: ${response.status}`)
-            }
-            const wellknown = (yield* Effect.promise(() => response.json())) as any
-            const remoteConfig = wellknown.config ?? {}
-            if (!remoteConfig.$schema) remoteConfig.$schema = "https://opencode.ai/config.json"
-            const source = `${url}/.well-known/opencode`
-            const next = yield* loadConfig(JSON.stringify(remoteConfig), {
+          if (Option.isSome(configOpt)) {
+            const source = `${url}/api/config`
+            const next = yield* loadConfig(JSON.stringify(configOpt.value), {
              dir: path.dirname(source),
              source,
            })
+            for (const providerID of Object.keys(next.provider ?? {})) {
+              consoleManagedProviders.add(providerID)
+            }
            yield* merge(source, next, "global")
-            log.debug("loaded remote config from well-known", { url })
          }
-        }
-
-        const global = yield* getGlobal()
-        yield* merge(Global.Path.config, global, "global")
-
-        if (Flag.OPENCODE_CONFIG) {
-          yield* merge(Flag.OPENCODE_CONFIG, yield* loadFile(Flag.OPENCODE_CONFIG))
-          log.debug("loaded custom config", { path: Flag.OPENCODE_CONFIG })
-        }
-
-        if (!Flag.OPENCODE_DISABLE_PROJECT_CONFIG) {
-          for (const file of yield* Effect.promise(() =>
-            ConfigPaths.projectFiles("opencode", ctx.directory, ctx.worktree),
-          )) {
-            yield* merge(file, yield* loadFile(file), "local")
-          }
-        }
-
-        result.agent = result.agent || {}
-        result.mode = result.mode || {}
-        result.plugin = result.plugin || []
-
-        const directories = yield* Effect.promise(() => ConfigPaths.directories(ctx.directory, ctx.worktree))
-
-        if (Flag.OPENCODE_CONFIG_DIR) {
-          log.debug("loading config from OPENCODE_CONFIG_DIR", { path: Flag.OPENCODE_CONFIG_DIR })
-        }
-
-        const deps: Fiber.Fiber<void, never>[] = []
-
-        for (const dir of unique(directories)) {
-          if (dir.endsWith(".opencode") || dir === Flag.OPENCODE_CONFIG_DIR) {
-            for (const file of ["opencode.json", "opencode.jsonc"]) {
-              const source = path.join(dir, file)
-              log.debug(`loading config from ${source}`)
-              yield* merge(source, yield* loadFile(source))
-              result.agent ??= {}
-              result.mode ??= {}
-              result.plugin ??= []
-            }
-          }
-
-          const dep = yield* installDependencies(dir).pipe(
-            Effect.exit,
-            Effect.tap((exit) =>
-              Exit.isFailure(exit)
-                ? Effect.sync(() => {
-                    log.warn("background dependency install failed", { dir, error: String(exit.cause) })
-                  })
-                : Effect.void,
-            ),
-            Effect.asVoid,
-            Effect.forkScoped,
-          )
-          deps.push(dep)
-
-          result.command = mergeDeep(result.command ?? {}, yield* Effect.promise(() => loadCommand(dir)))
-          result.agent = mergeDeep(result.agent, yield* Effect.promise(() => loadAgent(dir)))
-          result.agent = mergeDeep(result.agent, yield* Effect.promise(() => loadMode(dir)))
-          const list = yield* Effect.promise(() => loadPlugin(dir))
-          yield* track(dir, list)
-        }
-
-        if (process.env.OPENCODE_CONFIG_CONTENT) {
-          const source = "OPENCODE_CONFIG_CONTENT"
-          const next = yield* loadConfig(process.env.OPENCODE_CONFIG_CONTENT, {
-            dir: ctx.directory,
-            source,
-          })
-          yield* merge(source, next, "local")
-          log.debug("loaded custom config from OPENCODE_CONFIG_CONTENT")
-        }
-
-        const activeAccount = Option.getOrUndefined(
-          yield* accountSvc.active().pipe(Effect.catch(() => Effect.succeed(Option.none()))),
+        }).pipe(
+          Effect.withSpan("Config.loadActiveOrgConfig"),
+          Effect.catch((err) => {
+            log.debug("failed to fetch remote account config", {
+              error: err instanceof Error ? err.message : String(err),
+            })
+            return Effect.void
+          }),
        )
-        if (activeAccount?.active_org_id) {
-          const accountID = activeAccount.id
-          const orgID = activeAccount.active_org_id
-          const url = activeAccount.url
-          yield* Effect.gen(function* () {
-            const [configOpt, tokenOpt] = yield* Effect.all(
-              [accountSvc.config(accountID, orgID), accountSvc.token(accountID)],
-              { concurrency: 2 },
-            )
-            if (Option.isSome(tokenOpt)) {
-              process.env["OPENCODE_CONSOLE_TOKEN"] = tokenOpt.value
-              yield* env.set("OPENCODE_CONSOLE_TOKEN", tokenOpt.value)
-            }
+      }

-            if (Option.isSome(configOpt)) {
-              const source = `${url}/api/config`
-              const next = yield* loadConfig(JSON.stringify(configOpt.value), {
-                dir: path.dirname(source),
-                source,
-              })
-              for (const providerID of Object.keys(next.provider ?? {})) {
-                consoleManagedProviders.add(providerID)
-              }
-              yield* merge(source, next, "global")
-            }
-          }).pipe(
-            Effect.withSpan("Config.loadActiveOrgConfig"),
-            Effect.catch((err) => {
-              log.debug("failed to fetch remote account config", {
-                error: err instanceof Error ? err.message : String(err),
-              })
-              return Effect.void
-            }),
-          )
+      if (existsSync(managedDir)) {
+        for (const file of ["opencode.json", "opencode.jsonc"]) {
+          const source = path.join(managedDir, file)
+          yield* merge(source, yield* loadFile(source), "global")
        }
+      }

-        if (existsSync(managedDir)) {
-          for (const file of ["opencode.json", "opencode.jsonc"]) {
-            const source = path.join(managedDir, file)
-            yield* merge(source, yield* loadFile(source), "global")
-          }
-        }
+      // macOS managed preferences (.mobileconfig deployed via MDM) override everything
+      result = mergeConfigConcatArrays(result, yield* Effect.promise(() => readManagedPreferences()))

-        // macOS managed preferences (.mobileconfig deployed via MDM) override everything
-        result = mergeConfigConcatArrays(result, yield* Effect.promise(() => readManagedPreferences()))
-
-        for (const [name, mode] of Object.entries(result.mode ?? {})) {
-          result.agent = mergeDeep(result.agent ?? {}, {
-            [name]: {
-              ...mode,
-              mode: "primary" as const,
-            },
-          })
-        }
-
-        if (Flag.OPENCODE_PERMISSION) {
-          result.permission = mergeDeep(result.permission ?? {}, JSON.parse(Flag.OPENCODE_PERMISSION))
-        }
-
-        if (result.tools) {
-          const perms: Record<string, PermissionAction> = {}
-          for (const [tool, enabled] of Object.entries(result.tools)) {
-            const action: PermissionAction = enabled ? "allow" : "deny"
-            if (tool === "write" || tool === "edit" || tool === "patch" || tool === "multiedit") {
-              perms.edit = action
-              continue
-            }
-            perms[tool] = action
-          }
-          result.permission = mergeDeep(perms, result.permission ?? {})
-        }
-
-        if (!result.username) result.username = os.userInfo().username
-
-        if (result.autoshare === true && !result.share) {
-          result.share = "auto"
-        }
-
-        if (Flag.OPENCODE_DISABLE_AUTOCOMPACT) {
-          result.compaction = { ...result.compaction, auto: false }
-        }
-        if (Flag.OPENCODE_DISABLE_PRUNE) {
-          result.compaction = { ...result.compaction, prune: false }
-        }
-
-        return {
-          config: result,
-          directories,
-          deps,
-          consoleState: {
-            consoleManagedProviders: Array.from(consoleManagedProviders),
-            activeOrgName,
-            switchableOrgCount: 0,
+      for (const [name, mode] of Object.entries(result.mode ?? {})) {
+        result.agent = mergeDeep(result.agent ?? {}, {
+          [name]: {
+            ...mode,
+            mode: "primary" as const,
          },
+        })
+      }
+
+      if (Flag.OPENCODE_PERMISSION) {
+        result.permission = mergeDeep(result.permission ?? {}, JSON.parse(Flag.OPENCODE_PERMISSION))
+      }
+
+      if (result.tools) {
+        const perms: Record<string, PermissionAction> = {}
+        for (const [tool, enabled] of Object.entries(result.tools)) {
+          const action: PermissionAction = enabled ? "allow" : "deny"
+          if (tool === "write" || tool === "edit" || tool === "patch" || tool === "multiedit") {
+            perms.edit = action
+            continue
+          }
+          perms[tool] = action
        }
-      })
+        result.permission = mergeDeep(perms, result.permission ?? {})
+      }

-      const state = yield* InstanceState.make<State>(
-        Effect.fn("Config.state")(function* (ctx) {
-          return yield* loadInstanceState(ctx)
-        }),
-      )
+      if (!result.username) result.username = os.userInfo().username

-      const get = Effect.fn("Config.get")(function* () {
-        return yield* InstanceState.use(state, (s) => s.config)
-      })
+      if (result.autoshare === true && !result.share) {
+        result.share = "auto"
+      }

-      const directories = Effect.fn("Config.directories")(function* () {
-        return yield* InstanceState.use(state, (s) => s.directories)
-      })
+      if (Flag.OPENCODE_DISABLE_AUTOCOMPACT) {
+        result.compaction = { ...result.compaction, auto: false }
+      }
+      if (Flag.OPENCODE_DISABLE_PRUNE) {
+        result.compaction = { ...result.compaction, prune: false }
+      }

-      const getConsoleState = Effect.fn("Config.getConsoleState")(function* () {
-        return yield* InstanceState.use(state, (s) => s.consoleState)
-      })
-
-      const waitForDependencies = Effect.fn("Config.waitForDependencies")(function* () {
-        yield* InstanceState.useEffect(state, (s) =>
-          Effect.forEach(s.deps, Fiber.join, { concurrency: "unbounded" }).pipe(Effect.asVoid),
-        )
-      })
-
-      const update = Effect.fn("Config.update")(function* (config: Info) {
-        const dir = yield* InstanceState.directory
-        const file = path.join(dir, "config.json")
-        const existing = yield* loadFile(file)
-        yield* fs
-          .writeFileString(file, JSON.stringify(mergeDeep(writable(existing), writable(config)), null, 2))
-          .pipe(Effect.orDie)
-        yield* Effect.promise(() => Instance.dispose())
-      })
-
-      const invalidate = Effect.fn("Config.invalidate")(function* (wait?: boolean) {
-        yield* invalidateGlobal
-        const task = Instance.disposeAll()
-          .catch(() => undefined)
-          .finally(() =>
-            GlobalBus.emit("event", {
-              directory: "global",
-              payload: {
-                type: Event.Disposed.type,
-                properties: {},
-              },
-            }),
-          )
-        if (wait) yield* Effect.promise(() => task)
-        else void task
-      })
-
-      const updateGlobal = Effect.fn("Config.updateGlobal")(function* (config: Info) {
-        const file = globalConfigFile()
-        const before = (yield* readConfigFile(file)) ?? "{}"
-        const input = writable(config)
-
-        let next: Info
-        if (!file.endsWith(".jsonc")) {
-          const existing = parseConfig(before, file)
-          const merged = mergeDeep(writable(existing), input)
-          yield* fs.writeFileString(file, JSON.stringify(merged, null, 2)).pipe(Effect.orDie)
-          next = merged
-        } else {
-          const updated = patchJsonc(before, input)
-          next = parseConfig(updated, file)
-          yield* fs.writeFileString(file, updated).pipe(Effect.orDie)
-        }
-
-        yield* invalidate()
-        return next
-      })
-
-      return Service.of({
-        get,
-        getGlobal,
-        getConsoleState,
-        installDependencies,
-        update,
-        updateGlobal,
-        invalidate,
+      return {
+        config: result,
        directories,
-        waitForDependencies,
-      })
-    }),
-  )
+        deps,
+        consoleState: {
+          consoleManagedProviders: Array.from(consoleManagedProviders),
+          activeOrgName,
+          switchableOrgCount: 0,
+        },
+      }
+    })
+
+    const state = yield* InstanceState.make<State>(
+      Effect.fn("Config.state")(function* (ctx) {
+        return yield* loadInstanceState(ctx)
+      }),
+    )
+
+    const get = Effect.fn("Config.get")(function* () {
+      return yield* InstanceState.use(state, (s) => s.config)
+    })
+
+    const directories = Effect.fn("Config.directories")(function* () {
+      return yield* InstanceState.use(state, (s) => s.directories)
+    })
+
+    const getConsoleState = Effect.fn("Config.getConsoleState")(function* () {
+      return yield* InstanceState.use(state, (s) => s.consoleState)
+    })
+
+    const waitForDependencies = Effect.fn("Config.waitForDependencies")(function* () {
+      yield* InstanceState.useEffect(state, (s) =>
+        Effect.forEach(s.deps, Fiber.join, { concurrency: "unbounded" }).pipe(Effect.asVoid),
+      )
+    })
+
+    const update = Effect.fn("Config.update")(function* (config: Info) {
+      const dir = yield* InstanceState.directory
+      const file = path.join(dir, "config.json")
+      const existing = yield* loadFile(file)
+      yield* fs
+        .writeFileString(file, JSON.stringify(mergeDeep(writable(existing), writable(config)), null, 2))
+        .pipe(Effect.orDie)
+      yield* Effect.promise(() => Instance.dispose())
+    })
+
+    const invalidate = Effect.fn("Config.invalidate")(function* (wait?: boolean) {
+      yield* invalidateGlobal
+      const task = Instance.disposeAll()
+        .catch(() => undefined)
+        .finally(() =>
+          GlobalBus.emit("event", {
+            directory: "global",
+            payload: {
+              type: Event.Disposed.type,
+              properties: {},
+            },
+          }),
+        )
+      if (wait) yield* Effect.promise(() => task)
+      else void task
+    })
+
+    const updateGlobal = Effect.fn("Config.updateGlobal")(function* (config: Info) {
+      const file = globalConfigFile()
+      const before = (yield* readConfigFile(file)) ?? "{}"
+      const input = writable(config)
+
+      let next: Info
+      if (!file.endsWith(".jsonc")) {
+        const existing = parseConfig(before, file)
+        const merged = mergeDeep(writable(existing), input)
+        yield* fs.writeFileString(file, JSON.stringify(merged, null, 2)).pipe(Effect.orDie)
+        next = merged
+      } else {
+        const updated = patchJsonc(before, input)
+        next = parseConfig(updated, file)
+        yield* fs.writeFileString(file, updated).pipe(Effect.orDie)
+      }
+
+      yield* invalidate()
+      return next
+    })
+
+    return Service.of({
+      get,
+      getGlobal,
+      getConsoleState,
+      installDependencies,
+      update,
+      updateGlobal,
+      invalidate,
+      directories,
+      waitForDependencies,
+    })
+  }),
+)

 export const defaultLayer = layer.pipe(
+  Layer.provide(EffectFlock.defaultLayer),
  Layer.provide(AppFileSystem.defaultLayer),
  Layer.provide(Env.defaultLayer),
  Layer.provide(Auth.defaultLayer),
--- a/packages/opencode/src/config/tui.ts
+++ b/packages/opencode/src/config/tui.ts
@@ -10,7 +10,7 @@ import { Flag } from "@/flag/flag"
 import { Log } from "@/util/log"
 import { isRecord } from "@/util/record"
 import { Global } from "@/global"
-import { InstanceState } from "@/effect/instance-state"
+import { InstanceState } from "@/effect"
 import { makeRuntime } from "@/effect/run-service"
 import { AppFileSystem } from "@opencode-ai/shared/filesystem"

--- a/packages/opencode/src/control-plane/workspace.ts
+++ b/packages/opencode/src/control-plane/workspace.ts
@@ -2,7 +2,7 @@ import z from "zod"
 import { setTimeout as sleep } from "node:timers/promises"
 import { fn } from "@/util/fn"
 import { Database, asc, eq, inArray } from "@/storage/db"
-import { Project } from "@/project/project"
+import { Project } from "@/project"
 import { BusEvent } from "@/bus/bus-event"
 import { GlobalBus } from "@/bus/global"
 import { SyncEvent } from "@/sync"
@@ -328,7 +328,7 @@ export namespace Workspace {
      try {
        const adaptor = await getAdaptor(info.projectID, row.type)
        await adaptor.remove(info)
-      } catch (err) {
+      } catch {
        log.error("adaptor not available when removing workspace", { type: row.type })
      }
      Database.use((db) => db.delete(WorkspaceTable).where(eq(WorkspaceTable.id, id)).run())
@@ -404,7 +404,7 @@ export namespace Workspace {
          return synced(state)
        },
      })
-    } catch (error) {
+    } catch {
      if (signal?.aborted) throw signal.reason ?? new Error("Request aborted")
      throw new Error(`Timed out waiting for sync fence: ${JSON.stringify(state)}`)
    }
--- a/packages/opencode/src/effect/app-runtime.ts
+++ b/packages/opencode/src/effect/app-runtime.ts
@@ -15,7 +15,7 @@ import { FileWatcher } from "@/file/watcher"
 import { Storage } from "@/storage/storage"
 import { Snapshot } from "@/snapshot"
 import { Plugin } from "@/plugin"
-import { Provider } from "@/provider/provider"
+import { Provider } from "@/provider"
 import { ProviderAuth } from "@/provider/auth"
 import { Agent } from "@/agent/agent"
 import { Skill } from "@/skill"
@@ -40,8 +40,8 @@ import { Command } from "@/command"
 import { Truncate } from "@/tool/truncate"
 import { ToolRegistry } from "@/tool/registry"
 import { Format } from "@/format"
-import { Project } from "@/project/project"
-import { Vcs } from "@/project/vcs"
+import { Project } from "@/project"
+import { Vcs } from "@/project"
 import { Worktree } from "@/worktree"
 import { Pty } from "@/pty"
 import { Installation } from "@/installation"
--- a/packages/opencode/src/effect/bootstrap-runtime.ts
+++ b/packages/opencode/src/effect/bootstrap-runtime.ts
@@ -7,7 +7,7 @@ import { FileWatcher } from "@/file/watcher"
 import { Format } from "@/format"
 import { ShareNext } from "@/share/share-next"
 import { File } from "@/file"
-import { Vcs } from "@/project/vcs"
+import { Vcs } from "@/project"
 import { Snapshot } from "@/snapshot"
 import { Bus } from "@/bus"
 import { Observability } from "./observability"
--- a/packages/opencode/src/effect/bridge.ts
+++ b/packages/opencode/src/effect/bridge.ts
@@ -5,45 +5,43 @@ import { LocalContext } from "@/util/local-context"
 import { InstanceRef, WorkspaceRef } from "./instance-ref"
 import { attachWith } from "./run-service"

-export namespace EffectBridge {
-  export interface Shape {
-    readonly promise: <A, E, R>(effect: Effect.Effect<A, E, R>) => Promise<A>
-    readonly fork: <A, E, R>(effect: Effect.Effect<A, E, R>) => Fiber.Fiber<A, E>
-  }
-
-  function restore<R>(instance: InstanceContext | undefined, workspace: string | undefined, fn: () => R): R {
-    if (instance && workspace !== undefined) {
-      return WorkspaceContext.restore(workspace, () => Instance.restore(instance, fn))
-    }
-    if (instance) return Instance.restore(instance, fn)
-    if (workspace !== undefined) return WorkspaceContext.restore(workspace, fn)
-    return fn()
-  }
-
-  export function make(): Effect.Effect<Shape> {
-    return Effect.gen(function* () {
-      const ctx = yield* Effect.context()
-      const value = yield* InstanceRef
-      const instance =
-        value ??
-        (() => {
-          try {
-            return Instance.current
-          } catch (err) {
-            if (!(err instanceof LocalContext.NotFound)) throw err
-          }
-        })()
-      const workspace = (yield* WorkspaceRef) ?? WorkspaceContext.workspaceID
-      const attach = <A, E, R>(effect: Effect.Effect<A, E, R>) => attachWith(effect, { instance, workspace })
-      const wrap = <A, E, R>(effect: Effect.Effect<A, E, R>) =>
-        attach(effect).pipe(Effect.provide(ctx)) as Effect.Effect<A, E, never>
-
-      return {
-        promise: <A, E, R>(effect: Effect.Effect<A, E, R>) =>
-          restore(instance, workspace, () => Effect.runPromise(wrap(effect))),
-        fork: <A, E, R>(effect: Effect.Effect<A, E, R>) =>
-          restore(instance, workspace, () => Effect.runFork(wrap(effect))),
-      } satisfies Shape
-    })
-  }
+export interface Shape {
+  readonly promise: <A, E, R>(effect: Effect.Effect<A, E, R>) => Promise<A>
+  readonly fork: <A, E, R>(effect: Effect.Effect<A, E, R>) => Fiber.Fiber<A, E>
+}
+
+function restore<R>(instance: InstanceContext | undefined, workspace: string | undefined, fn: () => R): R {
+  if (instance && workspace !== undefined) {
+    return WorkspaceContext.restore(workspace, () => Instance.restore(instance, fn))
+  }
+  if (instance) return Instance.restore(instance, fn)
+  if (workspace !== undefined) return WorkspaceContext.restore(workspace, fn)
+  return fn()
+}
+
+export function make(): Effect.Effect<Shape> {
+  return Effect.gen(function* () {
+    const ctx = yield* Effect.context()
+    const value = yield* InstanceRef
+    const instance =
+      value ??
+      (() => {
+        try {
+          return Instance.current
+        } catch (err) {
+          if (!(err instanceof LocalContext.NotFound)) throw err
+        }
+      })()
+    const workspace = (yield* WorkspaceRef) ?? WorkspaceContext.workspaceID
+    const attach = <A, E, R>(effect: Effect.Effect<A, E, R>) => attachWith(effect, { instance, workspace })
+    const wrap = <A, E, R>(effect: Effect.Effect<A, E, R>) =>
+      attach(effect).pipe(Effect.provide(ctx)) as Effect.Effect<A, E, never>
+
+    return {
+      promise: <A, E, R>(effect: Effect.Effect<A, E, R>) =>
+        restore(instance, workspace, () => Effect.runPromise(wrap(effect))),
+      fork: <A, E, R>(effect: Effect.Effect<A, E, R>) =>
+        restore(instance, workspace, () => Effect.runFork(wrap(effect))),
+    } satisfies Shape
+  })
 }
--- a/packages/opencode/src/effect/index.ts
+++ b/packages/opencode/src/effect/index.ts
@@ -0,0 +1,2 @@
+export * as InstanceState from "./instance-state"
+export * as EffectBridge from "./bridge"
--- a/packages/opencode/src/effect/instance-state.ts
+++ b/packages/opencode/src/effect/instance-state.ts
@@ -13,72 +13,69 @@ export interface InstanceState<A, E = never, R = never> {
  readonly cache: ScopedCache.ScopedCache<string, A, E, R>
 }

-export namespace InstanceState {
-  export const bind = <F extends (...args: any[]) => any>(fn: F): F => {
-    try {
-      return Instance.bind(fn)
-    } catch (err) {
-      if (!(err instanceof LocalContext.NotFound)) throw err
-    }
-    const fiber = Fiber.getCurrent()
-    const ctx = fiber ? Context.getReferenceUnsafe(fiber.context, InstanceRef) : undefined
-    if (!ctx) return fn
-    return ((...args: any[]) => Instance.restore(ctx, () => fn(...args))) as F
+export const bind = <F extends (...args: any[]) => any>(fn: F): F => {
+  try {
+    return Instance.bind(fn)
+  } catch (err) {
+    if (!(err instanceof LocalContext.NotFound)) throw err
  }
-
-  export const context = Effect.gen(function* () {
-    return (yield* InstanceRef) ?? Instance.current
-  })
-
-  export const workspaceID = Effect.gen(function* () {
-    return (yield* WorkspaceRef) ?? WorkspaceContext.workspaceID
-  })
-
-  export const directory = Effect.map(context, (ctx) => ctx.directory)
-
-  export const make = <A, E = never, R = never>(
-    init: (ctx: InstanceContext) => Effect.Effect<A, E, R | Scope.Scope>,
-  ): Effect.Effect<InstanceState<A, E, Exclude<R, Scope.Scope>>, never, R | Scope.Scope> =>
-    Effect.gen(function* () {
-      const cache = yield* ScopedCache.make<string, A, E, R>({
-        capacity: Number.POSITIVE_INFINITY,
-        lookup: () =>
-          Effect.gen(function* () {
-            return yield* init(yield* context)
-          }),
-      })
-
-      const off = registerDisposer((directory) =>
-        Effect.runPromise(ScopedCache.invalidate(cache, directory).pipe(Effect.provide(EffectLogger.layer))),
-      )
-      yield* Effect.addFinalizer(() => Effect.sync(off))
-
-      return {
-        [TypeId]: TypeId,
-        cache,
-      }
-    })
-
-  export const get = <A, E, R>(self: InstanceState<A, E, R>) =>
-    Effect.gen(function* () {
-      return yield* ScopedCache.get(self.cache, yield* directory)
-    })
-
-  export const use = <A, E, R, B>(self: InstanceState<A, E, R>, select: (value: A) => B) =>
-    Effect.map(get(self), select)
-
-  export const useEffect = <A, E, R, B, E2, R2>(
-    self: InstanceState<A, E, R>,
-    select: (value: A) => Effect.Effect<B, E2, R2>,
-  ) => Effect.flatMap(get(self), select)
-
-  export const has = <A, E, R>(self: InstanceState<A, E, R>) =>
-    Effect.gen(function* () {
-      return yield* ScopedCache.has(self.cache, yield* directory)
-    })
-
-  export const invalidate = <A, E, R>(self: InstanceState<A, E, R>) =>
-    Effect.gen(function* () {
-      return yield* ScopedCache.invalidate(self.cache, yield* directory)
-    })
+  const fiber = Fiber.getCurrent()
+  const ctx = fiber ? Context.getReferenceUnsafe(fiber.context, InstanceRef) : undefined
+  if (!ctx) return fn
+  return ((...args: any[]) => Instance.restore(ctx, () => fn(...args))) as F
 }
+
+export const context = Effect.gen(function* () {
+  return (yield* InstanceRef) ?? Instance.current
+})
+
+export const workspaceID = Effect.gen(function* () {
+  return (yield* WorkspaceRef) ?? WorkspaceContext.workspaceID
+})
+
+export const directory = Effect.map(context, (ctx) => ctx.directory)
+
+export const make = <A, E = never, R = never>(
+  init: (ctx: InstanceContext) => Effect.Effect<A, E, R | Scope.Scope>,
+): Effect.Effect<InstanceState<A, E, Exclude<R, Scope.Scope>>, never, R | Scope.Scope> =>
+  Effect.gen(function* () {
+    const cache = yield* ScopedCache.make<string, A, E, R>({
+      capacity: Number.POSITIVE_INFINITY,
+      lookup: () =>
+        Effect.gen(function* () {
+          return yield* init(yield* context)
+        }),
+    })
+
+    const off = registerDisposer((directory) =>
+      Effect.runPromise(ScopedCache.invalidate(cache, directory).pipe(Effect.provide(EffectLogger.layer))),
+    )
+    yield* Effect.addFinalizer(() => Effect.sync(off))
+
+    return {
+      [TypeId]: TypeId,
+      cache,
+    }
+  })
+
+export const get = <A, E, R>(self: InstanceState<A, E, R>) =>
+  Effect.gen(function* () {
+    return yield* ScopedCache.get(self.cache, yield* directory)
+  })
+
+export const use = <A, E, R, B>(self: InstanceState<A, E, R>, select: (value: A) => B) => Effect.map(get(self), select)
+
+export const useEffect = <A, E, R, B, E2, R2>(
+  self: InstanceState<A, E, R>,
+  select: (value: A) => Effect.Effect<B, E2, R2>,
+) => Effect.flatMap(get(self), select)
+
+export const has = <A, E, R>(self: InstanceState<A, E, R>) =>
+  Effect.gen(function* () {
+    return yield* ScopedCache.has(self.cache, yield* directory)
+  })
+
+export const invalidate = <A, E, R>(self: InstanceState<A, E, R>) =>
+  Effect.gen(function* () {
+    return yield* ScopedCache.invalidate(self.cache, yield* directory)
+  })
--- a/packages/opencode/src/env/env.ts
+++ b/packages/opencode/src/env/env.ts
@@ -0,0 +1,35 @@
+import { Context, Effect, Layer } from "effect"
+import { InstanceState } from "@/effect"
+
+type State = Record<string, string | undefined>
+
+export interface Interface {
+  readonly get: (key: string) => Effect.Effect<string | undefined>
+  readonly all: () => Effect.Effect<State>
+  readonly set: (key: string, value: string) => Effect.Effect<void>
+  readonly remove: (key: string) => Effect.Effect<void>
+}
+
+export class Service extends Context.Service<Service, Interface>()("@opencode/Env") {}
+
+export const layer = Layer.effect(
+  Service,
+  Effect.gen(function* () {
+    const state = yield* InstanceState.make<State>(Effect.fn("Env.state")(() => Effect.succeed({ ...process.env })))
+
+    const get = Effect.fn("Env.get")((key: string) => InstanceState.use(state, (env) => env[key]))
+    const all = Effect.fn("Env.all")(() => InstanceState.get(state))
+    const set = Effect.fn("Env.set")(function* (key: string, value: string) {
+      const env = yield* InstanceState.get(state)
+      env[key] = value
+    })
+    const remove = Effect.fn("Env.remove")(function* (key: string) {
+      const env = yield* InstanceState.get(state)
+      delete env[key]
+    })
+
+    return Service.of({ get, all, set, remove })
+  }),
+)
+
+export const defaultLayer = layer
--- a/packages/opencode/src/env/index.ts
+++ b/packages/opencode/src/env/index.ts
@@ -1,37 +1 @@
-import { Context, Effect, Layer } from "effect"
-import { InstanceState } from "@/effect/instance-state"
-
-export namespace Env {
-  type State = Record<string, string | undefined>
-
-  export interface Interface {
-    readonly get: (key: string) => Effect.Effect<string | undefined>
-    readonly all: () => Effect.Effect<State>
-    readonly set: (key: string, value: string) => Effect.Effect<void>
-    readonly remove: (key: string) => Effect.Effect<void>
-  }
-
-  export class Service extends Context.Service<Service, Interface>()("@opencode/Env") {}
-
-  export const layer = Layer.effect(
-    Service,
-    Effect.gen(function* () {
-      const state = yield* InstanceState.make<State>(Effect.fn("Env.state")(() => Effect.succeed({ ...process.env })))
-
-      const get = Effect.fn("Env.get")((key: string) => InstanceState.use(state, (env) => env[key]))
-      const all = Effect.fn("Env.all")(() => InstanceState.get(state))
-      const set = Effect.fn("Env.set")(function* (key: string, value: string) {
-        const env = yield* InstanceState.get(state)
-        env[key] = value
-      })
-      const remove = Effect.fn("Env.remove")(function* (key: string) {
-        const env = yield* InstanceState.get(state)
-        delete env[key]
-      })
-
-      return Service.of({ get, all, set, remove })
-    }),
-  )
-
-  export const defaultLayer = layer
-}
+export * as Env from "./env"
--- a/packages/opencode/src/file/file.ts
+++ b/packages/opencode/src/file/file.ts
@@ -0,0 +1,653 @@
+import { BusEvent } from "@/bus/bus-event"
+import { InstanceState } from "@/effect"
+
+import { AppFileSystem } from "@opencode-ai/shared/filesystem"
+import { Git } from "@/git"
+import { Effect, Layer, Context } from "effect"
+import * as Stream from "effect/Stream"
+import { formatPatch, structuredPatch } from "diff"
+import fuzzysort from "fuzzysort"
+import ignore from "ignore"
+import path from "path"
+import z from "zod"
+import { Global } from "../global"
+import { Instance } from "../project/instance"
+import { Log } from "../util/log"
+import { Protected } from "./protected"
+import { Ripgrep } from "./ripgrep"
+
+export const Info = z
+  .object({
+    path: z.string(),
+    added: z.number().int(),
+    removed: z.number().int(),
+    status: z.enum(["added", "deleted", "modified"]),
+  })
+  .meta({
+    ref: "File",
+  })
+
+export type Info = z.infer<typeof Info>
+
+export const Node = z
+  .object({
+    name: z.string(),
+    path: z.string(),
+    absolute: z.string(),
+    type: z.enum(["file", "directory"]),
+    ignored: z.boolean(),
+  })
+  .meta({
+    ref: "FileNode",
+  })
+export type Node = z.infer<typeof Node>
+
+export const Content = z
+  .object({
+    type: z.enum(["text", "binary"]),
+    content: z.string(),
+    diff: z.string().optional(),
+    patch: z
+      .object({
+        oldFileName: z.string(),
+        newFileName: z.string(),
+        oldHeader: z.string().optional(),
+        newHeader: z.string().optional(),
+        hunks: z.array(
+          z.object({
+            oldStart: z.number(),
+            oldLines: z.number(),
+            newStart: z.number(),
+            newLines: z.number(),
+            lines: z.array(z.string()),
+          }),
+        ),
+        index: z.string().optional(),
+      })
+      .optional(),
+    encoding: z.literal("base64").optional(),
+    mimeType: z.string().optional(),
+  })
+  .meta({
+    ref: "FileContent",
+  })
+export type Content = z.infer<typeof Content>
+
+export const Event = {
+  Edited: BusEvent.define(
+    "file.edited",
+    z.object({
+      file: z.string(),
+    }),
+  ),
+}
+
+const log = Log.create({ service: "file" })
+
+const binary = new Set([
+  "exe",
+  "dll",
+  "pdb",
+  "bin",
+  "so",
+  "dylib",
+  "o",
+  "a",
+  "lib",
+  "wav",
+  "mp3",
+  "ogg",
+  "oga",
+  "ogv",
+  "ogx",
+  "flac",
+  "aac",
+  "wma",
+  "m4a",
+  "weba",
+  "mp4",
+  "avi",
+  "mov",
+  "wmv",
+  "flv",
+  "webm",
+  "mkv",
+  "zip",
+  "tar",
+  "gz",
+  "gzip",
+  "bz",
+  "bz2",
+  "bzip",
+  "bzip2",
+  "7z",
+  "rar",
+  "xz",
+  "lz",
+  "z",
+  "pdf",
+  "doc",
+  "docx",
+  "ppt",
+  "pptx",
+  "xls",
+  "xlsx",
+  "dmg",
+  "iso",
+  "img",
+  "vmdk",
+  "ttf",
+  "otf",
+  "woff",
+  "woff2",
+  "eot",
+  "sqlite",
+  "db",
+  "mdb",
+  "apk",
+  "ipa",
+  "aab",
+  "xapk",
+  "app",
+  "pkg",
+  "deb",
+  "rpm",
+  "snap",
+  "flatpak",
+  "appimage",
+  "msi",
+  "msp",
+  "jar",
+  "war",
+  "ear",
+  "class",
+  "kotlin_module",
+  "dex",
+  "vdex",
+  "odex",
+  "oat",
+  "art",
+  "wasm",
+  "wat",
+  "bc",
+  "ll",
+  "s",
+  "ko",
+  "sys",
+  "drv",
+  "efi",
+  "rom",
+  "com",
+])
+
+const image = new Set([
+  "png",
+  "jpg",
+  "jpeg",
+  "gif",
+  "bmp",
+  "webp",
+  "ico",
+  "tif",
+  "tiff",
+  "svg",
+  "svgz",
+  "avif",
+  "apng",
+  "jxl",
+  "heic",
+  "heif",
+  "raw",
+  "cr2",
+  "nef",
+  "arw",
+  "dng",
+  "orf",
+  "raf",
+  "pef",
+  "x3f",
+])
+
+const text = new Set([
+  "ts",
+  "tsx",
+  "mts",
+  "cts",
+  "mtsx",
+  "ctsx",
+  "js",
+  "jsx",
+  "mjs",
+  "cjs",
+  "sh",
+  "bash",
+  "zsh",
+  "fish",
+  "ps1",
+  "psm1",
+  "cmd",
+  "bat",
+  "json",
+  "jsonc",
+  "json5",
+  "yaml",
+  "yml",
+  "toml",
+  "md",
+  "mdx",
+  "txt",
+  "xml",
+  "html",
+  "htm",
+  "css",
+  "scss",
+  "sass",
+  "less",
+  "graphql",
+  "gql",
+  "sql",
+  "ini",
+  "cfg",
+  "conf",
+  "env",
+])
+
+const textName = new Set([
+  "dockerfile",
+  "makefile",
+  ".gitignore",
+  ".gitattributes",
+  ".editorconfig",
+  ".npmrc",
+  ".nvmrc",
+  ".prettierrc",
+  ".eslintrc",
+])
+
+const mime: Record<string, string> = {
+  png: "image/png",
+  jpg: "image/jpeg",
+  jpeg: "image/jpeg",
+  gif: "image/gif",
+  bmp: "image/bmp",
+  webp: "image/webp",
+  ico: "image/x-icon",
+  tif: "image/tiff",
+  tiff: "image/tiff",
+  svg: "image/svg+xml",
+  svgz: "image/svg+xml",
+  avif: "image/avif",
+  apng: "image/apng",
+  jxl: "image/jxl",
+  heic: "image/heic",
+  heif: "image/heif",
+}
+
+type Entry = { files: string[]; dirs: string[] }
+
+const ext = (file: string) => path.extname(file).toLowerCase().slice(1)
+const name = (file: string) => path.basename(file).toLowerCase()
+const isImageByExtension = (file: string) => image.has(ext(file))
+const isTextByExtension = (file: string) => text.has(ext(file))
+const isTextByName = (file: string) => textName.has(name(file))
+const isBinaryByExtension = (file: string) => binary.has(ext(file))
+const isImage = (mimeType: string) => mimeType.startsWith("image/")
+const getImageMimeType = (file: string) => mime[ext(file)] || "image/" + ext(file)
+
+function shouldEncode(mimeType: string) {
+  const type = mimeType.toLowerCase()
+  log.debug("shouldEncode", { type })
+  if (!type) return false
+  if (type.startsWith("text/")) return false
+  if (type.includes("charset=")) return false
+  const top = type.split("/", 2)[0]
+  return ["image", "audio", "video", "font", "model", "multipart"].includes(top)
+}
+
+const hidden = (item: string) => {
+  const normalized = item.replaceAll("\\", "/").replace(/\/+$/, "")
+  return normalized.split("/").some((part) => part.startsWith(".") && part.length > 1)
+}
+
+const sortHiddenLast = (items: string[], prefer: boolean) => {
+  if (prefer) return items
+  const visible: string[] = []
+  const hiddenItems: string[] = []
+  for (const item of items) {
+    if (hidden(item)) hiddenItems.push(item)
+    else visible.push(item)
+  }
+  return [...visible, ...hiddenItems]
+}
+
+interface State {
+  cache: Entry
+}
+
+export interface Interface {
+  readonly init: () => Effect.Effect<void>
+  readonly status: () => Effect.Effect<Info[]>
+  readonly read: (file: string) => Effect.Effect<Content>
+  readonly list: (dir?: string) => Effect.Effect<Node[]>
+  readonly search: (input: {
+    query: string
+    limit?: number
+    dirs?: boolean
+    type?: "file" | "directory"
+  }) => Effect.Effect<string[]>
+}
+
+export class Service extends Context.Service<Service, Interface>()("@opencode/File") {}
+
+export const layer = Layer.effect(
+  Service,
+  Effect.gen(function* () {
+    const appFs = yield* AppFileSystem.Service
+    const rg = yield* Ripgrep.Service
+    const git = yield* Git.Service
+
+    const state = yield* InstanceState.make<State>(
+      Effect.fn("File.state")(() =>
+        Effect.succeed({
+          cache: { files: [], dirs: [] } as Entry,
+        }),
+      ),
+    )
+
+    const scan = Effect.fn("File.scan")(function* () {
+      if (Instance.directory === path.parse(Instance.directory).root) return
+      const isGlobalHome = Instance.directory === Global.Path.home && Instance.project.id === "global"
+      const next: Entry = { files: [], dirs: [] }
+
+      if (isGlobalHome) {
+        const dirs = new Set<string>()
+        const protectedNames = Protected.names()
+        const ignoreNested = new Set(["node_modules", "dist", "build", "target", "vendor"])
+        const shouldIgnoreName = (name: string) => name.startsWith(".") || protectedNames.has(name)
+        const shouldIgnoreNested = (name: string) => name.startsWith(".") || ignoreNested.has(name)
+        const top = yield* appFs.readDirectoryEntries(Instance.directory).pipe(Effect.orElseSucceed(() => []))
+
+        for (const entry of top) {
+          if (entry.type !== "directory") continue
+          if (shouldIgnoreName(entry.name)) continue
+          dirs.add(entry.name + "/")
+
+          const base = path.join(Instance.directory, entry.name)
+          const children = yield* appFs.readDirectoryEntries(base).pipe(Effect.orElseSucceed(() => []))
+          for (const child of children) {
+            if (child.type !== "directory") continue
+            if (shouldIgnoreNested(child.name)) continue
+            dirs.add(entry.name + "/" + child.name + "/")
+          }
+        }
+
+        next.dirs = Array.from(dirs).toSorted()
+      } else {
+        const files = yield* rg.files({ cwd: Instance.directory }).pipe(
+          Stream.runCollect,
+          Effect.map((chunk) => [...chunk]),
+        )
+        const seen = new Set<string>()
+        for (const file of files) {
+          next.files.push(file)
+          let current = file
+          while (true) {
+            const dir = path.dirname(current)
+            if (dir === ".") break
+            if (dir === current) break
+            current = dir
+            if (seen.has(dir)) continue
+            seen.add(dir)
+            next.dirs.push(dir + "/")
+          }
+        }
+      }
+
+      const s = yield* InstanceState.get(state)
+      s.cache = next
+    })
+
+    let cachedScan = yield* Effect.cached(scan().pipe(Effect.catchCause(() => Effect.void)))
+
+    const ensure = Effect.fn("File.ensure")(function* () {
+      yield* cachedScan
+      cachedScan = yield* Effect.cached(scan().pipe(Effect.catchCause(() => Effect.void)))
+    })
+
+    const gitText = Effect.fnUntraced(function* (args: string[]) {
+      return (yield* git.run(args, { cwd: Instance.directory })).text()
+    })
+
+    const init = Effect.fn("File.init")(function* () {
+      yield* ensure()
+    })
+
+    const status = Effect.fn("File.status")(function* () {
+      if (Instance.project.vcs !== "git") return []
+
+      const diffOutput = yield* gitText([
+        "-c",
+        "core.fsmonitor=false",
+        "-c",
+        "core.quotepath=false",
+        "diff",
+        "--numstat",
+        "HEAD",
+      ])
+
+      const changed: Info[] = []
+
+      if (diffOutput.trim()) {
+        for (const line of diffOutput.trim().split("\n")) {
+          const [added, removed, file] = line.split("\t")
+          changed.push({
+            path: file,
+            added: added === "-" ? 0 : parseInt(added, 10),
+            removed: removed === "-" ? 0 : parseInt(removed, 10),
+            status: "modified",
+          })
+        }
+      }
+
+      const untrackedOutput = yield* gitText([
+        "-c",
+        "core.fsmonitor=false",
+        "-c",
+        "core.quotepath=false",
+        "ls-files",
+        "--others",
+        "--exclude-standard",
+      ])
+
+      if (untrackedOutput.trim()) {
+        for (const file of untrackedOutput.trim().split("\n")) {
+          const content = yield* appFs
+            .readFileString(path.join(Instance.directory, file))
+            .pipe(Effect.catch(() => Effect.succeed<string | undefined>(undefined)))
+          if (content === undefined) continue
+          changed.push({
+            path: file,
+            added: content.split("\n").length,
+            removed: 0,
+            status: "added",
+          })
+        }
+      }
+
+      const deletedOutput = yield* gitText([
+        "-c",
+        "core.fsmonitor=false",
+        "-c",
+        "core.quotepath=false",
+        "diff",
+        "--name-only",
+        "--diff-filter=D",
+        "HEAD",
+      ])
+
+      if (deletedOutput.trim()) {
+        for (const file of deletedOutput.trim().split("\n")) {
+          changed.push({
+            path: file,
+            added: 0,
+            removed: 0,
+            status: "deleted",
+          })
+        }
+      }
+
+      return changed.map((item) => {
+        const full = path.isAbsolute(item.path) ? item.path : path.join(Instance.directory, item.path)
+        return {
+          ...item,
+          path: path.relative(Instance.directory, full),
+        }
+      })
+    })
+
+    const read: Interface["read"] = Effect.fn("File.read")(function* (file: string) {
+      using _ = log.time("read", { file })
+      const full = path.join(Instance.directory, file)
+
+      if (!Instance.containsPath(full)) throw new Error("Access denied: path escapes project directory")
+
+      if (isImageByExtension(file)) {
+        const exists = yield* appFs.existsSafe(full)
+        if (exists) {
+          const bytes = yield* appFs.readFile(full).pipe(Effect.catch(() => Effect.succeed(new Uint8Array())))
+          return {
+            type: "text" as const,
+            content: Buffer.from(bytes).toString("base64"),
+            mimeType: getImageMimeType(file),
+            encoding: "base64" as const,
+          }
+        }
+        return { type: "text" as const, content: "" }
+      }
+
+      const knownText = isTextByExtension(file) || isTextByName(file)
+
+      if (isBinaryByExtension(file) && !knownText) return { type: "binary" as const, content: "" }
+
+      const exists = yield* appFs.existsSafe(full)
+      if (!exists) return { type: "text" as const, content: "" }
+
+      const mimeType = AppFileSystem.mimeType(full)
+      const encode = knownText ? false : shouldEncode(mimeType)
+
+      if (encode && !isImage(mimeType)) return { type: "binary" as const, content: "", mimeType }
+
+      if (encode) {
+        const bytes = yield* appFs.readFile(full).pipe(Effect.catch(() => Effect.succeed(new Uint8Array())))
+        return {
+          type: "text" as const,
+          content: Buffer.from(bytes).toString("base64"),
+          mimeType,
+          encoding: "base64" as const,
+        }
+      }
+
+      const content = yield* appFs.readFileString(full).pipe(
+        Effect.map((s) => s.trim()),
+        Effect.catch(() => Effect.succeed("")),
+      )
+
+      if (Instance.project.vcs === "git") {
+        let diff = yield* gitText(["-c", "core.fsmonitor=false", "diff", "--", file])
+        if (!diff.trim()) {
+          diff = yield* gitText(["-c", "core.fsmonitor=false", "diff", "--staged", "--", file])
+        }
+        if (diff.trim()) {
+          const original = yield* git.show(Instance.directory, "HEAD", file)
+          const patch = structuredPatch(file, file, original, content, "old", "new", {
+            context: Infinity,
+            ignoreWhitespace: true,
+          })
+          return { type: "text" as const, content, patch, diff: formatPatch(patch) }
+        }
+        return { type: "text" as const, content }
+      }
+
+      return { type: "text" as const, content }
+    })
+
+    const list = Effect.fn("File.list")(function* (dir?: string) {
+      const exclude = [".git", ".DS_Store"]
+      let ignored = (_: string) => false
+      if (Instance.project.vcs === "git") {
+        const ig = ignore()
+        const gitignore = path.join(Instance.project.worktree, ".gitignore")
+        const gitignoreText = yield* appFs.readFileString(gitignore).pipe(Effect.catch(() => Effect.succeed("")))
+        if (gitignoreText) ig.add(gitignoreText)
+        const ignoreFile = path.join(Instance.project.worktree, ".ignore")
+        const ignoreText = yield* appFs.readFileString(ignoreFile).pipe(Effect.catch(() => Effect.succeed("")))
+        if (ignoreText) ig.add(ignoreText)
+        ignored = ig.ignores.bind(ig)
+      }
+
+      const resolved = dir ? path.join(Instance.directory, dir) : Instance.directory
+      if (!Instance.containsPath(resolved)) throw new Error("Access denied: path escapes project directory")
+
+      const entries = yield* appFs.readDirectoryEntries(resolved).pipe(Effect.orElseSucceed(() => []))
+
+      const nodes: Node[] = []
+      for (const entry of entries) {
+        if (exclude.includes(entry.name)) continue
+        const absolute = path.join(resolved, entry.name)
+        const file = path.relative(Instance.directory, absolute)
+        const type = entry.type === "directory" ? "directory" : "file"
+        nodes.push({
+          name: entry.name,
+          path: file,
+          absolute,
+          type,
+          ignored: ignored(type === "directory" ? file + "/" : file),
+        })
+      }
+      return nodes.sort((a, b) => {
+        if (a.type !== b.type) return a.type === "directory" ? -1 : 1
+        return a.name.localeCompare(b.name)
+      })
+    })
+
+    const search = Effect.fn("File.search")(function* (input: {
+      query: string
+      limit?: number
+      dirs?: boolean
+      type?: "file" | "directory"
+    }) {
+      yield* ensure()
+      const { cache } = yield* InstanceState.get(state)
+
+      const query = input.query.trim()
+      const limit = input.limit ?? 100
+      const kind = input.type ?? (input.dirs === false ? "file" : "all")
+      log.info("search", { query, kind })
+
+      const preferHidden = query.startsWith(".") || query.includes("/.")
+
+      if (!query) {
+        if (kind === "file") return cache.files.slice(0, limit)
+        return sortHiddenLast(cache.dirs.toSorted(), preferHidden).slice(0, limit)
+      }
+
+      const items = kind === "file" ? cache.files : kind === "directory" ? cache.dirs : [...cache.files, ...cache.dirs]
+
+      const searchLimit = kind === "directory" && !preferHidden ? limit * 20 : limit
+      const sorted = fuzzysort.go(query, items, { limit: searchLimit }).map((item) => item.target)
+      const output = kind === "directory" ? sortHiddenLast(sorted, preferHidden).slice(0, limit) : sorted
+
+      log.info("search", { query, kind, results: output.length })
+      return output
+    })
+
+    log.info("init")
+    return Service.of({ init, status, read, list, search })
+  }),
+)
+
+export const defaultLayer = layer.pipe(
+  Layer.provide(Ripgrep.defaultLayer),
+  Layer.provide(AppFileSystem.defaultLayer),
+  Layer.provide(Git.defaultLayer),
+)
--- a/packages/opencode/src/file/index.ts
+++ b/packages/opencode/src/file/index.ts
@@ -1,656 +1 @@
-import { BusEvent } from "@/bus/bus-event"
-import { InstanceState } from "@/effect/instance-state"
-
-import { AppFileSystem } from "@opencode-ai/shared/filesystem"
-import { Git } from "@/git"
-import { Effect, Layer, Context } from "effect"
-import * as Stream from "effect/Stream"
-import { formatPatch, structuredPatch } from "diff"
-import fuzzysort from "fuzzysort"
-import ignore from "ignore"
-import path from "path"
-import z from "zod"
-import { Global } from "../global"
-import { Instance } from "../project/instance"
-import { Log } from "../util/log"
-import { Protected } from "./protected"
-import { Ripgrep } from "./ripgrep"
-
-export namespace File {
-  export const Info = z
-    .object({
-      path: z.string(),
-      added: z.number().int(),
-      removed: z.number().int(),
-      status: z.enum(["added", "deleted", "modified"]),
-    })
-    .meta({
-      ref: "File",
-    })
-
-  export type Info = z.infer<typeof Info>
-
-  export const Node = z
-    .object({
-      name: z.string(),
-      path: z.string(),
-      absolute: z.string(),
-      type: z.enum(["file", "directory"]),
-      ignored: z.boolean(),
-    })
-    .meta({
-      ref: "FileNode",
-    })
-  export type Node = z.infer<typeof Node>
-
-  export const Content = z
-    .object({
-      type: z.enum(["text", "binary"]),
-      content: z.string(),
-      diff: z.string().optional(),
-      patch: z
-        .object({
-          oldFileName: z.string(),
-          newFileName: z.string(),
-          oldHeader: z.string().optional(),
-          newHeader: z.string().optional(),
-          hunks: z.array(
-            z.object({
-              oldStart: z.number(),
-              oldLines: z.number(),
-              newStart: z.number(),
-              newLines: z.number(),
-              lines: z.array(z.string()),
-            }),
-          ),
-          index: z.string().optional(),
-        })
-        .optional(),
-      encoding: z.literal("base64").optional(),
-      mimeType: z.string().optional(),
-    })
-    .meta({
-      ref: "FileContent",
-    })
-  export type Content = z.infer<typeof Content>
-
-  export const Event = {
-    Edited: BusEvent.define(
-      "file.edited",
-      z.object({
-        file: z.string(),
-      }),
-    ),
-  }
-
-  const log = Log.create({ service: "file" })
-
-  const binary = new Set([
-    "exe",
-    "dll",
-    "pdb",
-    "bin",
-    "so",
-    "dylib",
-    "o",
-    "a",
-    "lib",
-    "wav",
-    "mp3",
-    "ogg",
-    "oga",
-    "ogv",
-    "ogx",
-    "flac",
-    "aac",
-    "wma",
-    "m4a",
-    "weba",
-    "mp4",
-    "avi",
-    "mov",
-    "wmv",
-    "flv",
-    "webm",
-    "mkv",
-    "zip",
-    "tar",
-    "gz",
-    "gzip",
-    "bz",
-    "bz2",
-    "bzip",
-    "bzip2",
-    "7z",
-    "rar",
-    "xz",
-    "lz",
-    "z",
-    "pdf",
-    "doc",
-    "docx",
-    "ppt",
-    "pptx",
-    "xls",
-    "xlsx",
-    "dmg",
-    "iso",
-    "img",
-    "vmdk",
-    "ttf",
-    "otf",
-    "woff",
-    "woff2",
-    "eot",
-    "sqlite",
-    "db",
-    "mdb",
-    "apk",
-    "ipa",
-    "aab",
-    "xapk",
-    "app",
-    "pkg",
-    "deb",
-    "rpm",
-    "snap",
-    "flatpak",
-    "appimage",
-    "msi",
-    "msp",
-    "jar",
-    "war",
-    "ear",
-    "class",
-    "kotlin_module",
-    "dex",
-    "vdex",
-    "odex",
-    "oat",
-    "art",
-    "wasm",
-    "wat",
-    "bc",
-    "ll",
-    "s",
-    "ko",
-    "sys",
-    "drv",
-    "efi",
-    "rom",
-    "com",
-  ])
-
-  const image = new Set([
-    "png",
-    "jpg",
-    "jpeg",
-    "gif",
-    "bmp",
-    "webp",
-    "ico",
-    "tif",
-    "tiff",
-    "svg",
-    "svgz",
-    "avif",
-    "apng",
-    "jxl",
-    "heic",
-    "heif",
-    "raw",
-    "cr2",
-    "nef",
-    "arw",
-    "dng",
-    "orf",
-    "raf",
-    "pef",
-    "x3f",
-  ])
-
-  const text = new Set([
-    "ts",
-    "tsx",
-    "mts",
-    "cts",
-    "mtsx",
-    "ctsx",
-    "js",
-    "jsx",
-    "mjs",
-    "cjs",
-    "sh",
-    "bash",
-    "zsh",
-    "fish",
-    "ps1",
-    "psm1",
-    "cmd",
-    "bat",
-    "json",
-    "jsonc",
-    "json5",
-    "yaml",
-    "yml",
-    "toml",
-    "md",
-    "mdx",
-    "txt",
-    "xml",
-    "html",
-    "htm",
-    "css",
-    "scss",
-    "sass",
-    "less",
-    "graphql",
-    "gql",
-    "sql",
-    "ini",
-    "cfg",
-    "conf",
-    "env",
-  ])
-
-  const textName = new Set([
-    "dockerfile",
-    "makefile",
-    ".gitignore",
-    ".gitattributes",
-    ".editorconfig",
-    ".npmrc",
-    ".nvmrc",
-    ".prettierrc",
-    ".eslintrc",
-  ])
-
-  const mime: Record<string, string> = {
-    png: "image/png",
-    jpg: "image/jpeg",
-    jpeg: "image/jpeg",
-    gif: "image/gif",
-    bmp: "image/bmp",
-    webp: "image/webp",
-    ico: "image/x-icon",
-    tif: "image/tiff",
-    tiff: "image/tiff",
-    svg: "image/svg+xml",
-    svgz: "image/svg+xml",
-    avif: "image/avif",
-    apng: "image/apng",
-    jxl: "image/jxl",
-    heic: "image/heic",
-    heif: "image/heif",
-  }
-
-  type Entry = { files: string[]; dirs: string[] }
-
-  const ext = (file: string) => path.extname(file).toLowerCase().slice(1)
-  const name = (file: string) => path.basename(file).toLowerCase()
-  const isImageByExtension = (file: string) => image.has(ext(file))
-  const isTextByExtension = (file: string) => text.has(ext(file))
-  const isTextByName = (file: string) => textName.has(name(file))
-  const isBinaryByExtension = (file: string) => binary.has(ext(file))
-  const isImage = (mimeType: string) => mimeType.startsWith("image/")
-  const getImageMimeType = (file: string) => mime[ext(file)] || "image/" + ext(file)
-
-  function shouldEncode(mimeType: string) {
-    const type = mimeType.toLowerCase()
-    log.debug("shouldEncode", { type })
-    if (!type) return false
-    if (type.startsWith("text/")) return false
-    if (type.includes("charset=")) return false
-    const top = type.split("/", 2)[0]
-    return ["image", "audio", "video", "font", "model", "multipart"].includes(top)
-  }
-
-  const hidden = (item: string) => {
-    const normalized = item.replaceAll("\\", "/").replace(/\/+$/, "")
-    return normalized.split("/").some((part) => part.startsWith(".") && part.length > 1)
-  }
-
-  const sortHiddenLast = (items: string[], prefer: boolean) => {
-    if (prefer) return items
-    const visible: string[] = []
-    const hiddenItems: string[] = []
-    for (const item of items) {
-      if (hidden(item)) hiddenItems.push(item)
-      else visible.push(item)
-    }
-    return [...visible, ...hiddenItems]
-  }
-
-  interface State {
-    cache: Entry
-  }
-
-  export interface Interface {
-    readonly init: () => Effect.Effect<void>
-    readonly status: () => Effect.Effect<File.Info[]>
-    readonly read: (file: string) => Effect.Effect<File.Content>
-    readonly list: (dir?: string) => Effect.Effect<File.Node[]>
-    readonly search: (input: {
-      query: string
-      limit?: number
-      dirs?: boolean
-      type?: "file" | "directory"
-    }) => Effect.Effect<string[]>
-  }
-
-  export class Service extends Context.Service<Service, Interface>()("@opencode/File") {}
-
-  export const layer = Layer.effect(
-    Service,
-    Effect.gen(function* () {
-      const appFs = yield* AppFileSystem.Service
-      const rg = yield* Ripgrep.Service
-      const git = yield* Git.Service
-
-      const state = yield* InstanceState.make<State>(
-        Effect.fn("File.state")(() =>
-          Effect.succeed({
-            cache: { files: [], dirs: [] } as Entry,
-          }),
-        ),
-      )
-
-      const scan = Effect.fn("File.scan")(function* () {
-        if (Instance.directory === path.parse(Instance.directory).root) return
-        const isGlobalHome = Instance.directory === Global.Path.home && Instance.project.id === "global"
-        const next: Entry = { files: [], dirs: [] }
-
-        if (isGlobalHome) {
-          const dirs = new Set<string>()
-          const protectedNames = Protected.names()
-          const ignoreNested = new Set(["node_modules", "dist", "build", "target", "vendor"])
-          const shouldIgnoreName = (name: string) => name.startsWith(".") || protectedNames.has(name)
-          const shouldIgnoreNested = (name: string) => name.startsWith(".") || ignoreNested.has(name)
-          const top = yield* appFs.readDirectoryEntries(Instance.directory).pipe(Effect.orElseSucceed(() => []))
-
-          for (const entry of top) {
-            if (entry.type !== "directory") continue
-            if (shouldIgnoreName(entry.name)) continue
-            dirs.add(entry.name + "/")
-
-            const base = path.join(Instance.directory, entry.name)
-            const children = yield* appFs.readDirectoryEntries(base).pipe(Effect.orElseSucceed(() => []))
-            for (const child of children) {
-              if (child.type !== "directory") continue
-              if (shouldIgnoreNested(child.name)) continue
-              dirs.add(entry.name + "/" + child.name + "/")
-            }
-          }
-
-          next.dirs = Array.from(dirs).toSorted()
-        } else {
-          const files = yield* rg.files({ cwd: Instance.directory }).pipe(
-            Stream.runCollect,
-            Effect.map((chunk) => [...chunk]),
-          )
-          const seen = new Set<string>()
-          for (const file of files) {
-            next.files.push(file)
-            let current = file
-            while (true) {
-              const dir = path.dirname(current)
-              if (dir === ".") break
-              if (dir === current) break
-              current = dir
-              if (seen.has(dir)) continue
-              seen.add(dir)
-              next.dirs.push(dir + "/")
-            }
-          }
-        }
-
-        const s = yield* InstanceState.get(state)
-        s.cache = next
-      })
-
-      let cachedScan = yield* Effect.cached(scan().pipe(Effect.catchCause(() => Effect.void)))
-
-      const ensure = Effect.fn("File.ensure")(function* () {
-        yield* cachedScan
-        cachedScan = yield* Effect.cached(scan().pipe(Effect.catchCause(() => Effect.void)))
-      })
-
-      const gitText = Effect.fnUntraced(function* (args: string[]) {
-        return (yield* git.run(args, { cwd: Instance.directory })).text()
-      })
-
-      const init = Effect.fn("File.init")(function* () {
-        yield* ensure()
-      })
-
-      const status = Effect.fn("File.status")(function* () {
-        if (Instance.project.vcs !== "git") return []
-
-        const diffOutput = yield* gitText([
-          "-c",
-          "core.fsmonitor=false",
-          "-c",
-          "core.quotepath=false",
-          "diff",
-          "--numstat",
-          "HEAD",
-        ])
-
-        const changed: File.Info[] = []
-
-        if (diffOutput.trim()) {
-          for (const line of diffOutput.trim().split("\n")) {
-            const [added, removed, file] = line.split("\t")
-            changed.push({
-              path: file,
-              added: added === "-" ? 0 : parseInt(added, 10),
-              removed: removed === "-" ? 0 : parseInt(removed, 10),
-              status: "modified",
-            })
-          }
-        }
-
-        const untrackedOutput = yield* gitText([
-          "-c",
-          "core.fsmonitor=false",
-          "-c",
-          "core.quotepath=false",
-          "ls-files",
-          "--others",
-          "--exclude-standard",
-        ])
-
-        if (untrackedOutput.trim()) {
-          for (const file of untrackedOutput.trim().split("\n")) {
-            const content = yield* appFs
-              .readFileString(path.join(Instance.directory, file))
-              .pipe(Effect.catch(() => Effect.succeed<string | undefined>(undefined)))
-            if (content === undefined) continue
-            changed.push({
-              path: file,
-              added: content.split("\n").length,
-              removed: 0,
-              status: "added",
-            })
-          }
-        }
-
-        const deletedOutput = yield* gitText([
-          "-c",
-          "core.fsmonitor=false",
-          "-c",
-          "core.quotepath=false",
-          "diff",
-          "--name-only",
-          "--diff-filter=D",
-          "HEAD",
-        ])
-
-        if (deletedOutput.trim()) {
-          for (const file of deletedOutput.trim().split("\n")) {
-            changed.push({
-              path: file,
-              added: 0,
-              removed: 0,
-              status: "deleted",
-            })
-          }
-        }
-
-        return changed.map((item) => {
-          const full = path.isAbsolute(item.path) ? item.path : path.join(Instance.directory, item.path)
-          return {
-            ...item,
-            path: path.relative(Instance.directory, full),
-          }
-        })
-      })
-
-      const read: Interface["read"] = Effect.fn("File.read")(function* (file: string) {
-        using _ = log.time("read", { file })
-        const full = path.join(Instance.directory, file)
-
-        if (!Instance.containsPath(full)) throw new Error("Access denied: path escapes project directory")
-
-        if (isImageByExtension(file)) {
-          const exists = yield* appFs.existsSafe(full)
-          if (exists) {
-            const bytes = yield* appFs.readFile(full).pipe(Effect.catch(() => Effect.succeed(new Uint8Array())))
-            return {
-              type: "text" as const,
-              content: Buffer.from(bytes).toString("base64"),
-              mimeType: getImageMimeType(file),
-              encoding: "base64" as const,
-            }
-          }
-          return { type: "text" as const, content: "" }
-        }
-
-        const knownText = isTextByExtension(file) || isTextByName(file)
-
-        if (isBinaryByExtension(file) && !knownText) return { type: "binary" as const, content: "" }
-
-        const exists = yield* appFs.existsSafe(full)
-        if (!exists) return { type: "text" as const, content: "" }
-
-        const mimeType = AppFileSystem.mimeType(full)
-        const encode = knownText ? false : shouldEncode(mimeType)
-
-        if (encode && !isImage(mimeType)) return { type: "binary" as const, content: "", mimeType }
-
-        if (encode) {
-          const bytes = yield* appFs.readFile(full).pipe(Effect.catch(() => Effect.succeed(new Uint8Array())))
-          return {
-            type: "text" as const,
-            content: Buffer.from(bytes).toString("base64"),
-            mimeType,
-            encoding: "base64" as const,
-          }
-        }
-
-        const content = yield* appFs.readFileString(full).pipe(
-          Effect.map((s) => s.trim()),
-          Effect.catch(() => Effect.succeed("")),
-        )
-
-        if (Instance.project.vcs === "git") {
-          let diff = yield* gitText(["-c", "core.fsmonitor=false", "diff", "--", file])
-          if (!diff.trim()) {
-            diff = yield* gitText(["-c", "core.fsmonitor=false", "diff", "--staged", "--", file])
-          }
-          if (diff.trim()) {
-            const original = yield* git.show(Instance.directory, "HEAD", file)
-            const patch = structuredPatch(file, file, original, content, "old", "new", {
-              context: Infinity,
-              ignoreWhitespace: true,
-            })
-            return { type: "text" as const, content, patch, diff: formatPatch(patch) }
-          }
-          return { type: "text" as const, content }
-        }
-
-        return { type: "text" as const, content }
-      })
-
-      const list = Effect.fn("File.list")(function* (dir?: string) {
-        const exclude = [".git", ".DS_Store"]
-        let ignored = (_: string) => false
-        if (Instance.project.vcs === "git") {
-          const ig = ignore()
-          const gitignore = path.join(Instance.project.worktree, ".gitignore")
-          const gitignoreText = yield* appFs.readFileString(gitignore).pipe(Effect.catch(() => Effect.succeed("")))
-          if (gitignoreText) ig.add(gitignoreText)
-          const ignoreFile = path.join(Instance.project.worktree, ".ignore")
-          const ignoreText = yield* appFs.readFileString(ignoreFile).pipe(Effect.catch(() => Effect.succeed("")))
-          if (ignoreText) ig.add(ignoreText)
-          ignored = ig.ignores.bind(ig)
-        }
-
-        const resolved = dir ? path.join(Instance.directory, dir) : Instance.directory
-        if (!Instance.containsPath(resolved)) throw new Error("Access denied: path escapes project directory")
-
-        const entries = yield* appFs.readDirectoryEntries(resolved).pipe(Effect.orElseSucceed(() => []))
-
-        const nodes: File.Node[] = []
-        for (const entry of entries) {
-          if (exclude.includes(entry.name)) continue
-          const absolute = path.join(resolved, entry.name)
-          const file = path.relative(Instance.directory, absolute)
-          const type = entry.type === "directory" ? "directory" : "file"
-          nodes.push({
-            name: entry.name,
-            path: file,
-            absolute,
-            type,
-            ignored: ignored(type === "directory" ? file + "/" : file),
-          })
-        }
-        return nodes.sort((a, b) => {
-          if (a.type !== b.type) return a.type === "directory" ? -1 : 1
-          return a.name.localeCompare(b.name)
-        })
-      })
-
-      const search = Effect.fn("File.search")(function* (input: {
-        query: string
-        limit?: number
-        dirs?: boolean
-        type?: "file" | "directory"
-      }) {
-        yield* ensure()
-        const { cache } = yield* InstanceState.get(state)
-
-        const query = input.query.trim()
-        const limit = input.limit ?? 100
-        const kind = input.type ?? (input.dirs === false ? "file" : "all")
-        log.info("search", { query, kind })
-
-        const preferHidden = query.startsWith(".") || query.includes("/.")
-
-        if (!query) {
-          if (kind === "file") return cache.files.slice(0, limit)
-          return sortHiddenLast(cache.dirs.toSorted(), preferHidden).slice(0, limit)
-        }
-
-        const items =
-          kind === "file" ? cache.files : kind === "directory" ? cache.dirs : [...cache.files, ...cache.dirs]
-
-        const searchLimit = kind === "directory" && !preferHidden ? limit * 20 : limit
-        const sorted = fuzzysort.go(query, items, { limit: searchLimit }).map((item) => item.target)
-        const output = kind === "directory" ? sortHiddenLast(sorted, preferHidden).slice(0, limit) : sorted
-
-        log.info("search", { query, kind, results: output.length })
-        return output
-      })
-
-      log.info("init")
-      return Service.of({ init, status, read, list, search })
-    }),
-  )
-
-  export const defaultLayer = layer.pipe(
-    Layer.provide(Ripgrep.defaultLayer),
-    Layer.provide(AppFileSystem.defaultLayer),
-    Layer.provide(Git.defaultLayer),
-  )
-}
+export * as File from "./file"
--- a/packages/opencode/src/file/time.ts
+++ b/packages/opencode/src/file/time.ts
@@ -1,5 +1,5 @@
 import { DateTime, Effect, Layer, Option, Semaphore, Context } from "effect"
-import { InstanceState } from "@/effect/instance-state"
+import { InstanceState } from "@/effect"
 import { AppFileSystem } from "@opencode-ai/shared/filesystem"
 import { Flag } from "@/flag/flag"
 import type { SessionID } from "@/session/schema"
--- a/packages/opencode/src/file/watcher.ts
+++ b/packages/opencode/src/file/watcher.ts
@@ -7,7 +7,7 @@ import path from "path"
 import z from "zod"
 import { Bus } from "@/bus"
 import { BusEvent } from "@/bus/bus-event"
-import { InstanceState } from "@/effect/instance-state"
+import { InstanceState } from "@/effect"
 import { Flag } from "@/flag/flag"
 import { Git } from "@/git"
 import { Instance } from "@/project/instance"
--- a/packages/opencode/src/flag/flag.ts
+++ b/packages/opencode/src/flag/flag.ts
@@ -84,6 +84,7 @@ export namespace Flag {
  export const OPENCODE_STRICT_CONFIG_DEPS = truthy("OPENCODE_STRICT_CONFIG_DEPS")

  export const OPENCODE_WORKSPACE_ID = process.env["OPENCODE_WORKSPACE_ID"]
+  export const OPENCODE_EXPERIMENTAL_HTTPAPI = OPENCODE_EXPERIMENTAL || truthy("OPENCODE_EXPERIMENTAL_HTTPAPI")
  export const OPENCODE_EXPERIMENTAL_WORKSPACES = OPENCODE_EXPERIMENTAL || truthy("OPENCODE_EXPERIMENTAL_WORKSPACES")

  function number(key: string) {
--- a/packages/opencode/src/format/format.ts
+++ b/packages/opencode/src/format/format.ts
@@ -0,0 +1,192 @@
+import { Effect, Layer, Context } from "effect"
+import { ChildProcess, ChildProcessSpawner } from "effect/unstable/process"
+import * as CrossSpawnSpawner from "@/effect/cross-spawn-spawner"
+import { InstanceState } from "@/effect"
+import path from "path"
+import { mergeDeep } from "remeda"
+import z from "zod"
+import { Config } from "../config"
+import { Log } from "../util/log"
+import * as Formatter from "./formatter"
+
+const log = Log.create({ service: "format" })
+
+export const Status = z
+  .object({
+    name: z.string(),
+    extensions: z.string().array(),
+    enabled: z.boolean(),
+  })
+  .meta({
+    ref: "FormatterStatus",
+  })
+export type Status = z.infer<typeof Status>
+
+export interface Interface {
+  readonly init: () => Effect.Effect<void>
+  readonly status: () => Effect.Effect<Status[]>
+  readonly file: (filepath: string) => Effect.Effect<void>
+}
+
+export class Service extends Context.Service<Service, Interface>()("@opencode/Format") {}
+
+export const layer = Layer.effect(
+  Service,
+  Effect.gen(function* () {
+    const config = yield* Config.Service
+    const spawner = yield* ChildProcessSpawner.ChildProcessSpawner
+
+    const state = yield* InstanceState.make(
+      Effect.fn("Format.state")(function* (_ctx) {
+        const commands: Record<string, string[] | false> = {}
+        const formatters: Record<string, Formatter.Info> = {}
+
+        const cfg = yield* config.get()
+
+        if (cfg.formatter !== false) {
+          for (const item of Object.values(Formatter)) {
+            formatters[item.name] = item
+          }
+          for (const [name, item] of Object.entries(cfg.formatter ?? {})) {
+            // Ruff and uv are both the same formatter, so disabling either should disable both.
+            if (["ruff", "uv"].includes(name) && (cfg.formatter?.ruff?.disabled || cfg.formatter?.uv?.disabled)) {
+              // TODO combine formatters so shared backends like Ruff/uv don't need linked disable handling here.
+              delete formatters.ruff
+              delete formatters.uv
+              continue
+            }
+            if (item.disabled) {
+              delete formatters[name]
+              continue
+            }
+            const info = mergeDeep(formatters[name] ?? {}, {
+              extensions: [],
+              ...item,
+            })
+
+            formatters[name] = {
+              ...info,
+              name,
+              enabled: async () => info.command ?? false,
+            }
+          }
+        } else {
+          log.info("all formatters are disabled")
+        }
+
+        async function getCommand(item: Formatter.Info) {
+          let cmd = commands[item.name]
+          if (cmd === false || cmd === undefined) {
+            cmd = await item.enabled()
+            commands[item.name] = cmd
+          }
+          return cmd
+        }
+
+        async function isEnabled(item: Formatter.Info) {
+          const cmd = await getCommand(item)
+          return cmd !== false
+        }
+
+        async function getFormatter(ext: string) {
+          const matching = Object.values(formatters).filter((item) => item.extensions.includes(ext))
+          const checks = await Promise.all(
+            matching.map(async (item) => {
+              log.info("checking", { name: item.name, ext })
+              const cmd = await getCommand(item)
+              if (cmd) {
+                log.info("enabled", { name: item.name, ext })
+              }
+              return {
+                item,
+                cmd,
+              }
+            }),
+          )
+          return checks.filter((x) => x.cmd).map((x) => ({ item: x.item, cmd: x.cmd! }))
+        }
+
+        function formatFile(filepath: string) {
+          return Effect.gen(function* () {
+            log.info("formatting", { file: filepath })
+            const ext = path.extname(filepath)
+
+            for (const { item, cmd } of yield* Effect.promise(() => getFormatter(ext))) {
+              if (cmd === false) continue
+              log.info("running", { command: cmd })
+              const replaced = cmd.map((x) => x.replace("$FILE", filepath))
+              const dir = yield* InstanceState.directory
+              const code = yield* spawner
+                .spawn(
+                  ChildProcess.make(replaced[0]!, replaced.slice(1), {
+                    cwd: dir,
+                    env: item.environment,
+                    extendEnv: true,
+                  }),
+                )
+                .pipe(
+                  Effect.flatMap((handle) => handle.exitCode),
+                  Effect.scoped,
+                  Effect.catch(() =>
+                    Effect.sync(() => {
+                      log.error("failed to format file", {
+                        error: "spawn failed",
+                        command: cmd,
+                        ...item.environment,
+                        file: filepath,
+                      })
+                      return ChildProcessSpawner.ExitCode(1)
+                    }),
+                  ),
+                )
+              if (code !== 0) {
+                log.error("failed", {
+                  command: cmd,
+                  ...item.environment,
+                })
+              }
+            }
+          })
+        }
+
+        log.info("init")
+
+        return {
+          formatters,
+          isEnabled,
+          formatFile,
+        }
+      }),
+    )
+
+    const init = Effect.fn("Format.init")(function* () {
+      yield* InstanceState.get(state)
+    })
+
+    const status = Effect.fn("Format.status")(function* () {
+      const { formatters, isEnabled } = yield* InstanceState.get(state)
+      const result: Status[] = []
+      for (const formatter of Object.values(formatters)) {
+        const isOn = yield* Effect.promise(() => isEnabled(formatter))
+        result.push({
+          name: formatter.name,
+          extensions: formatter.extensions,
+          enabled: isOn,
+        })
+      }
+      return result
+    })
+
+    const file = Effect.fn("Format.file")(function* (filepath: string) {
+      const { formatFile } = yield* InstanceState.get(state)
+      yield* formatFile(filepath)
+    })
+
+    return Service.of({ init, status, file })
+  }),
+)
+
+export const defaultLayer = layer.pipe(
+  Layer.provide(Config.defaultLayer),
+  Layer.provide(CrossSpawnSpawner.defaultLayer),
+)
--- a/packages/opencode/src/format/index.ts
+++ b/packages/opencode/src/format/index.ts
@@ -1,194 +1 @@
-import { Effect, Layer, Context } from "effect"
-import { ChildProcess, ChildProcessSpawner } from "effect/unstable/process"
-import * as CrossSpawnSpawner from "@/effect/cross-spawn-spawner"
-import { InstanceState } from "@/effect/instance-state"
-import path from "path"
-import { mergeDeep } from "remeda"
-import z from "zod"
-import { Config } from "../config"
-import { Log } from "../util/log"
-import * as Formatter from "./formatter"
-
-export namespace Format {
-  const log = Log.create({ service: "format" })
-
-  export const Status = z
-    .object({
-      name: z.string(),
-      extensions: z.string().array(),
-      enabled: z.boolean(),
-    })
-    .meta({
-      ref: "FormatterStatus",
-    })
-  export type Status = z.infer<typeof Status>
-
-  export interface Interface {
-    readonly init: () => Effect.Effect<void>
-    readonly status: () => Effect.Effect<Status[]>
-    readonly file: (filepath: string) => Effect.Effect<void>
-  }
-
-  export class Service extends Context.Service<Service, Interface>()("@opencode/Format") {}
-
-  export const layer = Layer.effect(
-    Service,
-    Effect.gen(function* () {
-      const config = yield* Config.Service
-      const spawner = yield* ChildProcessSpawner.ChildProcessSpawner
-
-      const state = yield* InstanceState.make(
-        Effect.fn("Format.state")(function* (_ctx) {
-          const commands: Record<string, string[] | false> = {}
-          const formatters: Record<string, Formatter.Info> = {}
-
-          const cfg = yield* config.get()
-
-          if (cfg.formatter !== false) {
-            for (const item of Object.values(Formatter)) {
-              formatters[item.name] = item
-            }
-            for (const [name, item] of Object.entries(cfg.formatter ?? {})) {
-              // Ruff and uv are both the same formatter, so disabling either should disable both.
-              if (["ruff", "uv"].includes(name) && (cfg.formatter?.ruff?.disabled || cfg.formatter?.uv?.disabled)) {
-                // TODO combine formatters so shared backends like Ruff/uv don't need linked disable handling here.
-                delete formatters.ruff
-                delete formatters.uv
-                continue
-              }
-              if (item.disabled) {
-                delete formatters[name]
-                continue
-              }
-              const info = mergeDeep(formatters[name] ?? {}, {
-                extensions: [],
-                ...item,
-              })
-
-              formatters[name] = {
-                ...info,
-                name,
-                enabled: async () => info.command ?? false,
-              }
-            }
-          } else {
-            log.info("all formatters are disabled")
-          }
-
-          async function getCommand(item: Formatter.Info) {
-            let cmd = commands[item.name]
-            if (cmd === false || cmd === undefined) {
-              cmd = await item.enabled()
-              commands[item.name] = cmd
-            }
-            return cmd
-          }
-
-          async function isEnabled(item: Formatter.Info) {
-            const cmd = await getCommand(item)
-            return cmd !== false
-          }
-
-          async function getFormatter(ext: string) {
-            const matching = Object.values(formatters).filter((item) => item.extensions.includes(ext))
-            const checks = await Promise.all(
-              matching.map(async (item) => {
-                log.info("checking", { name: item.name, ext })
-                const cmd = await getCommand(item)
-                if (cmd) {
-                  log.info("enabled", { name: item.name, ext })
-                }
-                return {
-                  item,
-                  cmd,
-                }
-              }),
-            )
-            return checks.filter((x) => x.cmd).map((x) => ({ item: x.item, cmd: x.cmd! }))
-          }
-
-          function formatFile(filepath: string) {
-            return Effect.gen(function* () {
-              log.info("formatting", { file: filepath })
-              const ext = path.extname(filepath)
-
-              for (const { item, cmd } of yield* Effect.promise(() => getFormatter(ext))) {
-                if (cmd === false) continue
-                log.info("running", { command: cmd })
-                const replaced = cmd.map((x) => x.replace("$FILE", filepath))
-                const dir = yield* InstanceState.directory
-                const code = yield* spawner
-                  .spawn(
-                    ChildProcess.make(replaced[0]!, replaced.slice(1), {
-                      cwd: dir,
-                      env: item.environment,
-                      extendEnv: true,
-                    }),
-                  )
-                  .pipe(
-                    Effect.flatMap((handle) => handle.exitCode),
-                    Effect.scoped,
-                    Effect.catch(() =>
-                      Effect.sync(() => {
-                        log.error("failed to format file", {
-                          error: "spawn failed",
-                          command: cmd,
-                          ...item.environment,
-                          file: filepath,
-                        })
-                        return ChildProcessSpawner.ExitCode(1)
-                      }),
-                    ),
-                  )
-                if (code !== 0) {
-                  log.error("failed", {
-                    command: cmd,
-                    ...item.environment,
-                  })
-                }
-              }
-            })
-          }
-
-          log.info("init")
-
-          return {
-            formatters,
-            isEnabled,
-            formatFile,
-          }
-        }),
-      )
-
-      const init = Effect.fn("Format.init")(function* () {
-        yield* InstanceState.get(state)
-      })
-
-      const status = Effect.fn("Format.status")(function* () {
-        const { formatters, isEnabled } = yield* InstanceState.get(state)
-        const result: Status[] = []
-        for (const formatter of Object.values(formatters)) {
-          const isOn = yield* Effect.promise(() => isEnabled(formatter))
-          result.push({
-            name: formatter.name,
-            extensions: formatter.extensions,
-            enabled: isOn,
-          })
-        }
-        return result
-      })
-
-      const file = Effect.fn("Format.file")(function* (filepath: string) {
-        const { formatFile } = yield* InstanceState.get(state)
-        yield* formatFile(filepath)
-      })
-
-      return Service.of({ init, status, file })
-    }),
-  )
-
-  export const defaultLayer = layer.pipe(
-    Layer.provide(Config.defaultLayer),
-    Layer.provide(CrossSpawnSpawner.defaultLayer),
-  )
-}
+export * as Format from "./format"
--- a/packages/opencode/src/git/git.ts
+++ b/packages/opencode/src/git/git.ts
@@ -0,0 +1,258 @@
+import * as CrossSpawnSpawner from "@/effect/cross-spawn-spawner"
+import { Effect, Layer, Context, Stream } from "effect"
+import { ChildProcess, ChildProcessSpawner } from "effect/unstable/process"
+
+const cfg = [
+  "--no-optional-locks",
+  "-c",
+  "core.autocrlf=false",
+  "-c",
+  "core.fsmonitor=false",
+  "-c",
+  "core.longpaths=true",
+  "-c",
+  "core.symlinks=true",
+  "-c",
+  "core.quotepath=false",
+] as const
+
+const out = (result: { text(): string }) => result.text().trim()
+const nuls = (text: string) => text.split("\0").filter(Boolean)
+const fail = (err: unknown) =>
+  ({
+    exitCode: 1,
+    text: () => "",
+    stdout: Buffer.alloc(0),
+    stderr: Buffer.from(err instanceof Error ? err.message : String(err)),
+  }) satisfies Result
+
+export type Kind = "added" | "deleted" | "modified"
+
+export type Base = {
+  readonly name: string
+  readonly ref: string
+}
+
+export type Item = {
+  readonly file: string
+  readonly code: string
+  readonly status: Kind
+}
+
+export type Stat = {
+  readonly file: string
+  readonly additions: number
+  readonly deletions: number
+}
+
+export interface Result {
+  readonly exitCode: number
+  readonly text: () => string
+  readonly stdout: Buffer
+  readonly stderr: Buffer
+}
+
+export interface Options {
+  readonly cwd: string
+  readonly env?: Record<string, string>
+}
+
+export interface Interface {
+  readonly run: (args: string[], opts: Options) => Effect.Effect<Result>
+  readonly branch: (cwd: string) => Effect.Effect<string | undefined>
+  readonly prefix: (cwd: string) => Effect.Effect<string>
+  readonly defaultBranch: (cwd: string) => Effect.Effect<Base | undefined>
+  readonly hasHead: (cwd: string) => Effect.Effect<boolean>
+  readonly mergeBase: (cwd: string, base: string, head?: string) => Effect.Effect<string | undefined>
+  readonly show: (cwd: string, ref: string, file: string, prefix?: string) => Effect.Effect<string>
+  readonly status: (cwd: string) => Effect.Effect<Item[]>
+  readonly diff: (cwd: string, ref: string) => Effect.Effect<Item[]>
+  readonly stats: (cwd: string, ref: string) => Effect.Effect<Stat[]>
+}
+
+const kind = (code: string): Kind => {
+  if (code === "??") return "added"
+  if (code.includes("U")) return "modified"
+  if (code.includes("A") && !code.includes("D")) return "added"
+  if (code.includes("D") && !code.includes("A")) return "deleted"
+  return "modified"
+}
+
+export class Service extends Context.Service<Service, Interface>()("@opencode/Git") {}
+
+export const layer = Layer.effect(
+  Service,
+  Effect.gen(function* () {
+    const spawner = yield* ChildProcessSpawner.ChildProcessSpawner
+
+    const run = Effect.fn("Git.run")(
+      function* (args: string[], opts: Options) {
+        const proc = ChildProcess.make("git", [...cfg, ...args], {
+          cwd: opts.cwd,
+          env: opts.env,
+          extendEnv: true,
+          stdin: "ignore",
+          stdout: "pipe",
+          stderr: "pipe",
+        })
+        const handle = yield* spawner.spawn(proc)
+        const [stdout, stderr] = yield* Effect.all(
+          [Stream.mkString(Stream.decodeText(handle.stdout)), Stream.mkString(Stream.decodeText(handle.stderr))],
+          { concurrency: 2 },
+        )
+        return {
+          exitCode: yield* handle.exitCode,
+          text: () => stdout,
+          stdout: Buffer.from(stdout),
+          stderr: Buffer.from(stderr),
+        } satisfies Result
+      },
+      Effect.scoped,
+      Effect.catch((err) => Effect.succeed(fail(err))),
+    )
+
+    const text = Effect.fn("Git.text")(function* (args: string[], opts: Options) {
+      return (yield* run(args, opts)).text()
+    })
+
+    const lines = Effect.fn("Git.lines")(function* (args: string[], opts: Options) {
+      return (yield* text(args, opts))
+        .split(/\r?\n/)
+        .map((item) => item.trim())
+        .filter(Boolean)
+    })
+
+    const refs = Effect.fnUntraced(function* (cwd: string) {
+      return yield* lines(["for-each-ref", "--format=%(refname:short)", "refs/heads"], { cwd })
+    })
+
+    const configured = Effect.fnUntraced(function* (cwd: string, list: string[]) {
+      const result = yield* run(["config", "init.defaultBranch"], { cwd })
+      const name = out(result)
+      if (!name || !list.includes(name)) return
+      return { name, ref: name } satisfies Base
+    })
+
+    const primary = Effect.fnUntraced(function* (cwd: string) {
+      const list = yield* lines(["remote"], { cwd })
+      if (list.includes("origin")) return "origin"
+      if (list.length === 1) return list[0]
+      if (list.includes("upstream")) return "upstream"
+      return list[0]
+    })
+
+    const branch = Effect.fn("Git.branch")(function* (cwd: string) {
+      const result = yield* run(["symbolic-ref", "--quiet", "--short", "HEAD"], { cwd })
+      if (result.exitCode !== 0) return
+      const text = out(result)
+      return text || undefined
+    })
+
+    const prefix = Effect.fn("Git.prefix")(function* (cwd: string) {
+      const result = yield* run(["rev-parse", "--show-prefix"], { cwd })
+      if (result.exitCode !== 0) return ""
+      return out(result)
+    })
+
+    const defaultBranch = Effect.fn("Git.defaultBranch")(function* (cwd: string) {
+      const remote = yield* primary(cwd)
+      if (remote) {
+        const head = yield* run(["symbolic-ref", `refs/remotes/${remote}/HEAD`], { cwd })
+        if (head.exitCode === 0) {
+          const ref = out(head).replace(/^refs\/remotes\//, "")
+          const name = ref.startsWith(`${remote}/`) ? ref.slice(`${remote}/`.length) : ""
+          if (name) return { name, ref } satisfies Base
+        }
+      }
+
+      const list = yield* refs(cwd)
+      const next = yield* configured(cwd, list)
+      if (next) return next
+      if (list.includes("main")) return { name: "main", ref: "main" } satisfies Base
+      if (list.includes("master")) return { name: "master", ref: "master" } satisfies Base
+    })
+
+    const hasHead = Effect.fn("Git.hasHead")(function* (cwd: string) {
+      const result = yield* run(["rev-parse", "--verify", "HEAD"], { cwd })
+      return result.exitCode === 0
+    })
+
+    const mergeBase = Effect.fn("Git.mergeBase")(function* (cwd: string, base: string, head = "HEAD") {
+      const result = yield* run(["merge-base", base, head], { cwd })
+      if (result.exitCode !== 0) return
+      const text = out(result)
+      return text || undefined
+    })
+
+    const show = Effect.fn("Git.show")(function* (cwd: string, ref: string, file: string, prefix = "") {
+      const target = prefix ? `${prefix}${file}` : file
+      const result = yield* run(["show", `${ref}:${target}`], { cwd })
+      if (result.exitCode !== 0) return ""
+      if (result.stdout.includes(0)) return ""
+      return result.text()
+    })
+
+    const status = Effect.fn("Git.status")(function* (cwd: string) {
+      return nuls(
+        yield* text(["status", "--porcelain=v1", "--untracked-files=all", "--no-renames", "-z", "--", "."], {
+          cwd,
+        }),
+      ).flatMap((item) => {
+        const file = item.slice(3)
+        if (!file) return []
+        const code = item.slice(0, 2)
+        return [{ file, code, status: kind(code) } satisfies Item]
+      })
+    })
+
+    const diff = Effect.fn("Git.diff")(function* (cwd: string, ref: string) {
+      const list = nuls(
+        yield* text(["diff", "--no-ext-diff", "--no-renames", "--name-status", "-z", ref, "--", "."], { cwd }),
+      )
+      return list.flatMap((code, idx) => {
+        if (idx % 2 !== 0) return []
+        const file = list[idx + 1]
+        if (!code || !file) return []
+        return [{ file, code, status: kind(code) } satisfies Item]
+      })
+    })
+
+    const stats = Effect.fn("Git.stats")(function* (cwd: string, ref: string) {
+      return nuls(
+        yield* text(["diff", "--no-ext-diff", "--no-renames", "--numstat", "-z", ref, "--", "."], { cwd }),
+      ).flatMap((item) => {
+        const a = item.indexOf("\t")
+        const b = item.indexOf("\t", a + 1)
+        if (a === -1 || b === -1) return []
+        const file = item.slice(b + 1)
+        if (!file) return []
+        const adds = item.slice(0, a)
+        const dels = item.slice(a + 1, b)
+        const additions = adds === "-" ? 0 : Number.parseInt(adds || "0", 10)
+        const deletions = dels === "-" ? 0 : Number.parseInt(dels || "0", 10)
+        return [
+          {
+            file,
+            additions: Number.isFinite(additions) ? additions : 0,
+            deletions: Number.isFinite(deletions) ? deletions : 0,
+          } satisfies Stat,
+        ]
+      })
+    })
+
+    return Service.of({
+      run,
+      branch,
+      prefix,
+      defaultBranch,
+      hasHead,
+      mergeBase,
+      show,
+      status,
+      diff,
+      stats,
+    })
+  }),
+)
+
+export const defaultLayer = layer.pipe(Layer.provide(CrossSpawnSpawner.defaultLayer))
--- a/packages/opencode/src/git/index.ts
+++ b/packages/opencode/src/git/index.ts
@@ -1,260 +1 @@
-import * as CrossSpawnSpawner from "@/effect/cross-spawn-spawner"
-import { Effect, Layer, Context, Stream } from "effect"
-import { ChildProcess, ChildProcessSpawner } from "effect/unstable/process"
-
-export namespace Git {
-  const cfg = [
-    "--no-optional-locks",
-    "-c",
-    "core.autocrlf=false",
-    "-c",
-    "core.fsmonitor=false",
-    "-c",
-    "core.longpaths=true",
-    "-c",
-    "core.symlinks=true",
-    "-c",
-    "core.quotepath=false",
-  ] as const
-
-  const out = (result: { text(): string }) => result.text().trim()
-  const nuls = (text: string) => text.split("\0").filter(Boolean)
-  const fail = (err: unknown) =>
-    ({
-      exitCode: 1,
-      text: () => "",
-      stdout: Buffer.alloc(0),
-      stderr: Buffer.from(err instanceof Error ? err.message : String(err)),
-    }) satisfies Result
-
-  export type Kind = "added" | "deleted" | "modified"
-
-  export type Base = {
-    readonly name: string
-    readonly ref: string
-  }
-
-  export type Item = {
-    readonly file: string
-    readonly code: string
-    readonly status: Kind
-  }
-
-  export type Stat = {
-    readonly file: string
-    readonly additions: number
-    readonly deletions: number
-  }
-
-  export interface Result {
-    readonly exitCode: number
-    readonly text: () => string
-    readonly stdout: Buffer
-    readonly stderr: Buffer
-  }
-
-  export interface Options {
-    readonly cwd: string
-    readonly env?: Record<string, string>
-  }
-
-  export interface Interface {
-    readonly run: (args: string[], opts: Options) => Effect.Effect<Result>
-    readonly branch: (cwd: string) => Effect.Effect<string | undefined>
-    readonly prefix: (cwd: string) => Effect.Effect<string>
-    readonly defaultBranch: (cwd: string) => Effect.Effect<Base | undefined>
-    readonly hasHead: (cwd: string) => Effect.Effect<boolean>
-    readonly mergeBase: (cwd: string, base: string, head?: string) => Effect.Effect<string | undefined>
-    readonly show: (cwd: string, ref: string, file: string, prefix?: string) => Effect.Effect<string>
-    readonly status: (cwd: string) => Effect.Effect<Item[]>
-    readonly diff: (cwd: string, ref: string) => Effect.Effect<Item[]>
-    readonly stats: (cwd: string, ref: string) => Effect.Effect<Stat[]>
-  }
-
-  const kind = (code: string): Kind => {
-    if (code === "??") return "added"
-    if (code.includes("U")) return "modified"
-    if (code.includes("A") && !code.includes("D")) return "added"
-    if (code.includes("D") && !code.includes("A")) return "deleted"
-    return "modified"
-  }
-
-  export class Service extends Context.Service<Service, Interface>()("@opencode/Git") {}
-
-  export const layer = Layer.effect(
-    Service,
-    Effect.gen(function* () {
-      const spawner = yield* ChildProcessSpawner.ChildProcessSpawner
-
-      const run = Effect.fn("Git.run")(
-        function* (args: string[], opts: Options) {
-          const proc = ChildProcess.make("git", [...cfg, ...args], {
-            cwd: opts.cwd,
-            env: opts.env,
-            extendEnv: true,
-            stdin: "ignore",
-            stdout: "pipe",
-            stderr: "pipe",
-          })
-          const handle = yield* spawner.spawn(proc)
-          const [stdout, stderr] = yield* Effect.all(
-            [Stream.mkString(Stream.decodeText(handle.stdout)), Stream.mkString(Stream.decodeText(handle.stderr))],
-            { concurrency: 2 },
-          )
-          return {
-            exitCode: yield* handle.exitCode,
-            text: () => stdout,
-            stdout: Buffer.from(stdout),
-            stderr: Buffer.from(stderr),
-          } satisfies Result
-        },
-        Effect.scoped,
-        Effect.catch((err) => Effect.succeed(fail(err))),
-      )
-
-      const text = Effect.fn("Git.text")(function* (args: string[], opts: Options) {
-        return (yield* run(args, opts)).text()
-      })
-
-      const lines = Effect.fn("Git.lines")(function* (args: string[], opts: Options) {
-        return (yield* text(args, opts))
-          .split(/\r?\n/)
-          .map((item) => item.trim())
-          .filter(Boolean)
-      })
-
-      const refs = Effect.fnUntraced(function* (cwd: string) {
-        return yield* lines(["for-each-ref", "--format=%(refname:short)", "refs/heads"], { cwd })
-      })
-
-      const configured = Effect.fnUntraced(function* (cwd: string, list: string[]) {
-        const result = yield* run(["config", "init.defaultBranch"], { cwd })
-        const name = out(result)
-        if (!name || !list.includes(name)) return
-        return { name, ref: name } satisfies Base
-      })
-
-      const primary = Effect.fnUntraced(function* (cwd: string) {
-        const list = yield* lines(["remote"], { cwd })
-        if (list.includes("origin")) return "origin"
-        if (list.length === 1) return list[0]
-        if (list.includes("upstream")) return "upstream"
-        return list[0]
-      })
-
-      const branch = Effect.fn("Git.branch")(function* (cwd: string) {
-        const result = yield* run(["symbolic-ref", "--quiet", "--short", "HEAD"], { cwd })
-        if (result.exitCode !== 0) return
-        const text = out(result)
-        return text || undefined
-      })
-
-      const prefix = Effect.fn("Git.prefix")(function* (cwd: string) {
-        const result = yield* run(["rev-parse", "--show-prefix"], { cwd })
-        if (result.exitCode !== 0) return ""
-        return out(result)
-      })
-
-      const defaultBranch = Effect.fn("Git.defaultBranch")(function* (cwd: string) {
-        const remote = yield* primary(cwd)
-        if (remote) {
-          const head = yield* run(["symbolic-ref", `refs/remotes/${remote}/HEAD`], { cwd })
-          if (head.exitCode === 0) {
-            const ref = out(head).replace(/^refs\/remotes\//, "")
-            const name = ref.startsWith(`${remote}/`) ? ref.slice(`${remote}/`.length) : ""
-            if (name) return { name, ref } satisfies Base
-          }
-        }
-
-        const list = yield* refs(cwd)
-        const next = yield* configured(cwd, list)
-        if (next) return next
-        if (list.includes("main")) return { name: "main", ref: "main" } satisfies Base
-        if (list.includes("master")) return { name: "master", ref: "master" } satisfies Base
-      })
-
-      const hasHead = Effect.fn("Git.hasHead")(function* (cwd: string) {
-        const result = yield* run(["rev-parse", "--verify", "HEAD"], { cwd })
-        return result.exitCode === 0
-      })
-
-      const mergeBase = Effect.fn("Git.mergeBase")(function* (cwd: string, base: string, head = "HEAD") {
-        const result = yield* run(["merge-base", base, head], { cwd })
-        if (result.exitCode !== 0) return
-        const text = out(result)
-        return text || undefined
-      })
-
-      const show = Effect.fn("Git.show")(function* (cwd: string, ref: string, file: string, prefix = "") {
-        const target = prefix ? `${prefix}${file}` : file
-        const result = yield* run(["show", `${ref}:${target}`], { cwd })
-        if (result.exitCode !== 0) return ""
-        if (result.stdout.includes(0)) return ""
-        return result.text()
-      })
-
-      const status = Effect.fn("Git.status")(function* (cwd: string) {
-        return nuls(
-          yield* text(["status", "--porcelain=v1", "--untracked-files=all", "--no-renames", "-z", "--", "."], {
-            cwd,
-          }),
-        ).flatMap((item) => {
-          const file = item.slice(3)
-          if (!file) return []
-          const code = item.slice(0, 2)
-          return [{ file, code, status: kind(code) } satisfies Item]
-        })
-      })
-
-      const diff = Effect.fn("Git.diff")(function* (cwd: string, ref: string) {
-        const list = nuls(
-          yield* text(["diff", "--no-ext-diff", "--no-renames", "--name-status", "-z", ref, "--", "."], { cwd }),
-        )
-        return list.flatMap((code, idx) => {
-          if (idx % 2 !== 0) return []
-          const file = list[idx + 1]
-          if (!code || !file) return []
-          return [{ file, code, status: kind(code) } satisfies Item]
-        })
-      })
-
-      const stats = Effect.fn("Git.stats")(function* (cwd: string, ref: string) {
-        return nuls(
-          yield* text(["diff", "--no-ext-diff", "--no-renames", "--numstat", "-z", ref, "--", "."], { cwd }),
-        ).flatMap((item) => {
-          const a = item.indexOf("\t")
-          const b = item.indexOf("\t", a + 1)
-          if (a === -1 || b === -1) return []
-          const file = item.slice(b + 1)
-          if (!file) return []
-          const adds = item.slice(0, a)
-          const dels = item.slice(a + 1, b)
-          const additions = adds === "-" ? 0 : Number.parseInt(adds || "0", 10)
-          const deletions = dels === "-" ? 0 : Number.parseInt(dels || "0", 10)
-          return [
-            {
-              file,
-              additions: Number.isFinite(additions) ? additions : 0,
-              deletions: Number.isFinite(deletions) ? deletions : 0,
-            } satisfies Stat,
-          ]
-        })
-      })
-
-      return Service.of({
-        run,
-        branch,
-        prefix,
-        defaultBranch,
-        hasHead,
-        mergeBase,
-        show,
-        status,
-        diff,
-        stats,
-      })
-    }),
-  )
-
-  export const defaultLayer = layer.pipe(Layer.provide(CrossSpawnSpawner.defaultLayer))
-}
+export * as Git from "./git"
--- a/packages/opencode/src/global/global.ts
+++ b/packages/opencode/src/global/global.ts
@@ -0,0 +1,56 @@
+import fs from "fs/promises"
+import { xdgData, xdgCache, xdgConfig, xdgState } from "xdg-basedir"
+import path from "path"
+import os from "os"
+import { Filesystem } from "../util/filesystem"
+import { Flock } from "@opencode-ai/shared/util/flock"
+
+const app = "opencode"
+
+const data = path.join(xdgData!, app)
+const cache = path.join(xdgCache!, app)
+const config = path.join(xdgConfig!, app)
+const state = path.join(xdgState!, app)
+
+export const Path = {
+  // Allow override via OPENCODE_TEST_HOME for test isolation
+  get home() {
+    return process.env.OPENCODE_TEST_HOME || os.homedir()
+  },
+  data,
+  bin: path.join(cache, "bin"),
+  log: path.join(data, "log"),
+  cache,
+  config,
+  state,
+}
+
+// Initialize Flock with global state path
+Flock.setGlobal({ state })
+
+await Promise.all([
+  fs.mkdir(Path.data, { recursive: true }),
+  fs.mkdir(Path.config, { recursive: true }),
+  fs.mkdir(Path.state, { recursive: true }),
+  fs.mkdir(Path.log, { recursive: true }),
+  fs.mkdir(Path.bin, { recursive: true }),
+])
+
+const CACHE_VERSION = "21"
+
+const version = await Filesystem.readText(path.join(Path.cache, "version")).catch(() => "0")
+
+if (version !== CACHE_VERSION) {
+  try {
+    const contents = await fs.readdir(Path.cache)
+    await Promise.all(
+      contents.map((item) =>
+        fs.rm(path.join(Path.cache, item), {
+          recursive: true,
+          force: true,
+        }),
+      ),
+    )
+  } catch {}
+  await Filesystem.write(path.join(Path.cache, "version"), CACHE_VERSION)
+}
--- a/packages/opencode/src/global/index.ts
+++ b/packages/opencode/src/global/index.ts
@@ -1,58 +1 @@
-import fs from "fs/promises"
-import { xdgData, xdgCache, xdgConfig, xdgState } from "xdg-basedir"
-import path from "path"
-import os from "os"
-import { Filesystem } from "../util/filesystem"
-import { Flock } from "@opencode-ai/shared/util/flock"
-
-const app = "opencode"
-
-const data = path.join(xdgData!, app)
-const cache = path.join(xdgCache!, app)
-const config = path.join(xdgConfig!, app)
-const state = path.join(xdgState!, app)
-
-export namespace Global {
-  export const Path = {
-    // Allow override via OPENCODE_TEST_HOME for test isolation
-    get home() {
-      return process.env.OPENCODE_TEST_HOME || os.homedir()
-    },
-    data,
-    bin: path.join(cache, "bin"),
-    log: path.join(data, "log"),
-    cache,
-    config,
-    state,
-  }
-}
-
-// Initialize Flock with global state path
-Flock.setGlobal({ state })
-
-await Promise.all([
-  fs.mkdir(Global.Path.data, { recursive: true }),
-  fs.mkdir(Global.Path.config, { recursive: true }),
-  fs.mkdir(Global.Path.state, { recursive: true }),
-  fs.mkdir(Global.Path.log, { recursive: true }),
-  fs.mkdir(Global.Path.bin, { recursive: true }),
-])
-
-const CACHE_VERSION = "21"
-
-const version = await Filesystem.readText(path.join(Global.Path.cache, "version")).catch(() => "0")
-
-if (version !== CACHE_VERSION) {
-  try {
-    const contents = await fs.readdir(Global.Path.cache)
-    await Promise.all(
-      contents.map((item) =>
-        fs.rm(path.join(Global.Path.cache, item), {
-          recursive: true,
-          force: true,
-        }),
-      ),
-    )
-  } catch {}
-  await Filesystem.write(path.join(Global.Path.cache, "version"), CACHE_VERSION)
-}
+export * as Global from "./global"
--- a/packages/opencode/src/ide/ide.ts
+++ b/packages/opencode/src/ide/ide.ts
@@ -0,0 +1,71 @@
+import { BusEvent } from "@/bus/bus-event"
+import z from "zod"
+import { NamedError } from "@opencode-ai/shared/util/error"
+import { Log } from "../util/log"
+import { Process } from "@/util/process"
+
+const SUPPORTED_IDES = [
+  { name: "Windsurf" as const, cmd: "windsurf" },
+  { name: "Visual Studio Code - Insiders" as const, cmd: "code-insiders" },
+  { name: "Visual Studio Code" as const, cmd: "code" },
+  { name: "Cursor" as const, cmd: "cursor" },
+  { name: "VSCodium" as const, cmd: "codium" },
+]
+
+const log = Log.create({ service: "ide" })
+
+export const Event = {
+  Installed: BusEvent.define(
+    "ide.installed",
+    z.object({
+      ide: z.string(),
+    }),
+  ),
+}
+
+export const AlreadyInstalledError = NamedError.create("AlreadyInstalledError", z.object({}))
+
+export const InstallFailedError = NamedError.create(
+  "InstallFailedError",
+  z.object({
+    stderr: z.string(),
+  }),
+)
+
+export function ide() {
+  if (process.env["TERM_PROGRAM"] === "vscode") {
+    const v = process.env["GIT_ASKPASS"]
+    for (const ide of SUPPORTED_IDES) {
+      if (v?.includes(ide.name)) return ide.name
+    }
+  }
+  return "unknown"
+}
+
+export function alreadyInstalled() {
+  return process.env["OPENCODE_CALLER"] === "vscode" || process.env["OPENCODE_CALLER"] === "vscode-insiders"
+}
+
+export async function install(ide: (typeof SUPPORTED_IDES)[number]["name"]) {
+  const cmd = SUPPORTED_IDES.find((i) => i.name === ide)?.cmd
+  if (!cmd) throw new Error(`Unknown IDE: ${ide}`)
+
+  const p = await Process.run([cmd, "--install-extension", "sst-dev.opencode"], {
+    nothrow: true,
+  })
+  const stdout = p.stdout.toString()
+  const stderr = p.stderr.toString()
+
+  log.info("installed", {
+    ide,
+    stdout,
+    stderr,
+  })
+
+  if (p.code !== 0) {
+    throw new InstallFailedError({ stderr })
+  }
+  if (stdout.includes("already installed")) {
+    throw new AlreadyInstalledError({})
+  }
+}
--- a/packages/opencode/src/ide/index.ts
+++ b/packages/opencode/src/ide/index.ts
@@ -1,73 +1 @@
-import { BusEvent } from "@/bus/bus-event"
-import z from "zod"
-import { NamedError } from "@opencode-ai/shared/util/error"
-import { Log } from "../util/log"
-import { Process } from "@/util/process"
-
-const SUPPORTED_IDES = [
-  { name: "Windsurf" as const, cmd: "windsurf" },
-  { name: "Visual Studio Code - Insiders" as const, cmd: "code-insiders" },
-  { name: "Visual Studio Code" as const, cmd: "code" },
-  { name: "Cursor" as const, cmd: "cursor" },
-  { name: "VSCodium" as const, cmd: "codium" },
-]
-
-export namespace Ide {
-  const log = Log.create({ service: "ide" })
-
-  export const Event = {
-    Installed: BusEvent.define(
-      "ide.installed",
-      z.object({
-        ide: z.string(),
-      }),
-    ),
-  }
-
-  export const AlreadyInstalledError = NamedError.create("AlreadyInstalledError", z.object({}))
-
-  export const InstallFailedError = NamedError.create(
-    "InstallFailedError",
-    z.object({
-      stderr: z.string(),
-    }),
-  )
-
-  export function ide() {
-    if (process.env["TERM_PROGRAM"] === "vscode") {
-      const v = process.env["GIT_ASKPASS"]
-      for (const ide of SUPPORTED_IDES) {
-        if (v?.includes(ide.name)) return ide.name
-      }
-    }
-    return "unknown"
-  }
-
-  export function alreadyInstalled() {
-    return process.env["OPENCODE_CALLER"] === "vscode" || process.env["OPENCODE_CALLER"] === "vscode-insiders"
-  }
-
-  export async function install(ide: (typeof SUPPORTED_IDES)[number]["name"]) {
-    const cmd = SUPPORTED_IDES.find((i) => i.name === ide)?.cmd
-    if (!cmd) throw new Error(`Unknown IDE: ${ide}`)
-
-    const p = await Process.run([cmd, "--install-extension", "sst-dev.opencode"], {
-      nothrow: true,
-    })
-    const stdout = p.stdout.toString()
-    const stderr = p.stderr.toString()
-
-    log.info("installed", {
-      ide,
-      stdout,
-      stderr,
-    })
-
-    if (p.code !== 0) {
-      throw new InstallFailedError({ stderr })
-    }
-    if (stdout.includes("already installed")) {
-      throw new AlreadyInstalledError({})
-    }
-  }
-}
+export * as Ide from "./ide"
--- a/packages/opencode/src/installation/index.ts
+++ b/packages/opencode/src/installation/index.ts
@@ -1,340 +1 @@
-import { Effect, Layer, Schema, Context, Stream } from "effect"
-import { FetchHttpClient, HttpClient, HttpClientRequest, HttpClientResponse } from "effect/unstable/http"
-import * as CrossSpawnSpawner from "@/effect/cross-spawn-spawner"
-import { withTransientReadRetry } from "@/util/effect-http-client"
-import { ChildProcess, ChildProcessSpawner } from "effect/unstable/process"
-import path from "path"
-import z from "zod"
-import { BusEvent } from "@/bus/bus-event"
-import { Flag } from "../flag/flag"
-import { Log } from "../util/log"
-import { CHANNEL as channel, VERSION as version } from "./meta"
-
-import semver from "semver"
-
-export namespace Installation {
-  const log = Log.create({ service: "installation" })
-
-  export type Method = "curl" | "npm" | "yarn" | "pnpm" | "bun" | "brew" | "scoop" | "choco" | "unknown"
-
-  export type ReleaseType = "patch" | "minor" | "major"
-
-  export const Event = {
-    Updated: BusEvent.define(
-      "installation.updated",
-      z.object({
-        version: z.string(),
-      }),
-    ),
-    UpdateAvailable: BusEvent.define(
-      "installation.update-available",
-      z.object({
-        version: z.string(),
-      }),
-    ),
-  }
-
-  export function getReleaseType(current: string, latest: string): ReleaseType {
-    const currMajor = semver.major(current)
-    const currMinor = semver.minor(current)
-    const newMajor = semver.major(latest)
-    const newMinor = semver.minor(latest)
-
-    if (newMajor > currMajor) return "major"
-    if (newMinor > currMinor) return "minor"
-    return "patch"
-  }
-
-  export const Info = z
-    .object({
-      version: z.string(),
-      latest: z.string(),
-    })
-    .meta({
-      ref: "InstallationInfo",
-    })
-  export type Info = z.infer<typeof Info>
-
-  export const VERSION = version
-  export const CHANNEL = channel
-  export const USER_AGENT = `opencode/${CHANNEL}/${VERSION}/${Flag.OPENCODE_CLIENT}`
-
-  export function isPreview() {
-    return CHANNEL !== "latest"
-  }
-
-  export function isLocal() {
-    return CHANNEL === "local"
-  }
-
-  export class UpgradeFailedError extends Schema.TaggedErrorClass<UpgradeFailedError>()("UpgradeFailedError", {
-    stderr: Schema.String,
-  }) {}
-
-  // Response schemas for external version APIs
-  const GitHubRelease = Schema.Struct({ tag_name: Schema.String })
-  const NpmPackage = Schema.Struct({ version: Schema.String })
-  const BrewFormula = Schema.Struct({ versions: Schema.Struct({ stable: Schema.String }) })
-  const BrewInfoV2 = Schema.Struct({
-    formulae: Schema.Array(Schema.Struct({ versions: Schema.Struct({ stable: Schema.String }) })),
-  })
-  const ChocoPackage = Schema.Struct({
-    d: Schema.Struct({ results: Schema.Array(Schema.Struct({ Version: Schema.String })) }),
-  })
-  const ScoopManifest = NpmPackage
-
-  export interface Interface {
-    readonly info: () => Effect.Effect<Info>
-    readonly method: () => Effect.Effect<Method>
-    readonly latest: (method?: Method) => Effect.Effect<string>
-    readonly upgrade: (method: Method, target: string) => Effect.Effect<void, UpgradeFailedError>
-  }
-
-  export class Service extends Context.Service<Service, Interface>()("@opencode/Installation") {}
-
-  export const layer: Layer.Layer<Service, never, HttpClient.HttpClient | ChildProcessSpawner.ChildProcessSpawner> =
-    Layer.effect(
-      Service,
-      Effect.gen(function* () {
-        const http = yield* HttpClient.HttpClient
-        const httpOk = HttpClient.filterStatusOk(withTransientReadRetry(http))
-        const spawner = yield* ChildProcessSpawner.ChildProcessSpawner
-
-        const text = Effect.fnUntraced(
-          function* (cmd: string[], opts?: { cwd?: string; env?: Record<string, string> }) {
-            const proc = ChildProcess.make(cmd[0], cmd.slice(1), {
-              cwd: opts?.cwd,
-              env: opts?.env,
-              extendEnv: true,
-            })
-            const handle = yield* spawner.spawn(proc)
-            const out = yield* Stream.mkString(Stream.decodeText(handle.stdout))
-            yield* handle.exitCode
-            return out
-          },
-          Effect.scoped,
-          Effect.catch(() => Effect.succeed("")),
-        )
-
-        const run = Effect.fnUntraced(
-          function* (cmd: string[], opts?: { cwd?: string; env?: Record<string, string> }) {
-            const proc = ChildProcess.make(cmd[0], cmd.slice(1), {
-              cwd: opts?.cwd,
-              env: opts?.env,
-              extendEnv: true,
-            })
-            const handle = yield* spawner.spawn(proc)
-            const [stdout, stderr] = yield* Effect.all(
-              [Stream.mkString(Stream.decodeText(handle.stdout)), Stream.mkString(Stream.decodeText(handle.stderr))],
-              { concurrency: 2 },
-            )
-            const code = yield* handle.exitCode
-            return { code, stdout, stderr }
-          },
-          Effect.scoped,
-          Effect.catch(() => Effect.succeed({ code: ChildProcessSpawner.ExitCode(1), stdout: "", stderr: "" })),
-        )
-
-        const getBrewFormula = Effect.fnUntraced(function* () {
-          const tapFormula = yield* text(["brew", "list", "--formula", "anomalyco/tap/opencode"])
-          if (tapFormula.includes("opencode")) return "anomalyco/tap/opencode"
-          const coreFormula = yield* text(["brew", "list", "--formula", "opencode"])
-          if (coreFormula.includes("opencode")) return "opencode"
-          return "opencode"
-        })
-
-        const upgradeCurl = Effect.fnUntraced(
-          function* (target: string) {
-            const response = yield* httpOk.execute(HttpClientRequest.get("https://opencode.ai/install"))
-            const body = yield* response.text
-            const bodyBytes = new TextEncoder().encode(body)
-            const proc = ChildProcess.make("bash", [], {
-              stdin: Stream.make(bodyBytes),
-              env: { VERSION: target },
-              extendEnv: true,
-            })
-            const handle = yield* spawner.spawn(proc)
-            const [stdout, stderr] = yield* Effect.all(
-              [Stream.mkString(Stream.decodeText(handle.stdout)), Stream.mkString(Stream.decodeText(handle.stderr))],
-              { concurrency: 2 },
-            )
-            const code = yield* handle.exitCode
-            return { code, stdout, stderr }
-          },
-          Effect.scoped,
-          Effect.orDie,
-        )
-
-        const methodImpl = Effect.fn("Installation.method")(function* () {
-          if (process.execPath.includes(path.join(".opencode", "bin"))) return "curl" as Method
-          if (process.execPath.includes(path.join(".local", "bin"))) return "curl" as Method
-          const exec = process.execPath.toLowerCase()
-
-          const checks: Array<{ name: Method; command: () => Effect.Effect<string> }> = [
-            { name: "npm", command: () => text(["npm", "list", "-g", "--depth=0"]) },
-            { name: "yarn", command: () => text(["yarn", "global", "list"]) },
-            { name: "pnpm", command: () => text(["pnpm", "list", "-g", "--depth=0"]) },
-            { name: "bun", command: () => text(["bun", "pm", "ls", "-g"]) },
-            { name: "brew", command: () => text(["brew", "list", "--formula", "opencode"]) },
-            { name: "scoop", command: () => text(["scoop", "list", "opencode"]) },
-            { name: "choco", command: () => text(["choco", "list", "--limit-output", "opencode"]) },
-          ]
-
-          checks.sort((a, b) => {
-            const aMatches = exec.includes(a.name)
-            const bMatches = exec.includes(b.name)
-            if (aMatches && !bMatches) return -1
-            if (!aMatches && bMatches) return 1
-            return 0
-          })
-
-          for (const check of checks) {
-            const output = yield* check.command()
-            const installedName =
-              check.name === "brew" || check.name === "choco" || check.name === "scoop" ? "opencode" : "opencode-ai"
-            if (output.includes(installedName)) {
-              return check.name
-            }
-          }
-
-          return "unknown" as Method
-        })
-
-        const latestImpl = Effect.fn("Installation.latest")(function* (installMethod?: Method) {
-          const detectedMethod = installMethod || (yield* methodImpl())
-
-          if (detectedMethod === "brew") {
-            const formula = yield* getBrewFormula()
-            if (formula.includes("/")) {
-              const infoJson = yield* text(["brew", "info", "--json=v2", formula])
-              const info = yield* Schema.decodeUnknownEffect(Schema.fromJsonString(BrewInfoV2))(infoJson)
-              return info.formulae[0].versions.stable
-            }
-            const response = yield* httpOk.execute(
-              HttpClientRequest.get("https://formulae.brew.sh/api/formula/opencode.json").pipe(
-                HttpClientRequest.acceptJson,
-              ),
-            )
-            const data = yield* HttpClientResponse.schemaBodyJson(BrewFormula)(response)
-            return data.versions.stable
-          }
-
-          if (detectedMethod === "npm" || detectedMethod === "bun" || detectedMethod === "pnpm") {
-            const r = (yield* text(["npm", "config", "get", "registry"])).trim()
-            const reg = r || "https://registry.npmjs.org"
-            const registry = reg.endsWith("/") ? reg.slice(0, -1) : reg
-            const channel = CHANNEL
-            const response = yield* httpOk.execute(
-              HttpClientRequest.get(`${registry}/opencode-ai/${channel}`).pipe(HttpClientRequest.acceptJson),
-            )
-            const data = yield* HttpClientResponse.schemaBodyJson(NpmPackage)(response)
-            return data.version
-          }
-
-          if (detectedMethod === "choco") {
-            const response = yield* httpOk.execute(
-              HttpClientRequest.get(
-                "https://community.chocolatey.org/api/v2/Packages?$filter=Id%20eq%20%27opencode%27%20and%20IsLatestVersion&$select=Version",
-              ).pipe(HttpClientRequest.setHeaders({ Accept: "application/json;odata=verbose" })),
-            )
-            const data = yield* HttpClientResponse.schemaBodyJson(ChocoPackage)(response)
-            return data.d.results[0].Version
-          }
-
-          if (detectedMethod === "scoop") {
-            const response = yield* httpOk.execute(
-              HttpClientRequest.get(
-                "https://raw.githubusercontent.com/ScoopInstaller/Main/master/bucket/opencode.json",
-              ).pipe(HttpClientRequest.setHeaders({ Accept: "application/json" })),
-            )
-            const data = yield* HttpClientResponse.schemaBodyJson(ScoopManifest)(response)
-            return data.version
-          }
-
-          const response = yield* httpOk.execute(
-            HttpClientRequest.get("https://api.github.com/repos/anomalyco/opencode/releases/latest").pipe(
-              HttpClientRequest.acceptJson,
-            ),
-          )
-          const data = yield* HttpClientResponse.schemaBodyJson(GitHubRelease)(response)
-          return data.tag_name.replace(/^v/, "")
-        }, Effect.orDie)
-
-        const upgradeImpl = Effect.fn("Installation.upgrade")(function* (m: Method, target: string) {
-          let result: { code: ChildProcessSpawner.ExitCode; stdout: string; stderr: string } | undefined
-          switch (m) {
-            case "curl":
-              result = yield* upgradeCurl(target)
-              break
-            case "npm":
-              result = yield* run(["npm", "install", "-g", `opencode-ai@${target}`])
-              break
-            case "pnpm":
-              result = yield* run(["pnpm", "install", "-g", `opencode-ai@${target}`])
-              break
-            case "bun":
-              result = yield* run(["bun", "install", "-g", `opencode-ai@${target}`])
-              break
-            case "brew": {
-              const formula = yield* getBrewFormula()
-              const env = { HOMEBREW_NO_AUTO_UPDATE: "1" }
-              if (formula.includes("/")) {
-                const tap = yield* run(["brew", "tap", "anomalyco/tap"], { env })
-                if (tap.code !== 0) {
-                  result = tap
-                  break
-                }
-                const repo = yield* text(["brew", "--repo", "anomalyco/tap"])
-                const dir = repo.trim()
-                if (dir) {
-                  const pull = yield* run(["git", "pull", "--ff-only"], { cwd: dir, env })
-                  if (pull.code !== 0) {
-                    result = pull
-                    break
-                  }
-                }
-              }
-              result = yield* run(["brew", "upgrade", formula], { env })
-              break
-            }
-            case "choco":
-              result = yield* run(["choco", "upgrade", "opencode", `--version=${target}`, "-y"])
-              break
-            case "scoop":
-              result = yield* run(["scoop", "install", `opencode@${target}`])
-              break
-            default:
-              return yield* new UpgradeFailedError({ stderr: `Unknown method: ${m}` })
-          }
-          if (!result || result.code !== 0) {
-            const stderr = m === "choco" ? "not running from an elevated command shell" : result?.stderr || ""
-            return yield* new UpgradeFailedError({ stderr })
-          }
-          log.info("upgraded", {
-            method: m,
-            target,
-            stdout: result.stdout,
-            stderr: result.stderr,
-          })
-          yield* text([process.execPath, "--version"])
-        })
-
-        return Service.of({
-          info: Effect.fn("Installation.info")(function* () {
-            return {
-              version: VERSION,
-              latest: yield* latestImpl(),
-            }
-          }),
-          method: methodImpl,
-          latest: latestImpl,
-          upgrade: upgradeImpl,
-        })
-      }),
-    )
-
-  export const defaultLayer = layer.pipe(
-    Layer.provide(FetchHttpClient.layer),
-    Layer.provide(CrossSpawnSpawner.defaultLayer),
-  )
-}
+export * as Installation from "./installation"
--- a/packages/opencode/src/installation/installation.ts
+++ b/packages/opencode/src/installation/installation.ts
@@ -0,0 +1,338 @@
+import { Effect, Layer, Schema, Context, Stream } from "effect"
+import { FetchHttpClient, HttpClient, HttpClientRequest, HttpClientResponse } from "effect/unstable/http"
+import * as CrossSpawnSpawner from "@/effect/cross-spawn-spawner"
+import { withTransientReadRetry } from "@/util/effect-http-client"
+import { ChildProcess, ChildProcessSpawner } from "effect/unstable/process"
+import path from "path"
+import z from "zod"
+import { BusEvent } from "@/bus/bus-event"
+import { Flag } from "../flag/flag"
+import { Log } from "../util/log"
+import { CHANNEL as channel, VERSION as version } from "./meta"
+
+import semver from "semver"
+
+const log = Log.create({ service: "installation" })
+
+export type Method = "curl" | "npm" | "yarn" | "pnpm" | "bun" | "brew" | "scoop" | "choco" | "unknown"
+
+export type ReleaseType = "patch" | "minor" | "major"
+
+export const Event = {
+  Updated: BusEvent.define(
+    "installation.updated",
+    z.object({
+      version: z.string(),
+    }),
+  ),
+  UpdateAvailable: BusEvent.define(
+    "installation.update-available",
+    z.object({
+      version: z.string(),
+    }),
+  ),
+}
+
+export function getReleaseType(current: string, latest: string): ReleaseType {
+  const currMajor = semver.major(current)
+  const currMinor = semver.minor(current)
+  const newMajor = semver.major(latest)
+  const newMinor = semver.minor(latest)
+
+  if (newMajor > currMajor) return "major"
+  if (newMinor > currMinor) return "minor"
+  return "patch"
+}
+
+export const Info = z
+  .object({
+    version: z.string(),
+    latest: z.string(),
+  })
+  .meta({
+    ref: "InstallationInfo",
+  })
+export type Info = z.infer<typeof Info>
+
+export const VERSION = version
+export const CHANNEL = channel
+export const USER_AGENT = `opencode/${CHANNEL}/${VERSION}/${Flag.OPENCODE_CLIENT}`
+
+export function isPreview() {
+  return CHANNEL !== "latest"
+}
+
+export function isLocal() {
+  return CHANNEL === "local"
+}
+
+export class UpgradeFailedError extends Schema.TaggedErrorClass<UpgradeFailedError>()("UpgradeFailedError", {
+  stderr: Schema.String,
+}) {}
+
+// Response schemas for external version APIs
+const GitHubRelease = Schema.Struct({ tag_name: Schema.String })
+const NpmPackage = Schema.Struct({ version: Schema.String })
+const BrewFormula = Schema.Struct({ versions: Schema.Struct({ stable: Schema.String }) })
+const BrewInfoV2 = Schema.Struct({
+  formulae: Schema.Array(Schema.Struct({ versions: Schema.Struct({ stable: Schema.String }) })),
+})
+const ChocoPackage = Schema.Struct({
+  d: Schema.Struct({ results: Schema.Array(Schema.Struct({ Version: Schema.String })) }),
+})
+const ScoopManifest = NpmPackage
+
+export interface Interface {
+  readonly info: () => Effect.Effect<Info>
+  readonly method: () => Effect.Effect<Method>
+  readonly latest: (method?: Method) => Effect.Effect<string>
+  readonly upgrade: (method: Method, target: string) => Effect.Effect<void, UpgradeFailedError>
+}
+
+export class Service extends Context.Service<Service, Interface>()("@opencode/Installation") {}
+
+export const layer: Layer.Layer<Service, never, HttpClient.HttpClient | ChildProcessSpawner.ChildProcessSpawner> =
+  Layer.effect(
+    Service,
+    Effect.gen(function* () {
+      const http = yield* HttpClient.HttpClient
+      const httpOk = HttpClient.filterStatusOk(withTransientReadRetry(http))
+      const spawner = yield* ChildProcessSpawner.ChildProcessSpawner
+
+      const text = Effect.fnUntraced(
+        function* (cmd: string[], opts?: { cwd?: string; env?: Record<string, string> }) {
+          const proc = ChildProcess.make(cmd[0], cmd.slice(1), {
+            cwd: opts?.cwd,
+            env: opts?.env,
+            extendEnv: true,
+          })
+          const handle = yield* spawner.spawn(proc)
+          const out = yield* Stream.mkString(Stream.decodeText(handle.stdout))
+          yield* handle.exitCode
+          return out
+        },
+        Effect.scoped,
+        Effect.catch(() => Effect.succeed("")),
+      )
+
+      const run = Effect.fnUntraced(
+        function* (cmd: string[], opts?: { cwd?: string; env?: Record<string, string> }) {
+          const proc = ChildProcess.make(cmd[0], cmd.slice(1), {
+            cwd: opts?.cwd,
+            env: opts?.env,
+            extendEnv: true,
+          })
+          const handle = yield* spawner.spawn(proc)
+          const [stdout, stderr] = yield* Effect.all(
+            [Stream.mkString(Stream.decodeText(handle.stdout)), Stream.mkString(Stream.decodeText(handle.stderr))],
+            { concurrency: 2 },
+          )
+          const code = yield* handle.exitCode
+          return { code, stdout, stderr }
+        },
+        Effect.scoped,
+        Effect.catch(() => Effect.succeed({ code: ChildProcessSpawner.ExitCode(1), stdout: "", stderr: "" })),
+      )
+
+      const getBrewFormula = Effect.fnUntraced(function* () {
+        const tapFormula = yield* text(["brew", "list", "--formula", "anomalyco/tap/opencode"])
+        if (tapFormula.includes("opencode")) return "anomalyco/tap/opencode"
+        const coreFormula = yield* text(["brew", "list", "--formula", "opencode"])
+        if (coreFormula.includes("opencode")) return "opencode"
+        return "opencode"
+      })
+
+      const upgradeCurl = Effect.fnUntraced(
+        function* (target: string) {
+          const response = yield* httpOk.execute(HttpClientRequest.get("https://opencode.ai/install"))
+          const body = yield* response.text
+          const bodyBytes = new TextEncoder().encode(body)
+          const proc = ChildProcess.make("bash", [], {
+            stdin: Stream.make(bodyBytes),
+            env: { VERSION: target },
+            extendEnv: true,
+          })
+          const handle = yield* spawner.spawn(proc)
+          const [stdout, stderr] = yield* Effect.all(
+            [Stream.mkString(Stream.decodeText(handle.stdout)), Stream.mkString(Stream.decodeText(handle.stderr))],
+            { concurrency: 2 },
+          )
+          const code = yield* handle.exitCode
+          return { code, stdout, stderr }
+        },
+        Effect.scoped,
+        Effect.orDie,
+      )
+
+      const methodImpl = Effect.fn("Installation.method")(function* () {
+        if (process.execPath.includes(path.join(".opencode", "bin"))) return "curl" as Method
+        if (process.execPath.includes(path.join(".local", "bin"))) return "curl" as Method
+        const exec = process.execPath.toLowerCase()
+
+        const checks: Array<{ name: Method; command: () => Effect.Effect<string> }> = [
+          { name: "npm", command: () => text(["npm", "list", "-g", "--depth=0"]) },
+          { name: "yarn", command: () => text(["yarn", "global", "list"]) },
+          { name: "pnpm", command: () => text(["pnpm", "list", "-g", "--depth=0"]) },
+          { name: "bun", command: () => text(["bun", "pm", "ls", "-g"]) },
+          { name: "brew", command: () => text(["brew", "list", "--formula", "opencode"]) },
+          { name: "scoop", command: () => text(["scoop", "list", "opencode"]) },
+          { name: "choco", command: () => text(["choco", "list", "--limit-output", "opencode"]) },
+        ]
+
+        checks.sort((a, b) => {
+          const aMatches = exec.includes(a.name)
+          const bMatches = exec.includes(b.name)
+          if (aMatches && !bMatches) return -1
+          if (!aMatches && bMatches) return 1
+          return 0
+        })
+
+        for (const check of checks) {
+          const output = yield* check.command()
+          const installedName =
+            check.name === "brew" || check.name === "choco" || check.name === "scoop" ? "opencode" : "opencode-ai"
+          if (output.includes(installedName)) {
+            return check.name
+          }
+        }
+
+        return "unknown" as Method
+      })
+
+      const latestImpl = Effect.fn("Installation.latest")(function* (installMethod?: Method) {
+        const detectedMethod = installMethod || (yield* methodImpl())
+
+        if (detectedMethod === "brew") {
+          const formula = yield* getBrewFormula()
+          if (formula.includes("/")) {
+            const infoJson = yield* text(["brew", "info", "--json=v2", formula])
+            const info = yield* Schema.decodeUnknownEffect(Schema.fromJsonString(BrewInfoV2))(infoJson)
+            return info.formulae[0].versions.stable
+          }
+          const response = yield* httpOk.execute(
+            HttpClientRequest.get("https://formulae.brew.sh/api/formula/opencode.json").pipe(
+              HttpClientRequest.acceptJson,
+            ),
+          )
+          const data = yield* HttpClientResponse.schemaBodyJson(BrewFormula)(response)
+          return data.versions.stable
+        }
+
+        if (detectedMethod === "npm" || detectedMethod === "bun" || detectedMethod === "pnpm") {
+          const r = (yield* text(["npm", "config", "get", "registry"])).trim()
+          const reg = r || "https://registry.npmjs.org"
+          const registry = reg.endsWith("/") ? reg.slice(0, -1) : reg
+          const channel = CHANNEL
+          const response = yield* httpOk.execute(
+            HttpClientRequest.get(`${registry}/opencode-ai/${channel}`).pipe(HttpClientRequest.acceptJson),
+          )
+          const data = yield* HttpClientResponse.schemaBodyJson(NpmPackage)(response)
+          return data.version
+        }
+
+        if (detectedMethod === "choco") {
+          const response = yield* httpOk.execute(
+            HttpClientRequest.get(
+              "https://community.chocolatey.org/api/v2/Packages?$filter=Id%20eq%20%27opencode%27%20and%20IsLatestVersion&$select=Version",
+            ).pipe(HttpClientRequest.setHeaders({ Accept: "application/json;odata=verbose" })),
+          )
+          const data = yield* HttpClientResponse.schemaBodyJson(ChocoPackage)(response)
+          return data.d.results[0].Version
+        }
+
+        if (detectedMethod === "scoop") {
+          const response = yield* httpOk.execute(
+            HttpClientRequest.get(
+              "https://raw.githubusercontent.com/ScoopInstaller/Main/master/bucket/opencode.json",
+            ).pipe(HttpClientRequest.setHeaders({ Accept: "application/json" })),
+          )
+          const data = yield* HttpClientResponse.schemaBodyJson(ScoopManifest)(response)
+          return data.version
+        }
+
+        const response = yield* httpOk.execute(
+          HttpClientRequest.get("https://api.github.com/repos/anomalyco/opencode/releases/latest").pipe(
+            HttpClientRequest.acceptJson,
+          ),
+        )
+        const data = yield* HttpClientResponse.schemaBodyJson(GitHubRelease)(response)
+        return data.tag_name.replace(/^v/, "")
+      }, Effect.orDie)
+
+      const upgradeImpl = Effect.fn("Installation.upgrade")(function* (m: Method, target: string) {
+        let result: { code: ChildProcessSpawner.ExitCode; stdout: string; stderr: string } | undefined
+        switch (m) {
+          case "curl":
+            result = yield* upgradeCurl(target)
+            break
+          case "npm":
+            result = yield* run(["npm", "install", "-g", `opencode-ai@${target}`])
+            break
+          case "pnpm":
+            result = yield* run(["pnpm", "install", "-g", `opencode-ai@${target}`])
+            break
+          case "bun":
+            result = yield* run(["bun", "install", "-g", `opencode-ai@${target}`])
+            break
+          case "brew": {
+            const formula = yield* getBrewFormula()
+            const env = { HOMEBREW_NO_AUTO_UPDATE: "1" }
+            if (formula.includes("/")) {
+              const tap = yield* run(["brew", "tap", "anomalyco/tap"], { env })
+              if (tap.code !== 0) {
+                result = tap
+                break
+              }
+              const repo = yield* text(["brew", "--repo", "anomalyco/tap"])
+              const dir = repo.trim()
+              if (dir) {
+                const pull = yield* run(["git", "pull", "--ff-only"], { cwd: dir, env })
+                if (pull.code !== 0) {
+                  result = pull
+                  break
+                }
+              }
+            }
+            result = yield* run(["brew", "upgrade", formula], { env })
+            break
+          }
+          case "choco":
+            result = yield* run(["choco", "upgrade", "opencode", `--version=${target}`, "-y"])
+            break
+          case "scoop":
+            result = yield* run(["scoop", "install", `opencode@${target}`])
+            break
+          default:
+            return yield* new UpgradeFailedError({ stderr: `Unknown method: ${m}` })
+        }
+        if (!result || result.code !== 0) {
+          const stderr = m === "choco" ? "not running from an elevated command shell" : result?.stderr || ""
+          return yield* new UpgradeFailedError({ stderr })
+        }
+        log.info("upgraded", {
+          method: m,
+          target,
+          stdout: result.stdout,
+          stderr: result.stderr,
+        })
+        yield* text([process.execPath, "--version"])
+      })
+
+      return Service.of({
+        info: Effect.fn("Installation.info")(function* () {
+          return {
+            version: VERSION,
+            latest: yield* latestImpl(),
+          }
+        }),
+        method: methodImpl,
+        latest: latestImpl,
+        upgrade: upgradeImpl,
+      })
+    }),
+  )
+
+export const defaultLayer = layer.pipe(
+  Layer.provide(FetchHttpClient.layer),
+  Layer.provide(CrossSpawnSpawner.defaultLayer),
+)
--- a/packages/opencode/src/lsp/index.ts
+++ b/packages/opencode/src/lsp/index.ts
@@ -12,7 +12,7 @@ import { Flag } from "@/flag/flag"
 import { Process } from "../util/process"
 import { spawn as lspspawn } from "./launch"
 import { Effect, Layer, Context } from "effect"
-import { InstanceState } from "@/effect/instance-state"
+import { InstanceState } from "@/effect"

 export namespace LSP {
  const log = Log.create({ service: "lsp" })
--- a/packages/opencode/src/lsp/server.ts
+++ b/packages/opencode/src/lsp/server.ts
@@ -8,7 +8,7 @@ import fs from "fs/promises"
 import { Filesystem } from "../util/filesystem"
 import { Instance } from "../project/instance"
 import { Flag } from "../flag/flag"
-import { Archive } from "../util/archive"
+import { Archive } from "../util"
 import { Process } from "../util/process"
 import { which } from "../util/which"
 import { Module } from "@opencode-ai/shared/util/module"
--- a/packages/opencode/src/mcp/index.ts
+++ b/packages/opencode/src/mcp/index.ts
@@ -1,930 +1 @@
-import { dynamicTool, type Tool, jsonSchema, type JSONSchema7 } from "ai"
-import { Client } from "@modelcontextprotocol/sdk/client/index.js"
-import { StreamableHTTPClientTransport } from "@modelcontextprotocol/sdk/client/streamableHttp.js"
-import { SSEClientTransport } from "@modelcontextprotocol/sdk/client/sse.js"
-import { StdioClientTransport } from "@modelcontextprotocol/sdk/client/stdio.js"
-import { UnauthorizedError } from "@modelcontextprotocol/sdk/client/auth.js"
-import {
-  CallToolResultSchema,
-  type Tool as MCPToolDef,
-  ToolListChangedNotificationSchema,
-} from "@modelcontextprotocol/sdk/types.js"
-import { Config } from "../config"
-import { Log } from "../util/log"
-import { NamedError } from "@opencode-ai/shared/util/error"
-import z from "zod/v4"
-import { Instance } from "../project/instance"
-import { Installation } from "../installation"
-import { withTimeout } from "@/util/timeout"
-import { AppFileSystem } from "@opencode-ai/shared/filesystem"
-import { McpOAuthProvider } from "./oauth-provider"
-import { McpOAuthCallback } from "./oauth-callback"
-import { McpAuth } from "./auth"
-import { BusEvent } from "../bus/bus-event"
-import { Bus } from "@/bus"
-import { TuiEvent } from "@/cli/cmd/tui/event"
-import open from "open"
-import { Effect, Exit, Layer, Option, Context, Stream } from "effect"
-import { EffectBridge } from "@/effect/bridge"
-import { InstanceState } from "@/effect/instance-state"
-import { ChildProcess, ChildProcessSpawner } from "effect/unstable/process"
-import * as CrossSpawnSpawner from "@/effect/cross-spawn-spawner"
-
-export namespace MCP {
-  const log = Log.create({ service: "mcp" })
-  const DEFAULT_TIMEOUT = 30_000
-
-  export const Resource = z
-    .object({
-      name: z.string(),
-      uri: z.string(),
-      description: z.string().optional(),
-      mimeType: z.string().optional(),
-      client: z.string(),
-    })
-    .meta({ ref: "McpResource" })
-  export type Resource = z.infer<typeof Resource>
-
-  export const ToolsChanged = BusEvent.define(
-    "mcp.tools.changed",
-    z.object({
-      server: z.string(),
-    }),
-  )
-
-  export const BrowserOpenFailed = BusEvent.define(
-    "mcp.browser.open.failed",
-    z.object({
-      mcpName: z.string(),
-      url: z.string(),
-    }),
-  )
-
-  export const Failed = NamedError.create(
-    "MCPFailed",
-    z.object({
-      name: z.string(),
-    }),
-  )
-
-  type MCPClient = Client
-
-  export const Status = z
-    .discriminatedUnion("status", [
-      z
-        .object({
-          status: z.literal("connected"),
-        })
-        .meta({
-          ref: "MCPStatusConnected",
-        }),
-      z
-        .object({
-          status: z.literal("disabled"),
-        })
-        .meta({
-          ref: "MCPStatusDisabled",
-        }),
-      z
-        .object({
-          status: z.literal("failed"),
-          error: z.string(),
-        })
-        .meta({
-          ref: "MCPStatusFailed",
-        }),
-      z
-        .object({
-          status: z.literal("needs_auth"),
-        })
-        .meta({
-          ref: "MCPStatusNeedsAuth",
-        }),
-      z
-        .object({
-          status: z.literal("needs_client_registration"),
-          error: z.string(),
-        })
-        .meta({
-          ref: "MCPStatusNeedsClientRegistration",
-        }),
-    ])
-    .meta({
-      ref: "MCPStatus",
-    })
-  export type Status = z.infer<typeof Status>
-
-  // Store transports for OAuth servers to allow finishing auth
-  type TransportWithAuth = StreamableHTTPClientTransport | SSEClientTransport
-  const pendingOAuthTransports = new Map<string, TransportWithAuth>()
-
-  // Prompt cache types
-  type PromptInfo = Awaited<ReturnType<MCPClient["listPrompts"]>>["prompts"][number]
-  type ResourceInfo = Awaited<ReturnType<MCPClient["listResources"]>>["resources"][number]
-  type McpEntry = NonNullable<Config.Info["mcp"]>[string]
-
-  function isMcpConfigured(entry: McpEntry): entry is Config.Mcp {
-    return typeof entry === "object" && entry !== null && "type" in entry
-  }
-
-  const sanitize = (s: string) => s.replace(/[^a-zA-Z0-9_-]/g, "_")
-
-  // Convert MCP tool definition to AI SDK Tool type
-  function convertMcpTool(mcpTool: MCPToolDef, client: MCPClient, timeout?: number): Tool {
-    const inputSchema = mcpTool.inputSchema
-
-    // Spread first, then override type to ensure it's always "object"
-    const schema: JSONSchema7 = {
-      ...(inputSchema as JSONSchema7),
-      type: "object",
-      properties: (inputSchema.properties ?? {}) as JSONSchema7["properties"],
-      additionalProperties: false,
-    }
-
-    return dynamicTool({
-      description: mcpTool.description ?? "",
-      inputSchema: jsonSchema(schema),
-      execute: async (args: unknown) => {
-        return client.callTool(
-          {
-            name: mcpTool.name,
-            arguments: (args || {}) as Record<string, unknown>,
-          },
-          CallToolResultSchema,
-          {
-            resetTimeoutOnProgress: true,
-            timeout,
-          },
-        )
-      },
-    })
-  }
-
-  function defs(key: string, client: MCPClient, timeout?: number) {
-    return Effect.tryPromise({
-      try: () => withTimeout(client.listTools(), timeout ?? DEFAULT_TIMEOUT),
-      catch: (err) => (err instanceof Error ? err : new Error(String(err))),
-    }).pipe(
-      Effect.map((result) => result.tools),
-      Effect.catch((err) => {
-        log.error("failed to get tools from client", { key, error: err })
-        return Effect.succeed(undefined)
-      }),
-    )
-  }
-
-  function fetchFromClient<T extends { name: string }>(
-    clientName: string,
-    client: Client,
-    listFn: (c: Client) => Promise<T[]>,
-    label: string,
-  ) {
-    return Effect.tryPromise({
-      try: () => listFn(client),
-      catch: (e: any) => {
-        log.error(`failed to get ${label}`, { clientName, error: e.message })
-        return e
-      },
-    }).pipe(
-      Effect.map((items) => {
-        const out: Record<string, T & { client: string }> = {}
-        const sanitizedClient = sanitize(clientName)
-        for (const item of items) {
-          out[sanitizedClient + ":" + sanitize(item.name)] = { ...item, client: clientName }
-        }
-        return out
-      }),
-      Effect.orElseSucceed(() => undefined),
-    )
-  }
-
-  interface CreateResult {
-    mcpClient?: MCPClient
-    status: Status
-    defs?: MCPToolDef[]
-  }
-
-  interface AuthResult {
-    authorizationUrl: string
-    oauthState: string
-    client?: MCPClient
-  }
-
-  // --- Effect Service ---
-
-  interface State {
-    status: Record<string, Status>
-    clients: Record<string, MCPClient>
-    defs: Record<string, MCPToolDef[]>
-  }
-
-  export interface Interface {
-    readonly status: () => Effect.Effect<Record<string, Status>>
-    readonly clients: () => Effect.Effect<Record<string, MCPClient>>
-    readonly tools: () => Effect.Effect<Record<string, Tool>>
-    readonly prompts: () => Effect.Effect<Record<string, PromptInfo & { client: string }>>
-    readonly resources: () => Effect.Effect<Record<string, ResourceInfo & { client: string }>>
-    readonly add: (name: string, mcp: Config.Mcp) => Effect.Effect<{ status: Record<string, Status> | Status }>
-    readonly connect: (name: string) => Effect.Effect<void>
-    readonly disconnect: (name: string) => Effect.Effect<void>
-    readonly getPrompt: (
-      clientName: string,
-      name: string,
-      args?: Record<string, string>,
-    ) => Effect.Effect<Awaited<ReturnType<MCPClient["getPrompt"]>> | undefined>
-    readonly readResource: (
-      clientName: string,
-      resourceUri: string,
-    ) => Effect.Effect<Awaited<ReturnType<MCPClient["readResource"]>> | undefined>
-    readonly startAuth: (mcpName: string) => Effect.Effect<{ authorizationUrl: string; oauthState: string }>
-    readonly authenticate: (mcpName: string) => Effect.Effect<Status>
-    readonly finishAuth: (mcpName: string, authorizationCode: string) => Effect.Effect<Status>
-    readonly removeAuth: (mcpName: string) => Effect.Effect<void>
-    readonly supportsOAuth: (mcpName: string) => Effect.Effect<boolean>
-    readonly hasStoredTokens: (mcpName: string) => Effect.Effect<boolean>
-    readonly getAuthStatus: (mcpName: string) => Effect.Effect<AuthStatus>
-  }
-
-  export class Service extends Context.Service<Service, Interface>()("@opencode/MCP") {}
-
-  export const layer = Layer.effect(
-    Service,
-    Effect.gen(function* () {
-      const spawner = yield* ChildProcessSpawner.ChildProcessSpawner
-      const auth = yield* McpAuth.Service
-      const bus = yield* Bus.Service
-
-      type Transport = StdioClientTransport | StreamableHTTPClientTransport | SSEClientTransport
-
-      /**
-       * Connect a client via the given transport with resource safety:
-       * on failure the transport is closed; on success the caller owns it.
-       */
-      const connectTransport = (transport: Transport, timeout: number) =>
-        Effect.acquireUseRelease(
-          Effect.succeed(transport),
-          (t) =>
-            Effect.tryPromise({
-              try: () => {
-                const client = new Client({ name: "opencode", version: Installation.VERSION })
-                return withTimeout(client.connect(t), timeout).then(() => client)
-              },
-              catch: (e) => (e instanceof Error ? e : new Error(String(e))),
-            }),
-          (t, exit) => (Exit.isFailure(exit) ? Effect.tryPromise(() => t.close()).pipe(Effect.ignore) : Effect.void),
-        )
-
-      const DISABLED_RESULT: CreateResult = { status: { status: "disabled" } }
-
-      const connectRemote = Effect.fn("MCP.connectRemote")(function* (
-        key: string,
-        mcp: Config.Mcp & { type: "remote" },
-      ) {
-        const oauthDisabled = mcp.oauth === false
-        const oauthConfig = typeof mcp.oauth === "object" ? mcp.oauth : undefined
-        let authProvider: McpOAuthProvider | undefined
-
-        if (!oauthDisabled) {
-          authProvider = new McpOAuthProvider(
-            key,
-            mcp.url,
-            {
-              clientId: oauthConfig?.clientId,
-              clientSecret: oauthConfig?.clientSecret,
-              scope: oauthConfig?.scope,
-              redirectUri: oauthConfig?.redirectUri,
-            },
-            {
-              onRedirect: async (url) => {
-                log.info("oauth redirect requested", { key, url: url.toString() })
-              },
-            },
-            auth,
-          )
-        }
-
-        const transports: Array<{ name: string; transport: TransportWithAuth }> = [
-          {
-            name: "StreamableHTTP",
-            transport: new StreamableHTTPClientTransport(new URL(mcp.url), {
-              authProvider,
-              requestInit: mcp.headers ? { headers: mcp.headers } : undefined,
-            }),
-          },
-          {
-            name: "SSE",
-            transport: new SSEClientTransport(new URL(mcp.url), {
-              authProvider,
-              requestInit: mcp.headers ? { headers: mcp.headers } : undefined,
-            }),
-          },
-        ]
-
-        const connectTimeout = mcp.timeout ?? DEFAULT_TIMEOUT
-        let lastStatus: Status | undefined
-
-        for (const { name, transport } of transports) {
-          const result = yield* connectTransport(transport, connectTimeout).pipe(
-            Effect.map((client) => ({ client, transportName: name })),
-            Effect.catch((error) => {
-              const lastError = error instanceof Error ? error : new Error(String(error))
-              const isAuthError =
-                error instanceof UnauthorizedError || (authProvider && lastError.message.includes("OAuth"))
-
-              if (isAuthError) {
-                log.info("mcp server requires authentication", { key, transport: name })
-
-                if (lastError.message.includes("registration") || lastError.message.includes("client_id")) {
-                  lastStatus = {
-                    status: "needs_client_registration" as const,
-                    error: "Server does not support dynamic client registration. Please provide clientId in config.",
-                  }
-                  return bus
-                    .publish(TuiEvent.ToastShow, {
-                      title: "MCP Authentication Required",
-                      message: `Server "${key}" requires a pre-registered client ID. Add clientId to your config.`,
-                      variant: "warning",
-                      duration: 8000,
-                    })
-                    .pipe(Effect.ignore, Effect.as(undefined))
-                } else {
-                  pendingOAuthTransports.set(key, transport)
-                  lastStatus = { status: "needs_auth" as const }
-                  return bus
-                    .publish(TuiEvent.ToastShow, {
-                      title: "MCP Authentication Required",
-                      message: `Server "${key}" requires authentication. Run: opencode mcp auth ${key}`,
-                      variant: "warning",
-                      duration: 8000,
-                    })
-                    .pipe(Effect.ignore, Effect.as(undefined))
-                }
-              }
-
-              log.debug("transport connection failed", {
-                key,
-                transport: name,
-                url: mcp.url,
-                error: lastError.message,
-              })
-              lastStatus = { status: "failed" as const, error: lastError.message }
-              return Effect.succeed(undefined)
-            }),
-          )
-          if (result) {
-            log.info("connected", { key, transport: result.transportName })
-            return { client: result.client as MCPClient | undefined, status: { status: "connected" } as Status }
-          }
-          // If this was an auth error, stop trying other transports
-          if (lastStatus?.status === "needs_auth" || lastStatus?.status === "needs_client_registration") break
-        }
-
-        return {
-          client: undefined as MCPClient | undefined,
-          status: (lastStatus ?? { status: "failed", error: "Unknown error" }) as Status,
-        }
-      })
-
-      const connectLocal = Effect.fn("MCP.connectLocal")(function* (key: string, mcp: Config.Mcp & { type: "local" }) {
-        const [cmd, ...args] = mcp.command
-        const cwd = Instance.directory
-        const transport = new StdioClientTransport({
-          stderr: "pipe",
-          command: cmd,
-          args,
-          cwd,
-          env: {
-            ...process.env,
-            ...(cmd === "opencode" ? { BUN_BE_BUN: "1" } : {}),
-            ...mcp.environment,
-          },
-        })
-        transport.stderr?.on("data", (chunk: Buffer) => {
-          log.info(`mcp stderr: ${chunk.toString()}`, { key })
-        })
-
-        const connectTimeout = mcp.timeout ?? DEFAULT_TIMEOUT
-        return yield* connectTransport(transport, connectTimeout).pipe(
-          Effect.map((client): { client: MCPClient | undefined; status: Status } => ({
-            client,
-            status: { status: "connected" },
-          })),
-          Effect.catch((error): Effect.Effect<{ client: MCPClient | undefined; status: Status }> => {
-            const msg = error instanceof Error ? error.message : String(error)
-            log.error("local mcp startup failed", { key, command: mcp.command, cwd, error: msg })
-            return Effect.succeed({ client: undefined, status: { status: "failed", error: msg } })
-          }),
-        )
-      })
-
-      const create = Effect.fn("MCP.create")(function* (key: string, mcp: Config.Mcp) {
-        if (mcp.enabled === false) {
-          log.info("mcp server disabled", { key })
-          return DISABLED_RESULT
-        }
-
-        log.info("found", { key, type: mcp.type })
-
-        const { client: mcpClient, status } =
-          mcp.type === "remote"
-            ? yield* connectRemote(key, mcp as Config.Mcp & { type: "remote" })
-            : yield* connectLocal(key, mcp as Config.Mcp & { type: "local" })
-
-        if (!mcpClient) {
-          return { status } satisfies CreateResult
-        }
-
-        const listed = yield* defs(key, mcpClient, mcp.timeout)
-        if (!listed) {
-          yield* Effect.tryPromise(() => mcpClient.close()).pipe(Effect.ignore)
-          return { status: { status: "failed", error: "Failed to get tools" } } satisfies CreateResult
-        }
-
-        log.info("create() successfully created client", { key, toolCount: listed.length })
-        return { mcpClient, status, defs: listed } satisfies CreateResult
-      })
-      const cfgSvc = yield* Config.Service
-
-      const descendants = Effect.fnUntraced(
-        function* (pid: number) {
-          if (process.platform === "win32") return [] as number[]
-          const pids: number[] = []
-          const queue = [pid]
-          while (queue.length > 0) {
-            const current = queue.shift()!
-            const handle = yield* spawner.spawn(
-              ChildProcess.make("pgrep", ["-P", String(current)], { stdin: "ignore" }),
-            )
-            const text = yield* Stream.mkString(Stream.decodeText(handle.stdout))
-            yield* handle.exitCode
-            for (const tok of text.split("\n")) {
-              const cpid = parseInt(tok, 10)
-              if (!isNaN(cpid) && !pids.includes(cpid)) {
-                pids.push(cpid)
-                queue.push(cpid)
-              }
-            }
-          }
-          return pids
-        },
-        Effect.scoped,
-        Effect.catch(() => Effect.succeed([] as number[])),
-      )
-
-      function watch(s: State, name: string, client: MCPClient, bridge: EffectBridge.Shape, timeout?: number) {
-        client.setNotificationHandler(ToolListChangedNotificationSchema, async () => {
-          log.info("tools list changed notification received", { server: name })
-          if (s.clients[name] !== client || s.status[name]?.status !== "connected") return
-
-          const listed = await bridge.promise(defs(name, client, timeout))
-          if (!listed) return
-          if (s.clients[name] !== client || s.status[name]?.status !== "connected") return
-
-          s.defs[name] = listed
-          await bridge.promise(bus.publish(ToolsChanged, { server: name }).pipe(Effect.ignore))
-        })
-      }
-
-      const state = yield* InstanceState.make<State>(
-        Effect.fn("MCP.state")(function* () {
-          const cfg = yield* cfgSvc.get()
-          const bridge = yield* EffectBridge.make()
-          const config = cfg.mcp ?? {}
-          const s: State = {
-            status: {},
-            clients: {},
-            defs: {},
-          }
-
-          yield* Effect.forEach(
-            Object.entries(config),
-            ([key, mcp]) =>
-              Effect.gen(function* () {
-                if (!isMcpConfigured(mcp)) {
-                  log.error("Ignoring MCP config entry without type", { key })
-                  return
-                }
-
-                if (mcp.enabled === false) {
-                  s.status[key] = { status: "disabled" }
-                  return
-                }
-
-                const result = yield* create(key, mcp).pipe(Effect.catch(() => Effect.void))
-                if (!result) return
-
-                s.status[key] = result.status
-                if (result.mcpClient) {
-                  s.clients[key] = result.mcpClient
-                  s.defs[key] = result.defs!
-                  watch(s, key, result.mcpClient, bridge, mcp.timeout)
-                }
-              }),
-            { concurrency: "unbounded" },
-          )
-
-          yield* Effect.addFinalizer(() =>
-            Effect.gen(function* () {
-              yield* Effect.forEach(
-                Object.values(s.clients),
-                (client) =>
-                  Effect.gen(function* () {
-                    const pid = (client.transport as any)?.pid
-                    if (typeof pid === "number") {
-                      const pids = yield* descendants(pid)
-                      for (const dpid of pids) {
-                        try {
-                          process.kill(dpid, "SIGTERM")
-                        } catch {}
-                      }
-                    }
-                    yield* Effect.tryPromise(() => client.close()).pipe(Effect.ignore)
-                  }),
-                { concurrency: "unbounded" },
-              )
-              pendingOAuthTransports.clear()
-            }),
-          )
-
-          return s
-        }),
-      )
-
-      function closeClient(s: State, name: string) {
-        const client = s.clients[name]
-        delete s.defs[name]
-        if (!client) return Effect.void
-        return Effect.tryPromise(() => client.close()).pipe(Effect.ignore)
-      }
-
-      const storeClient = Effect.fnUntraced(function* (
-        s: State,
-        name: string,
-        client: MCPClient,
-        listed: MCPToolDef[],
-        timeout?: number,
-      ) {
-        const bridge = yield* EffectBridge.make()
-        yield* closeClient(s, name)
-        s.status[name] = { status: "connected" }
-        s.clients[name] = client
-        s.defs[name] = listed
-        watch(s, name, client, bridge, timeout)
-        return s.status[name]
-      })
-
-      const status = Effect.fn("MCP.status")(function* () {
-        const s = yield* InstanceState.get(state)
-
-        const cfg = yield* cfgSvc.get()
-        const config = cfg.mcp ?? {}
-        const result: Record<string, Status> = {}
-
-        for (const [key, mcp] of Object.entries(config)) {
-          if (!isMcpConfigured(mcp)) continue
-          result[key] = s.status[key] ?? { status: "disabled" }
-        }
-
-        return result
-      })
-
-      const clients = Effect.fn("MCP.clients")(function* () {
-        const s = yield* InstanceState.get(state)
-        return s.clients
-      })
-
-      const createAndStore = Effect.fn("MCP.createAndStore")(function* (name: string, mcp: Config.Mcp) {
-        const s = yield* InstanceState.get(state)
-        const result = yield* create(name, mcp)
-
-        s.status[name] = result.status
-        if (!result.mcpClient) {
-          yield* closeClient(s, name)
-          delete s.clients[name]
-          return result.status
-        }
-
-        return yield* storeClient(s, name, result.mcpClient, result.defs!, mcp.timeout)
-      })
-
-      const add = Effect.fn("MCP.add")(function* (name: string, mcp: Config.Mcp) {
-        yield* createAndStore(name, mcp)
-        const s = yield* InstanceState.get(state)
-        return { status: s.status }
-      })
-
-      const connect = Effect.fn("MCP.connect")(function* (name: string) {
-        const mcp = yield* getMcpConfig(name)
-        if (!mcp) {
-          log.error("MCP config not found or invalid", { name })
-          return
-        }
-        yield* createAndStore(name, { ...mcp, enabled: true })
-      })
-
-      const disconnect = Effect.fn("MCP.disconnect")(function* (name: string) {
-        const s = yield* InstanceState.get(state)
-        yield* closeClient(s, name)
-        delete s.clients[name]
-        s.status[name] = { status: "disabled" }
-      })
-
-      const tools = Effect.fn("MCP.tools")(function* () {
-        const result: Record<string, Tool> = {}
-        const s = yield* InstanceState.get(state)
-
-        const cfg = yield* cfgSvc.get()
-        const config = cfg.mcp ?? {}
-        const defaultTimeout = cfg.experimental?.mcp_timeout
-
-        const connectedClients = Object.entries(s.clients).filter(
-          ([clientName]) => s.status[clientName]?.status === "connected",
-        )
-
-        yield* Effect.forEach(
-          connectedClients,
-          ([clientName, client]) =>
-            Effect.gen(function* () {
-              const mcpConfig = config[clientName]
-              const entry = mcpConfig && isMcpConfigured(mcpConfig) ? mcpConfig : undefined
-
-              const listed = s.defs[clientName]
-              if (!listed) {
-                log.warn("missing cached tools for connected server", { clientName })
-                return
-              }
-
-              const timeout = entry?.timeout ?? defaultTimeout
-              for (const mcpTool of listed) {
-                result[sanitize(clientName) + "_" + sanitize(mcpTool.name)] = convertMcpTool(mcpTool, client, timeout)
-              }
-            }),
-          { concurrency: "unbounded" },
-        )
-        return result
-      })
-
-      function collectFromConnected<T extends { name: string }>(
-        s: State,
-        listFn: (c: Client) => Promise<T[]>,
-        label: string,
-      ) {
-        return Effect.forEach(
-          Object.entries(s.clients).filter(([name]) => s.status[name]?.status === "connected"),
-          ([clientName, client]) =>
-            fetchFromClient(clientName, client, listFn, label).pipe(Effect.map((items) => Object.entries(items ?? {}))),
-          { concurrency: "unbounded" },
-        ).pipe(Effect.map((results) => Object.fromEntries<T & { client: string }>(results.flat())))
-      }
-
-      const prompts = Effect.fn("MCP.prompts")(function* () {
-        const s = yield* InstanceState.get(state)
-        return yield* collectFromConnected(s, (c) => c.listPrompts().then((r) => r.prompts), "prompts")
-      })
-
-      const resources = Effect.fn("MCP.resources")(function* () {
-        const s = yield* InstanceState.get(state)
-        return yield* collectFromConnected(s, (c) => c.listResources().then((r) => r.resources), "resources")
-      })
-
-      const withClient = Effect.fnUntraced(function* <A>(
-        clientName: string,
-        fn: (client: MCPClient) => Promise<A>,
-        label: string,
-        meta?: Record<string, unknown>,
-      ) {
-        const s = yield* InstanceState.get(state)
-        const client = s.clients[clientName]
-        if (!client) {
-          log.warn(`client not found for ${label}`, { clientName })
-          return undefined
-        }
-        return yield* Effect.tryPromise({
-          try: () => fn(client),
-          catch: (e: any) => {
-            log.error(`failed to ${label}`, { clientName, ...meta, error: e?.message })
-            return e
-          },
-        }).pipe(Effect.orElseSucceed(() => undefined))
-      })
-
-      const getPrompt = Effect.fn("MCP.getPrompt")(function* (
-        clientName: string,
-        name: string,
-        args?: Record<string, string>,
-      ) {
-        return yield* withClient(clientName, (client) => client.getPrompt({ name, arguments: args }), "getPrompt", {
-          promptName: name,
-        })
-      })
-
-      const readResource = Effect.fn("MCP.readResource")(function* (clientName: string, resourceUri: string) {
-        return yield* withClient(clientName, (client) => client.readResource({ uri: resourceUri }), "readResource", {
-          resourceUri,
-        })
-      })
-
-      const getMcpConfig = Effect.fnUntraced(function* (mcpName: string) {
-        const cfg = yield* cfgSvc.get()
-        const mcpConfig = cfg.mcp?.[mcpName]
-        if (!mcpConfig || !isMcpConfigured(mcpConfig)) return undefined
-        return mcpConfig
-      })
-
-      const startAuth = Effect.fn("MCP.startAuth")(function* (mcpName: string) {
-        const mcpConfig = yield* getMcpConfig(mcpName)
-        if (!mcpConfig) throw new Error(`MCP server ${mcpName} not found or disabled`)
-        if (mcpConfig.type !== "remote") throw new Error(`MCP server ${mcpName} is not a remote server`)
-        if (mcpConfig.oauth === false) throw new Error(`MCP server ${mcpName} has OAuth explicitly disabled`)
-
-        // OAuth config is optional - if not provided, we'll use auto-discovery
-        const oauthConfig = typeof mcpConfig.oauth === "object" ? mcpConfig.oauth : undefined
-
-        // Start the callback server with custom redirectUri if configured
-        yield* Effect.promise(() => McpOAuthCallback.ensureRunning(oauthConfig?.redirectUri))
-
-        const oauthState = Array.from(crypto.getRandomValues(new Uint8Array(32)))
-          .map((b) => b.toString(16).padStart(2, "0"))
-          .join("")
-        yield* auth.updateOAuthState(mcpName, oauthState)
-        let capturedUrl: URL | undefined
-        const authProvider = new McpOAuthProvider(
-          mcpName,
-          mcpConfig.url,
-          {
-            clientId: oauthConfig?.clientId,
-            clientSecret: oauthConfig?.clientSecret,
-            scope: oauthConfig?.scope,
-            redirectUri: oauthConfig?.redirectUri,
-          },
-          {
-            onRedirect: async (url) => {
-              capturedUrl = url
-            },
-          },
-          auth,
-        )
-
-        const transport = new StreamableHTTPClientTransport(new URL(mcpConfig.url), { authProvider })
-
-        return yield* Effect.tryPromise({
-          try: () => {
-            const client = new Client({ name: "opencode", version: Installation.VERSION })
-            return client
-              .connect(transport)
-              .then(() => ({ authorizationUrl: "", oauthState, client }) satisfies AuthResult)
-          },
-          catch: (error) => error,
-        }).pipe(
-          Effect.catch((error) => {
-            if (error instanceof UnauthorizedError && capturedUrl) {
-              pendingOAuthTransports.set(mcpName, transport)
-              return Effect.succeed({ authorizationUrl: capturedUrl.toString(), oauthState } satisfies AuthResult)
-            }
-            return Effect.die(error)
-          }),
-        )
-      })
-
-      const authenticate = Effect.fn("MCP.authenticate")(function* (mcpName: string) {
-        const result = yield* startAuth(mcpName)
-        if (!result.authorizationUrl) {
-          const client = "client" in result ? result.client : undefined
-          const mcpConfig = yield* getMcpConfig(mcpName)
-          if (!mcpConfig) {
-            yield* Effect.tryPromise(() => client?.close() ?? Promise.resolve()).pipe(Effect.ignore)
-            return { status: "failed", error: "MCP config not found after auth" } as Status
-          }
-
-          const listed = client ? yield* defs(mcpName, client, mcpConfig.timeout) : undefined
-          if (!client || !listed) {
-            yield* Effect.tryPromise(() => client?.close() ?? Promise.resolve()).pipe(Effect.ignore)
-            return { status: "failed", error: "Failed to get tools" } as Status
-          }
-
-          const s = yield* InstanceState.get(state)
-          yield* auth.clearOAuthState(mcpName)
-          return yield* storeClient(s, mcpName, client, listed, mcpConfig.timeout)
-        }
-
-        log.info("opening browser for oauth", { mcpName, url: result.authorizationUrl, state: result.oauthState })
-
-        const callbackPromise = McpOAuthCallback.waitForCallback(result.oauthState, mcpName)
-
-        yield* Effect.tryPromise(() => open(result.authorizationUrl)).pipe(
-          Effect.flatMap((subprocess) =>
-            Effect.callback<void, Error>((resume) => {
-              const timer = setTimeout(() => resume(Effect.void), 500)
-              subprocess.on("error", (err) => {
-                clearTimeout(timer)
-                resume(Effect.fail(err))
-              })
-              subprocess.on("exit", (code) => {
-                if (code !== null && code !== 0) {
-                  clearTimeout(timer)
-                  resume(Effect.fail(new Error(`Browser open failed with exit code ${code}`)))
-                }
-              })
-            }),
-          ),
-          Effect.catch(() => {
-            log.warn("failed to open browser, user must open URL manually", { mcpName })
-            return bus.publish(BrowserOpenFailed, { mcpName, url: result.authorizationUrl }).pipe(Effect.ignore)
-          }),
-        )
-
-        const code = yield* Effect.promise(() => callbackPromise)
-
-        const storedState = yield* auth.getOAuthState(mcpName)
-        if (storedState !== result.oauthState) {
-          yield* auth.clearOAuthState(mcpName)
-          throw new Error("OAuth state mismatch - potential CSRF attack")
-        }
-        yield* auth.clearOAuthState(mcpName)
-        return yield* finishAuth(mcpName, code)
-      })
-
-      const finishAuth = Effect.fn("MCP.finishAuth")(function* (mcpName: string, authorizationCode: string) {
-        const transport = pendingOAuthTransports.get(mcpName)
-        if (!transport) throw new Error(`No pending OAuth flow for MCP server: ${mcpName}`)
-
-        const result = yield* Effect.tryPromise({
-          try: () => transport.finishAuth(authorizationCode).then(() => true as const),
-          catch: (error) => {
-            log.error("failed to finish oauth", { mcpName, error })
-            return error
-          },
-        }).pipe(Effect.option)
-
-        if (Option.isNone(result)) {
-          return { status: "failed", error: "OAuth completion failed" } as Status
-        }
-
-        yield* auth.clearCodeVerifier(mcpName)
-        pendingOAuthTransports.delete(mcpName)
-
-        const mcpConfig = yield* getMcpConfig(mcpName)
-        if (!mcpConfig) return { status: "failed", error: "MCP config not found after auth" } as Status
-
-        return yield* createAndStore(mcpName, mcpConfig)
-      })
-
-      const removeAuth = Effect.fn("MCP.removeAuth")(function* (mcpName: string) {
-        yield* auth.remove(mcpName)
-        McpOAuthCallback.cancelPending(mcpName)
-        pendingOAuthTransports.delete(mcpName)
-        log.info("removed oauth credentials", { mcpName })
-      })
-
-      const supportsOAuth = Effect.fn("MCP.supportsOAuth")(function* (mcpName: string) {
-        const mcpConfig = yield* getMcpConfig(mcpName)
-        if (!mcpConfig) return false
-        return mcpConfig.type === "remote" && mcpConfig.oauth !== false
-      })
-
-      const hasStoredTokens = Effect.fn("MCP.hasStoredTokens")(function* (mcpName: string) {
-        const entry = yield* auth.get(mcpName)
-        return !!entry?.tokens
-      })
-
-      const getAuthStatus = Effect.fn("MCP.getAuthStatus")(function* (mcpName: string) {
-        const entry = yield* auth.get(mcpName)
-        if (!entry?.tokens) return "not_authenticated" as AuthStatus
-        const expired = yield* auth.isTokenExpired(mcpName)
-        return (expired ? "expired" : "authenticated") as AuthStatus
-      })
-
-      return Service.of({
-        status,
-        clients,
-        tools,
-        prompts,
-        resources,
-        add,
-        connect,
-        disconnect,
-        getPrompt,
-        readResource,
-        startAuth,
-        authenticate,
-        finishAuth,
-        removeAuth,
-        supportsOAuth,
-        hasStoredTokens,
-        getAuthStatus,
-      })
-    }),
-  )
-
-  export type AuthStatus = "authenticated" | "expired" | "not_authenticated"
-
-  // --- Per-service runtime ---
-
-  export const defaultLayer = layer.pipe(
-    Layer.provide(McpAuth.layer),
-    Layer.provide(Bus.layer),
-    Layer.provide(Config.defaultLayer),
-    Layer.provide(CrossSpawnSpawner.defaultLayer),
-    Layer.provide(AppFileSystem.defaultLayer),
-  )
-}
+export * as MCP from "./mcp"
--- a/packages/opencode/src/mcp/mcp.ts
+++ b/packages/opencode/src/mcp/mcp.ts
@@ -0,0 +1,923 @@
+import { dynamicTool, type Tool, jsonSchema, type JSONSchema7 } from "ai"
+import { Client } from "@modelcontextprotocol/sdk/client/index.js"
+import { StreamableHTTPClientTransport } from "@modelcontextprotocol/sdk/client/streamableHttp.js"
+import { SSEClientTransport } from "@modelcontextprotocol/sdk/client/sse.js"
+import { StdioClientTransport } from "@modelcontextprotocol/sdk/client/stdio.js"
+import { UnauthorizedError } from "@modelcontextprotocol/sdk/client/auth.js"
+import {
+  CallToolResultSchema,
+  type Tool as MCPToolDef,
+  ToolListChangedNotificationSchema,
+} from "@modelcontextprotocol/sdk/types.js"
+import { Config } from "../config"
+import { Log } from "../util/log"
+import { NamedError } from "@opencode-ai/shared/util/error"
+import z from "zod/v4"
+import { Instance } from "../project/instance"
+import { Installation } from "../installation"
+import { withTimeout } from "@/util/timeout"
+import { AppFileSystem } from "@opencode-ai/shared/filesystem"
+import { McpOAuthProvider } from "./oauth-provider"
+import { McpOAuthCallback } from "./oauth-callback"
+import { McpAuth } from "./auth"
+import { BusEvent } from "../bus/bus-event"
+import { Bus } from "@/bus"
+import { TuiEvent } from "@/cli/cmd/tui/event"
+import open from "open"
+import { Effect, Exit, Layer, Option, Context, Stream } from "effect"
+import { EffectBridge } from "@/effect"
+import { InstanceState } from "@/effect"
+import { ChildProcess, ChildProcessSpawner } from "effect/unstable/process"
+import * as CrossSpawnSpawner from "@/effect/cross-spawn-spawner"
+
+const log = Log.create({ service: "mcp" })
+const DEFAULT_TIMEOUT = 30_000
+
+export const Resource = z
+  .object({
+    name: z.string(),
+    uri: z.string(),
+    description: z.string().optional(),
+    mimeType: z.string().optional(),
+    client: z.string(),
+  })
+  .meta({ ref: "McpResource" })
+export type Resource = z.infer<typeof Resource>
+
+export const ToolsChanged = BusEvent.define(
+  "mcp.tools.changed",
+  z.object({
+    server: z.string(),
+  }),
+)
+
+export const BrowserOpenFailed = BusEvent.define(
+  "mcp.browser.open.failed",
+  z.object({
+    mcpName: z.string(),
+    url: z.string(),
+  }),
+)
+
+export const Failed = NamedError.create(
+  "MCPFailed",
+  z.object({
+    name: z.string(),
+  }),
+)
+
+type MCPClient = Client
+
+export const Status = z
+  .discriminatedUnion("status", [
+    z
+      .object({
+        status: z.literal("connected"),
+      })
+      .meta({
+        ref: "MCPStatusConnected",
+      }),
+    z
+      .object({
+        status: z.literal("disabled"),
+      })
+      .meta({
+        ref: "MCPStatusDisabled",
+      }),
+    z
+      .object({
+        status: z.literal("failed"),
+        error: z.string(),
+      })
+      .meta({
+        ref: "MCPStatusFailed",
+      }),
+    z
+      .object({
+        status: z.literal("needs_auth"),
+      })
+      .meta({
+        ref: "MCPStatusNeedsAuth",
+      }),
+    z
+      .object({
+        status: z.literal("needs_client_registration"),
+        error: z.string(),
+      })
+      .meta({
+        ref: "MCPStatusNeedsClientRegistration",
+      }),
+  ])
+  .meta({
+    ref: "MCPStatus",
+  })
+export type Status = z.infer<typeof Status>
+
+// Store transports for OAuth servers to allow finishing auth
+type TransportWithAuth = StreamableHTTPClientTransport | SSEClientTransport
+const pendingOAuthTransports = new Map<string, TransportWithAuth>()
+
+// Prompt cache types
+type PromptInfo = Awaited<ReturnType<MCPClient["listPrompts"]>>["prompts"][number]
+type ResourceInfo = Awaited<ReturnType<MCPClient["listResources"]>>["resources"][number]
+type McpEntry = NonNullable<Config.Info["mcp"]>[string]
+
+function isMcpConfigured(entry: McpEntry): entry is Config.Mcp {
+  return typeof entry === "object" && entry !== null && "type" in entry
+}
+
+const sanitize = (s: string) => s.replace(/[^a-zA-Z0-9_-]/g, "_")
+
+// Convert MCP tool definition to AI SDK Tool type
+function convertMcpTool(mcpTool: MCPToolDef, client: MCPClient, timeout?: number): Tool {
+  const inputSchema = mcpTool.inputSchema
+
+  // Spread first, then override type to ensure it's always "object"
+  const schema: JSONSchema7 = {
+    ...(inputSchema as JSONSchema7),
+    type: "object",
+    properties: (inputSchema.properties ?? {}) as JSONSchema7["properties"],
+    additionalProperties: false,
+  }
+
+  return dynamicTool({
+    description: mcpTool.description ?? "",
+    inputSchema: jsonSchema(schema),
+    execute: async (args: unknown) => {
+      return client.callTool(
+        {
+          name: mcpTool.name,
+          arguments: (args || {}) as Record<string, unknown>,
+        },
+        CallToolResultSchema,
+        {
+          resetTimeoutOnProgress: true,
+          timeout,
+        },
+      )
+    },
+  })
+}
+
+function defs(key: string, client: MCPClient, timeout?: number) {
+  return Effect.tryPromise({
+    try: () => withTimeout(client.listTools(), timeout ?? DEFAULT_TIMEOUT),
+    catch: (err) => (err instanceof Error ? err : new Error(String(err))),
+  }).pipe(
+    Effect.map((result) => result.tools),
+    Effect.catch((err) => {
+      log.error("failed to get tools from client", { key, error: err })
+      return Effect.succeed(undefined)
+    }),
+  )
+}
+
+function fetchFromClient<T extends { name: string }>(
+  clientName: string,
+  client: Client,
+  listFn: (c: Client) => Promise<T[]>,
+  label: string,
+) {
+  return Effect.tryPromise({
+    try: () => listFn(client),
+    catch: (e: any) => {
+      log.error(`failed to get ${label}`, { clientName, error: e.message })
+      return e
+    },
+  }).pipe(
+    Effect.map((items) => {
+      const out: Record<string, T & { client: string }> = {}
+      const sanitizedClient = sanitize(clientName)
+      for (const item of items) {
+        out[sanitizedClient + ":" + sanitize(item.name)] = { ...item, client: clientName }
+      }
+      return out
+    }),
+    Effect.orElseSucceed(() => undefined),
+  )
+}
+
+interface CreateResult {
+  mcpClient?: MCPClient
+  status: Status
+  defs?: MCPToolDef[]
+}
+
+interface AuthResult {
+  authorizationUrl: string
+  oauthState: string
+  client?: MCPClient
+}
+
+// --- Effect Service ---
+
+interface State {
+  status: Record<string, Status>
+  clients: Record<string, MCPClient>
+  defs: Record<string, MCPToolDef[]>
+}
+
+export interface Interface {
+  readonly status: () => Effect.Effect<Record<string, Status>>
+  readonly clients: () => Effect.Effect<Record<string, MCPClient>>
+  readonly tools: () => Effect.Effect<Record<string, Tool>>
+  readonly prompts: () => Effect.Effect<Record<string, PromptInfo & { client: string }>>
+  readonly resources: () => Effect.Effect<Record<string, ResourceInfo & { client: string }>>
+  readonly add: (name: string, mcp: Config.Mcp) => Effect.Effect<{ status: Record<string, Status> | Status }>
+  readonly connect: (name: string) => Effect.Effect<void>
+  readonly disconnect: (name: string) => Effect.Effect<void>
+  readonly getPrompt: (
+    clientName: string,
+    name: string,
+    args?: Record<string, string>,
+  ) => Effect.Effect<Awaited<ReturnType<MCPClient["getPrompt"]>> | undefined>
+  readonly readResource: (
+    clientName: string,
+    resourceUri: string,
+  ) => Effect.Effect<Awaited<ReturnType<MCPClient["readResource"]>> | undefined>
+  readonly startAuth: (mcpName: string) => Effect.Effect<{ authorizationUrl: string; oauthState: string }>
+  readonly authenticate: (mcpName: string) => Effect.Effect<Status>
+  readonly finishAuth: (mcpName: string, authorizationCode: string) => Effect.Effect<Status>
+  readonly removeAuth: (mcpName: string) => Effect.Effect<void>
+  readonly supportsOAuth: (mcpName: string) => Effect.Effect<boolean>
+  readonly hasStoredTokens: (mcpName: string) => Effect.Effect<boolean>
+  readonly getAuthStatus: (mcpName: string) => Effect.Effect<AuthStatus>
+}
+
+export class Service extends Context.Service<Service, Interface>()("@opencode/MCP") {}
+
+export const layer = Layer.effect(
+  Service,
+  Effect.gen(function* () {
+    const spawner = yield* ChildProcessSpawner.ChildProcessSpawner
+    const auth = yield* McpAuth.Service
+    const bus = yield* Bus.Service
+
+    type Transport = StdioClientTransport | StreamableHTTPClientTransport | SSEClientTransport
+
+    /**
+     * Connect a client via the given transport with resource safety:
+     * on failure the transport is closed; on success the caller owns it.
+     */
+    const connectTransport = (transport: Transport, timeout: number) =>
+      Effect.acquireUseRelease(
+        Effect.succeed(transport),
+        (t) =>
+          Effect.tryPromise({
+            try: () => {
+              const client = new Client({ name: "opencode", version: Installation.VERSION })
+              return withTimeout(client.connect(t), timeout).then(() => client)
+            },
+            catch: (e) => (e instanceof Error ? e : new Error(String(e))),
+          }),
+        (t, exit) => (Exit.isFailure(exit) ? Effect.tryPromise(() => t.close()).pipe(Effect.ignore) : Effect.void),
+      )
+
+    const DISABLED_RESULT: CreateResult = { status: { status: "disabled" } }
+
+    const connectRemote = Effect.fn("MCP.connectRemote")(function* (key: string, mcp: Config.Mcp & { type: "remote" }) {
+      const oauthDisabled = mcp.oauth === false
+      const oauthConfig = typeof mcp.oauth === "object" ? mcp.oauth : undefined
+      let authProvider: McpOAuthProvider | undefined
+
+      if (!oauthDisabled) {
+        authProvider = new McpOAuthProvider(
+          key,
+          mcp.url,
+          {
+            clientId: oauthConfig?.clientId,
+            clientSecret: oauthConfig?.clientSecret,
+            scope: oauthConfig?.scope,
+            redirectUri: oauthConfig?.redirectUri,
+          },
+          {
+            onRedirect: async (url) => {
+              log.info("oauth redirect requested", { key, url: url.toString() })
+            },
+          },
+          auth,
+        )
+      }
+
+      const transports: Array<{ name: string; transport: TransportWithAuth }> = [
+        {
+          name: "StreamableHTTP",
+          transport: new StreamableHTTPClientTransport(new URL(mcp.url), {
+            authProvider,
+            requestInit: mcp.headers ? { headers: mcp.headers } : undefined,
+          }),
+        },
+        {
+          name: "SSE",
+          transport: new SSEClientTransport(new URL(mcp.url), {
+            authProvider,
+            requestInit: mcp.headers ? { headers: mcp.headers } : undefined,
+          }),
+        },
+      ]
+
+      const connectTimeout = mcp.timeout ?? DEFAULT_TIMEOUT
+      let lastStatus: Status | undefined
+
+      for (const { name, transport } of transports) {
+        const result = yield* connectTransport(transport, connectTimeout).pipe(
+          Effect.map((client) => ({ client, transportName: name })),
+          Effect.catch((error) => {
+            const lastError = error instanceof Error ? error : new Error(String(error))
+            const isAuthError =
+              error instanceof UnauthorizedError || (authProvider && lastError.message.includes("OAuth"))
+
+            if (isAuthError) {
+              log.info("mcp server requires authentication", { key, transport: name })
+
+              if (lastError.message.includes("registration") || lastError.message.includes("client_id")) {
+                lastStatus = {
+                  status: "needs_client_registration" as const,
+                  error: "Server does not support dynamic client registration. Please provide clientId in config.",
+                }
+                return bus
+                  .publish(TuiEvent.ToastShow, {
+                    title: "MCP Authentication Required",
+                    message: `Server "${key}" requires a pre-registered client ID. Add clientId to your config.`,
+                    variant: "warning",
+                    duration: 8000,
+                  })
+                  .pipe(Effect.ignore, Effect.as(undefined))
+              } else {
+                pendingOAuthTransports.set(key, transport)
+                lastStatus = { status: "needs_auth" as const }
+                return bus
+                  .publish(TuiEvent.ToastShow, {
+                    title: "MCP Authentication Required",
+                    message: `Server "${key}" requires authentication. Run: opencode mcp auth ${key}`,
+                    variant: "warning",
+                    duration: 8000,
+                  })
+                  .pipe(Effect.ignore, Effect.as(undefined))
+              }
+            }
+
+            log.debug("transport connection failed", {
+              key,
+              transport: name,
+              url: mcp.url,
+              error: lastError.message,
+            })
+            lastStatus = { status: "failed" as const, error: lastError.message }
+            return Effect.succeed(undefined)
+          }),
+        )
+        if (result) {
+          log.info("connected", { key, transport: result.transportName })
+          return { client: result.client as MCPClient | undefined, status: { status: "connected" } as Status }
+        }
+        // If this was an auth error, stop trying other transports
+        if (lastStatus?.status === "needs_auth" || lastStatus?.status === "needs_client_registration") break
+      }
+
+      return {
+        client: undefined as MCPClient | undefined,
+        status: (lastStatus ?? { status: "failed", error: "Unknown error" }) as Status,
+      }
+    })
+
+    const connectLocal = Effect.fn("MCP.connectLocal")(function* (key: string, mcp: Config.Mcp & { type: "local" }) {
+      const [cmd, ...args] = mcp.command
+      const cwd = Instance.directory
+      const transport = new StdioClientTransport({
+        stderr: "pipe",
+        command: cmd,
+        args,
+        cwd,
+        env: {
+          ...process.env,
+          ...(cmd === "opencode" ? { BUN_BE_BUN: "1" } : {}),
+          ...mcp.environment,
+        },
+      })
+      transport.stderr?.on("data", (chunk: Buffer) => {
+        log.info(`mcp stderr: ${chunk.toString()}`, { key })
+      })
+
+      const connectTimeout = mcp.timeout ?? DEFAULT_TIMEOUT
+      return yield* connectTransport(transport, connectTimeout).pipe(
+        Effect.map((client): { client: MCPClient | undefined; status: Status } => ({
+          client,
+          status: { status: "connected" },
+        })),
+        Effect.catch((error): Effect.Effect<{ client: MCPClient | undefined; status: Status }> => {
+          const msg = error instanceof Error ? error.message : String(error)
+          log.error("local mcp startup failed", { key, command: mcp.command, cwd, error: msg })
+          return Effect.succeed({ client: undefined, status: { status: "failed", error: msg } })
+        }),
+      )
+    })
+
+    const create = Effect.fn("MCP.create")(function* (key: string, mcp: Config.Mcp) {
+      if (mcp.enabled === false) {
+        log.info("mcp server disabled", { key })
+        return DISABLED_RESULT
+      }
+
+      log.info("found", { key, type: mcp.type })
+
+      const { client: mcpClient, status } =
+        mcp.type === "remote"
+          ? yield* connectRemote(key, mcp as Config.Mcp & { type: "remote" })
+          : yield* connectLocal(key, mcp as Config.Mcp & { type: "local" })
+
+      if (!mcpClient) {
+        return { status } satisfies CreateResult
+      }
+
+      const listed = yield* defs(key, mcpClient, mcp.timeout)
+      if (!listed) {
+        yield* Effect.tryPromise(() => mcpClient.close()).pipe(Effect.ignore)
+        return { status: { status: "failed", error: "Failed to get tools" } } satisfies CreateResult
+      }
+
+      log.info("create() successfully created client", { key, toolCount: listed.length })
+      return { mcpClient, status, defs: listed } satisfies CreateResult
+    })
+    const cfgSvc = yield* Config.Service
+
+    const descendants = Effect.fnUntraced(
+      function* (pid: number) {
+        if (process.platform === "win32") return [] as number[]
+        const pids: number[] = []
+        const queue = [pid]
+        while (queue.length > 0) {
+          const current = queue.shift()!
+          const handle = yield* spawner.spawn(ChildProcess.make("pgrep", ["-P", String(current)], { stdin: "ignore" }))
+          const text = yield* Stream.mkString(Stream.decodeText(handle.stdout))
+          yield* handle.exitCode
+          for (const tok of text.split("\n")) {
+            const cpid = parseInt(tok, 10)
+            if (!isNaN(cpid) && !pids.includes(cpid)) {
+              pids.push(cpid)
+              queue.push(cpid)
+            }
+          }
+        }
+        return pids
+      },
+      Effect.scoped,
+      Effect.catch(() => Effect.succeed([] as number[])),
+    )
+
+    function watch(s: State, name: string, client: MCPClient, bridge: EffectBridge.Shape, timeout?: number) {
+      client.setNotificationHandler(ToolListChangedNotificationSchema, async () => {
+        log.info("tools list changed notification received", { server: name })
+        if (s.clients[name] !== client || s.status[name]?.status !== "connected") return
+
+        const listed = await bridge.promise(defs(name, client, timeout))
+        if (!listed) return
+        if (s.clients[name] !== client || s.status[name]?.status !== "connected") return
+
+        s.defs[name] = listed
+        await bridge.promise(bus.publish(ToolsChanged, { server: name }).pipe(Effect.ignore))
+      })
+    }
+
+    const state = yield* InstanceState.make<State>(
+      Effect.fn("MCP.state")(function* () {
+        const cfg = yield* cfgSvc.get()
+        const bridge = yield* EffectBridge.make()
+        const config = cfg.mcp ?? {}
+        const s: State = {
+          status: {},
+          clients: {},
+          defs: {},
+        }
+
+        yield* Effect.forEach(
+          Object.entries(config),
+          ([key, mcp]) =>
+            Effect.gen(function* () {
+              if (!isMcpConfigured(mcp)) {
+                log.error("Ignoring MCP config entry without type", { key })
+                return
+              }
+
+              if (mcp.enabled === false) {
+                s.status[key] = { status: "disabled" }
+                return
+              }
+
+              const result = yield* create(key, mcp).pipe(Effect.catch(() => Effect.void))
+              if (!result) return
+
+              s.status[key] = result.status
+              if (result.mcpClient) {
+                s.clients[key] = result.mcpClient
+                s.defs[key] = result.defs!
+                watch(s, key, result.mcpClient, bridge, mcp.timeout)
+              }
+            }),
+          { concurrency: "unbounded" },
+        )
+
+        yield* Effect.addFinalizer(() =>
+          Effect.gen(function* () {
+            yield* Effect.forEach(
+              Object.values(s.clients),
+              (client) =>
+                Effect.gen(function* () {
+                  const pid = (client.transport as any)?.pid
+                  if (typeof pid === "number") {
+                    const pids = yield* descendants(pid)
+                    for (const dpid of pids) {
+                      try {
+                        process.kill(dpid, "SIGTERM")
+                      } catch {}
+                    }
+                  }
+                  yield* Effect.tryPromise(() => client.close()).pipe(Effect.ignore)
+                }),
+              { concurrency: "unbounded" },
+            )
+            pendingOAuthTransports.clear()
+          }),
+        )
+
+        return s
+      }),
+    )
+
+    function closeClient(s: State, name: string) {
+      const client = s.clients[name]
+      delete s.defs[name]
+      if (!client) return Effect.void
+      return Effect.tryPromise(() => client.close()).pipe(Effect.ignore)
+    }
+
+    const storeClient = Effect.fnUntraced(function* (
+      s: State,
+      name: string,
+      client: MCPClient,
+      listed: MCPToolDef[],
+      timeout?: number,
+    ) {
+      const bridge = yield* EffectBridge.make()
+      yield* closeClient(s, name)
+      s.status[name] = { status: "connected" }
+      s.clients[name] = client
+      s.defs[name] = listed
+      watch(s, name, client, bridge, timeout)
+      return s.status[name]
+    })
+
+    const status = Effect.fn("MCP.status")(function* () {
+      const s = yield* InstanceState.get(state)
+
+      const cfg = yield* cfgSvc.get()
+      const config = cfg.mcp ?? {}
+      const result: Record<string, Status> = {}
+
+      for (const [key, mcp] of Object.entries(config)) {
+        if (!isMcpConfigured(mcp)) continue
+        result[key] = s.status[key] ?? { status: "disabled" }
+      }
+
+      return result
+    })
+
+    const clients = Effect.fn("MCP.clients")(function* () {
+      const s = yield* InstanceState.get(state)
+      return s.clients
+    })
+
+    const createAndStore = Effect.fn("MCP.createAndStore")(function* (name: string, mcp: Config.Mcp) {
+      const s = yield* InstanceState.get(state)
+      const result = yield* create(name, mcp)
+
+      s.status[name] = result.status
+      if (!result.mcpClient) {
+        yield* closeClient(s, name)
+        delete s.clients[name]
+        return result.status
+      }
+
+      return yield* storeClient(s, name, result.mcpClient, result.defs!, mcp.timeout)
+    })
+
+    const add = Effect.fn("MCP.add")(function* (name: string, mcp: Config.Mcp) {
+      yield* createAndStore(name, mcp)
+      const s = yield* InstanceState.get(state)
+      return { status: s.status }
+    })
+
+    const connect = Effect.fn("MCP.connect")(function* (name: string) {
+      const mcp = yield* getMcpConfig(name)
+      if (!mcp) {
+        log.error("MCP config not found or invalid", { name })
+        return
+      }
+      yield* createAndStore(name, { ...mcp, enabled: true })
+    })
+
+    const disconnect = Effect.fn("MCP.disconnect")(function* (name: string) {
+      const s = yield* InstanceState.get(state)
+      yield* closeClient(s, name)
+      delete s.clients[name]
+      s.status[name] = { status: "disabled" }
+    })
+
+    const tools = Effect.fn("MCP.tools")(function* () {
+      const result: Record<string, Tool> = {}
+      const s = yield* InstanceState.get(state)
+
+      const cfg = yield* cfgSvc.get()
+      const config = cfg.mcp ?? {}
+      const defaultTimeout = cfg.experimental?.mcp_timeout
+
+      const connectedClients = Object.entries(s.clients).filter(
+        ([clientName]) => s.status[clientName]?.status === "connected",
+      )
+
+      yield* Effect.forEach(
+        connectedClients,
+        ([clientName, client]) =>
+          Effect.gen(function* () {
+            const mcpConfig = config[clientName]
+            const entry = mcpConfig && isMcpConfigured(mcpConfig) ? mcpConfig : undefined
+
+            const listed = s.defs[clientName]
+            if (!listed) {
+              log.warn("missing cached tools for connected server", { clientName })
+              return
+            }
+
+            const timeout = entry?.timeout ?? defaultTimeout
+            for (const mcpTool of listed) {
+              result[sanitize(clientName) + "_" + sanitize(mcpTool.name)] = convertMcpTool(mcpTool, client, timeout)
+            }
+          }),
+        { concurrency: "unbounded" },
+      )
+      return result
+    })
+
+    function collectFromConnected<T extends { name: string }>(
+      s: State,
+      listFn: (c: Client) => Promise<T[]>,
+      label: string,
+    ) {
+      return Effect.forEach(
+        Object.entries(s.clients).filter(([name]) => s.status[name]?.status === "connected"),
+        ([clientName, client]) =>
+          fetchFromClient(clientName, client, listFn, label).pipe(Effect.map((items) => Object.entries(items ?? {}))),
+        { concurrency: "unbounded" },
+      ).pipe(Effect.map((results) => Object.fromEntries<T & { client: string }>(results.flat())))
+    }
+
+    const prompts = Effect.fn("MCP.prompts")(function* () {
+      const s = yield* InstanceState.get(state)
+      return yield* collectFromConnected(s, (c) => c.listPrompts().then((r) => r.prompts), "prompts")
+    })
+
+    const resources = Effect.fn("MCP.resources")(function* () {
+      const s = yield* InstanceState.get(state)
+      return yield* collectFromConnected(s, (c) => c.listResources().then((r) => r.resources), "resources")
+    })
+
+    const withClient = Effect.fnUntraced(function* <A>(
+      clientName: string,
+      fn: (client: MCPClient) => Promise<A>,
+      label: string,
+      meta?: Record<string, unknown>,
+    ) {
+      const s = yield* InstanceState.get(state)
+      const client = s.clients[clientName]
+      if (!client) {
+        log.warn(`client not found for ${label}`, { clientName })
+        return undefined
+      }
+      return yield* Effect.tryPromise({
+        try: () => fn(client),
+        catch: (e: any) => {
+          log.error(`failed to ${label}`, { clientName, ...meta, error: e?.message })
+          return e
+        },
+      }).pipe(Effect.orElseSucceed(() => undefined))
+    })
+
+    const getPrompt = Effect.fn("MCP.getPrompt")(function* (
+      clientName: string,
+      name: string,
+      args?: Record<string, string>,
+    ) {
+      return yield* withClient(clientName, (client) => client.getPrompt({ name, arguments: args }), "getPrompt", {
+        promptName: name,
+      })
+    })
+
+    const readResource = Effect.fn("MCP.readResource")(function* (clientName: string, resourceUri: string) {
+      return yield* withClient(clientName, (client) => client.readResource({ uri: resourceUri }), "readResource", {
+        resourceUri,
+      })
+    })
+
+    const getMcpConfig = Effect.fnUntraced(function* (mcpName: string) {
+      const cfg = yield* cfgSvc.get()
+      const mcpConfig = cfg.mcp?.[mcpName]
+      if (!mcpConfig || !isMcpConfigured(mcpConfig)) return undefined
+      return mcpConfig
+    })
+
+    const startAuth = Effect.fn("MCP.startAuth")(function* (mcpName: string) {
+      const mcpConfig = yield* getMcpConfig(mcpName)
+      if (!mcpConfig) throw new Error(`MCP server ${mcpName} not found or disabled`)
+      if (mcpConfig.type !== "remote") throw new Error(`MCP server ${mcpName} is not a remote server`)
+      if (mcpConfig.oauth === false) throw new Error(`MCP server ${mcpName} has OAuth explicitly disabled`)
+
+      // OAuth config is optional - if not provided, we'll use auto-discovery
+      const oauthConfig = typeof mcpConfig.oauth === "object" ? mcpConfig.oauth : undefined
+
+      // Start the callback server with custom redirectUri if configured
+      yield* Effect.promise(() => McpOAuthCallback.ensureRunning(oauthConfig?.redirectUri))
+
+      const oauthState = Array.from(crypto.getRandomValues(new Uint8Array(32)))
+        .map((b) => b.toString(16).padStart(2, "0"))
+        .join("")
+      yield* auth.updateOAuthState(mcpName, oauthState)
+      let capturedUrl: URL | undefined
+      const authProvider = new McpOAuthProvider(
+        mcpName,
+        mcpConfig.url,
+        {
+          clientId: oauthConfig?.clientId,
+          clientSecret: oauthConfig?.clientSecret,
+          scope: oauthConfig?.scope,
+          redirectUri: oauthConfig?.redirectUri,
+        },
+        {
+          onRedirect: async (url) => {
+            capturedUrl = url
+          },
+        },
+        auth,
+      )
+
+      const transport = new StreamableHTTPClientTransport(new URL(mcpConfig.url), { authProvider })
+
+      return yield* Effect.tryPromise({
+        try: () => {
+          const client = new Client({ name: "opencode", version: Installation.VERSION })
+          return client
+            .connect(transport)
+            .then(() => ({ authorizationUrl: "", oauthState, client }) satisfies AuthResult)
+        },
+        catch: (error) => error,
+      }).pipe(
+        Effect.catch((error) => {
+          if (error instanceof UnauthorizedError && capturedUrl) {
+            pendingOAuthTransports.set(mcpName, transport)
+            return Effect.succeed({ authorizationUrl: capturedUrl.toString(), oauthState } satisfies AuthResult)
+          }
+          return Effect.die(error)
+        }),
+      )
+    })
+
+    const authenticate = Effect.fn("MCP.authenticate")(function* (mcpName: string) {
+      const result = yield* startAuth(mcpName)
+      if (!result.authorizationUrl) {
+        const client = "client" in result ? result.client : undefined
+        const mcpConfig = yield* getMcpConfig(mcpName)
+        if (!mcpConfig) {
+          yield* Effect.tryPromise(() => client?.close() ?? Promise.resolve()).pipe(Effect.ignore)
+          return { status: "failed", error: "MCP config not found after auth" } as Status
+        }
+
+        const listed = client ? yield* defs(mcpName, client, mcpConfig.timeout) : undefined
+        if (!client || !listed) {
+          yield* Effect.tryPromise(() => client?.close() ?? Promise.resolve()).pipe(Effect.ignore)
+          return { status: "failed", error: "Failed to get tools" } as Status
+        }
+
+        const s = yield* InstanceState.get(state)
+        yield* auth.clearOAuthState(mcpName)
+        return yield* storeClient(s, mcpName, client, listed, mcpConfig.timeout)
+      }
+
+      log.info("opening browser for oauth", { mcpName, url: result.authorizationUrl, state: result.oauthState })
+
+      const callbackPromise = McpOAuthCallback.waitForCallback(result.oauthState, mcpName)
+
+      yield* Effect.tryPromise(() => open(result.authorizationUrl)).pipe(
+        Effect.flatMap((subprocess) =>
+          Effect.callback<void, Error>((resume) => {
+            const timer = setTimeout(() => resume(Effect.void), 500)
+            subprocess.on("error", (err) => {
+              clearTimeout(timer)
+              resume(Effect.fail(err))
+            })
+            subprocess.on("exit", (code) => {
+              if (code !== null && code !== 0) {
+                clearTimeout(timer)
+                resume(Effect.fail(new Error(`Browser open failed with exit code ${code}`)))
+              }
+            })
+          }),
+        ),
+        Effect.catch(() => {
+          log.warn("failed to open browser, user must open URL manually", { mcpName })
+          return bus.publish(BrowserOpenFailed, { mcpName, url: result.authorizationUrl }).pipe(Effect.ignore)
+        }),
+      )
+
+      const code = yield* Effect.promise(() => callbackPromise)
+
+      const storedState = yield* auth.getOAuthState(mcpName)
+      if (storedState !== result.oauthState) {
+        yield* auth.clearOAuthState(mcpName)
+        throw new Error("OAuth state mismatch - potential CSRF attack")
+      }
+      yield* auth.clearOAuthState(mcpName)
+      return yield* finishAuth(mcpName, code)
+    })
+
+    const finishAuth = Effect.fn("MCP.finishAuth")(function* (mcpName: string, authorizationCode: string) {
+      const transport = pendingOAuthTransports.get(mcpName)
+      if (!transport) throw new Error(`No pending OAuth flow for MCP server: ${mcpName}`)
+
+      const result = yield* Effect.tryPromise({
+        try: () => transport.finishAuth(authorizationCode).then(() => true as const),
+        catch: (error) => {
+          log.error("failed to finish oauth", { mcpName, error })
+          return error
+        },
+      }).pipe(Effect.option)
+
+      if (Option.isNone(result)) {
+        return { status: "failed", error: "OAuth completion failed" } as Status
+      }
+
+      yield* auth.clearCodeVerifier(mcpName)
+      pendingOAuthTransports.delete(mcpName)
+
+      const mcpConfig = yield* getMcpConfig(mcpName)
+      if (!mcpConfig) return { status: "failed", error: "MCP config not found after auth" } as Status
+
+      return yield* createAndStore(mcpName, mcpConfig)
+    })
+
+    const removeAuth = Effect.fn("MCP.removeAuth")(function* (mcpName: string) {
+      yield* auth.remove(mcpName)
+      McpOAuthCallback.cancelPending(mcpName)
+      pendingOAuthTransports.delete(mcpName)
+      log.info("removed oauth credentials", { mcpName })
+    })
+
+    const supportsOAuth = Effect.fn("MCP.supportsOAuth")(function* (mcpName: string) {
+      const mcpConfig = yield* getMcpConfig(mcpName)
+      if (!mcpConfig) return false
+      return mcpConfig.type === "remote" && mcpConfig.oauth !== false
+    })
+
+    const hasStoredTokens = Effect.fn("MCP.hasStoredTokens")(function* (mcpName: string) {
+      const entry = yield* auth.get(mcpName)
+      return !!entry?.tokens
+    })
+
+    const getAuthStatus = Effect.fn("MCP.getAuthStatus")(function* (mcpName: string) {
+      const entry = yield* auth.get(mcpName)
+      if (!entry?.tokens) return "not_authenticated" as AuthStatus
+      const expired = yield* auth.isTokenExpired(mcpName)
+      return (expired ? "expired" : "authenticated") as AuthStatus
+    })
+
+    return Service.of({
+      status,
+      clients,
+      tools,
+      prompts,
+      resources,
+      add,
+      connect,
+      disconnect,
+      getPrompt,
+      readResource,
+      startAuth,
+      authenticate,
+      finishAuth,
+      removeAuth,
+      supportsOAuth,
+      hasStoredTokens,
+      getAuthStatus,
+    })
+  }),
+)
+
+export type AuthStatus = "authenticated" | "expired" | "not_authenticated"
+
+// --- Per-service runtime ---
+
+export const defaultLayer = layer.pipe(
+  Layer.provide(McpAuth.layer),
+  Layer.provide(Bus.layer),
+  Layer.provide(Config.defaultLayer),
+  Layer.provide(CrossSpawnSpawner.defaultLayer),
+  Layer.provide(AppFileSystem.defaultLayer),
+)
--- a/packages/opencode/src/mcp/oauth-callback.ts
+++ b/packages/opencode/src/mcp/oauth-callback.ts
@@ -218,7 +218,7 @@ export namespace McpOAuthCallback {
      log.info("oauth callback server stopped")
    }

-    for (const [name, pending] of pendingAuths) {
+    for (const [_name, pending] of pendingAuths) {
      clearTimeout(pending.timeout)
      pending.reject(new Error("OAuth callback server stopped"))
    }
--- a/packages/opencode/src/npm/index.ts
+++ b/packages/opencode/src/npm/index.ts
@@ -1,188 +1 @@
-import semver from "semver"
-import z from "zod"
-import { NamedError } from "@opencode-ai/shared/util/error"
-import { Global } from "../global"
-import { Log } from "../util/log"
-import path from "path"
-import { readdir, rm } from "fs/promises"
-import { Filesystem } from "@/util/filesystem"
-import { Flock } from "@opencode-ai/shared/util/flock"
-import { Arborist } from "@npmcli/arborist"
-
-export namespace Npm {
-  const log = Log.create({ service: "npm" })
-  const illegal = process.platform === "win32" ? new Set(["<", ">", ":", '"', "|", "?", "*"]) : undefined
-
-  export const InstallFailedError = NamedError.create(
-    "NpmInstallFailedError",
-    z.object({
-      pkg: z.string(),
-    }),
-  )
-
-  export function sanitize(pkg: string) {
-    if (!illegal) return pkg
-    return Array.from(pkg, (char) => (illegal.has(char) || char.charCodeAt(0) < 32 ? "_" : char)).join("")
-  }
-
-  function directory(pkg: string) {
-    return path.join(Global.Path.cache, "packages", sanitize(pkg))
-  }
-
-  function resolveEntryPoint(name: string, dir: string) {
-    let entrypoint: string | undefined
-    try {
-      entrypoint = typeof Bun !== "undefined" ? import.meta.resolve(name, dir) : import.meta.resolve(dir)
-    } catch {}
-    const result = {
-      directory: dir,
-      entrypoint,
-    }
-    return result
-  }
-
-  export async function outdated(pkg: string, cachedVersion: string): Promise<boolean> {
-    const response = await fetch(`https://registry.npmjs.org/${pkg}`)
-    if (!response.ok) {
-      log.warn("Failed to resolve latest version, using cached", { pkg, cachedVersion })
-      return false
-    }
-
-    const data = (await response.json()) as { "dist-tags"?: { latest?: string } }
-    const latestVersion = data?.["dist-tags"]?.latest
-    if (!latestVersion) {
-      log.warn("No latest version found, using cached", { pkg, cachedVersion })
-      return false
-    }
-
-    const range = /[\s^~*xX<>|=]/.test(cachedVersion)
-    if (range) return !semver.satisfies(latestVersion, cachedVersion)
-
-    return semver.lt(cachedVersion, latestVersion)
-  }
-
-  export async function add(pkg: string) {
-    const dir = directory(pkg)
-    await using _ = await Flock.acquire(`npm-install:${Filesystem.resolve(dir)}`)
-    log.info("installing package", {
-      pkg,
-    })
-
-    const arborist = new Arborist({
-      path: dir,
-      binLinks: true,
-      progress: false,
-      savePrefix: "",
-      ignoreScripts: true,
-    })
-    const tree = await arborist.loadVirtual().catch(() => {})
-    if (tree) {
-      const first = tree.edgesOut.values().next().value?.to
-      if (first) {
-        return resolveEntryPoint(first.name, first.path)
-      }
-    }
-
-    const result = await arborist
-      .reify({
-        add: [pkg],
-        save: true,
-        saveType: "prod",
-      })
-      .catch((cause) => {
-        throw new InstallFailedError(
-          { pkg },
-          {
-            cause,
-          },
-        )
-      })
-
-    const first = result.edgesOut.values().next().value?.to
-    if (!first) throw new InstallFailedError({ pkg })
-    return resolveEntryPoint(first.name, first.path)
-  }
-
-  export async function install(dir: string) {
-    await using _ = await Flock.acquire(`npm-install:${dir}`)
-    log.info("checking dependencies", { dir })
-
-    const reify = async () => {
-      const arb = new Arborist({
-        path: dir,
-        binLinks: true,
-        progress: false,
-        savePrefix: "",
-        ignoreScripts: true,
-      })
-      await arb.reify().catch(() => {})
-    }
-
-    if (!(await Filesystem.exists(path.join(dir, "node_modules")))) {
-      log.info("node_modules missing, reifying")
-      await reify()
-      return
-    }
-
-    const pkg = await Filesystem.readJson(path.join(dir, "package.json")).catch(() => ({}))
-    const lock = await Filesystem.readJson(path.join(dir, "package-lock.json")).catch(() => ({}))
-
-    const declared = new Set([
-      ...Object.keys(pkg.dependencies || {}),
-      ...Object.keys(pkg.devDependencies || {}),
-      ...Object.keys(pkg.peerDependencies || {}),
-      ...Object.keys(pkg.optionalDependencies || {}),
-    ])
-
-    const root = lock.packages?.[""] || {}
-    const locked = new Set([
-      ...Object.keys(root.dependencies || {}),
-      ...Object.keys(root.devDependencies || {}),
-      ...Object.keys(root.peerDependencies || {}),
-      ...Object.keys(root.optionalDependencies || {}),
-    ])
-
-    for (const name of declared) {
-      if (!locked.has(name)) {
-        log.info("dependency not in lock file, reifying", { name })
-        await reify()
-        return
-      }
-    }
-
-    log.info("dependencies in sync")
-  }
-
-  export async function which(pkg: string) {
-    const dir = directory(pkg)
-    const binDir = path.join(dir, "node_modules", ".bin")
-
-    const pick = async () => {
-      const files = await readdir(binDir).catch(() => [])
-      if (files.length === 0) return undefined
-      if (files.length === 1) return files[0]
-      // Multiple binaries — resolve from package.json bin field like npx does
-      const pkgJson = await Filesystem.readJson<{ bin?: string | Record<string, string> }>(
-        path.join(dir, "node_modules", pkg, "package.json"),
-      ).catch(() => undefined)
-      if (pkgJson?.bin) {
-        const unscoped = pkg.startsWith("@") ? pkg.split("/")[1] : pkg
-        const bin = pkgJson.bin
-        if (typeof bin === "string") return unscoped
-        const keys = Object.keys(bin)
-        if (keys.length === 1) return keys[0]
-        return bin[unscoped] ? unscoped : keys[0]
-      }
-      return files[0]
-    }
-
-    const bin = await pick()
-    if (bin) return path.join(binDir, bin)
-
-    await rm(path.join(dir, "package-lock.json"), { force: true })
-    await add(pkg)
-    const resolved = await pick()
-    if (!resolved) return
-    return path.join(binDir, resolved)
-  }
-}
+export * as Npm from "./npm"
--- a/packages/opencode/src/npm/npm.ts
+++ b/packages/opencode/src/npm/npm.ts
@@ -0,0 +1,186 @@
+import semver from "semver"
+import z from "zod"
+import { NamedError } from "@opencode-ai/shared/util/error"
+import { Global } from "../global"
+import { Log } from "../util/log"
+import path from "path"
+import { readdir, rm } from "fs/promises"
+import { Filesystem } from "@/util/filesystem"
+import { Flock } from "@opencode-ai/shared/util/flock"
+import { Arborist } from "@npmcli/arborist"
+
+const log = Log.create({ service: "npm" })
+const illegal = process.platform === "win32" ? new Set(["<", ">", ":", '"', "|", "?", "*"]) : undefined
+
+export const InstallFailedError = NamedError.create(
+  "NpmInstallFailedError",
+  z.object({
+    pkg: z.string(),
+  }),
+)
+
+export function sanitize(pkg: string) {
+  if (!illegal) return pkg
+  return Array.from(pkg, (char) => (illegal.has(char) || char.charCodeAt(0) < 32 ? "_" : char)).join("")
+}
+
+function directory(pkg: string) {
+  return path.join(Global.Path.cache, "packages", sanitize(pkg))
+}
+
+function resolveEntryPoint(name: string, dir: string) {
+  let entrypoint: string | undefined
+  try {
+    entrypoint = typeof Bun !== "undefined" ? import.meta.resolve(name, dir) : import.meta.resolve(dir)
+  } catch {}
+  const result = {
+    directory: dir,
+    entrypoint,
+  }
+  return result
+}
+
+export async function outdated(pkg: string, cachedVersion: string): Promise<boolean> {
+  const response = await fetch(`https://registry.npmjs.org/${pkg}`)
+  if (!response.ok) {
+    log.warn("Failed to resolve latest version, using cached", { pkg, cachedVersion })
+    return false
+  }
+
+  const data = (await response.json()) as { "dist-tags"?: { latest?: string } }
+  const latestVersion = data?.["dist-tags"]?.latest
+  if (!latestVersion) {
+    log.warn("No latest version found, using cached", { pkg, cachedVersion })
+    return false
+  }
+
+  const range = /[\s^~*xX<>|=]/.test(cachedVersion)
+  if (range) return !semver.satisfies(latestVersion, cachedVersion)
+
+  return semver.lt(cachedVersion, latestVersion)
+}
+
+export async function add(pkg: string) {
+  const dir = directory(pkg)
+  await using _ = await Flock.acquire(`npm-install:${Filesystem.resolve(dir)}`)
+  log.info("installing package", {
+    pkg,
+  })
+
+  const arborist = new Arborist({
+    path: dir,
+    binLinks: true,
+    progress: false,
+    savePrefix: "",
+    ignoreScripts: true,
+  })
+  const tree = await arborist.loadVirtual().catch(() => {})
+  if (tree) {
+    const first = tree.edgesOut.values().next().value?.to
+    if (first) {
+      return resolveEntryPoint(first.name, first.path)
+    }
+  }
+
+  const result = await arborist
+    .reify({
+      add: [pkg],
+      save: true,
+      saveType: "prod",
+    })
+    .catch((cause) => {
+      throw new InstallFailedError(
+        { pkg },
+        {
+          cause,
+        },
+      )
+    })
+
+  const first = result.edgesOut.values().next().value?.to
+  if (!first) throw new InstallFailedError({ pkg })
+  return resolveEntryPoint(first.name, first.path)
+}
+
+export async function install(dir: string) {
+  await using _ = await Flock.acquire(`npm-install:${dir}`)
+  log.info("checking dependencies", { dir })
+
+  const reify = async () => {
+    const arb = new Arborist({
+      path: dir,
+      binLinks: true,
+      progress: false,
+      savePrefix: "",
+      ignoreScripts: true,
+    })
+    await arb.reify().catch(() => {})
+  }
+
+  if (!(await Filesystem.exists(path.join(dir, "node_modules")))) {
+    log.info("node_modules missing, reifying")
+    await reify()
+    return
+  }
+
+  const pkg = await Filesystem.readJson(path.join(dir, "package.json")).catch(() => ({}))
+  const lock = await Filesystem.readJson(path.join(dir, "package-lock.json")).catch(() => ({}))
+
+  const declared = new Set([
+    ...Object.keys(pkg.dependencies || {}),
+    ...Object.keys(pkg.devDependencies || {}),
+    ...Object.keys(pkg.peerDependencies || {}),
+    ...Object.keys(pkg.optionalDependencies || {}),
+  ])
+
+  const root = lock.packages?.[""] || {}
+  const locked = new Set([
+    ...Object.keys(root.dependencies || {}),
+    ...Object.keys(root.devDependencies || {}),
+    ...Object.keys(root.peerDependencies || {}),
+    ...Object.keys(root.optionalDependencies || {}),
+  ])
+
+  for (const name of declared) {
+    if (!locked.has(name)) {
+      log.info("dependency not in lock file, reifying", { name })
+      await reify()
+      return
+    }
+  }
+
+  log.info("dependencies in sync")
+}
+
+export async function which(pkg: string) {
+  const dir = directory(pkg)
+  const binDir = path.join(dir, "node_modules", ".bin")
+
+  const pick = async () => {
+    const files = await readdir(binDir).catch(() => [])
+    if (files.length === 0) return undefined
+    if (files.length === 1) return files[0]
+    // Multiple binaries — resolve from package.json bin field like npx does
+    const pkgJson = await Filesystem.readJson<{ bin?: string | Record<string, string> }>(
+      path.join(dir, "node_modules", pkg, "package.json"),
+    ).catch(() => undefined)
+    if (pkgJson?.bin) {
+      const unscoped = pkg.startsWith("@") ? pkg.split("/")[1] : pkg
+      const bin = pkgJson.bin
+      if (typeof bin === "string") return unscoped
+      const keys = Object.keys(bin)
+      if (keys.length === 1) return keys[0]
+      return bin[unscoped] ? unscoped : keys[0]
+    }
+    return files[0]
+  }
+
+  const bin = await pick()
+  if (bin) return path.join(binDir, bin)
+
+  await rm(path.join(dir, "package-lock.json"), { force: true })
+  await add(pkg)
+  const resolved = await pick()
+  if (!resolved) return
+  return path.join(binDir, resolved)
+}
--- a/packages/opencode/src/patch/index.ts
+++ b/packages/opencode/src/patch/index.ts
@@ -1,680 +1 @@
-import z from "zod"
-import * as path from "path"
-import * as fs from "fs/promises"
-import { readFileSync } from "fs"
-import { Log } from "../util/log"
-
-export namespace Patch {
-  const log = Log.create({ service: "patch" })
-
-  // Schema definitions
-  export const PatchSchema = z.object({
-    patchText: z.string().describe("The full patch text that describes all changes to be made"),
-  })
-
-  export type PatchParams = z.infer<typeof PatchSchema>
-
-  // Core types matching the Rust implementation
-  export interface ApplyPatchArgs {
-    patch: string
-    hunks: Hunk[]
-    workdir?: string
-  }
-
-  export type Hunk =
-    | { type: "add"; path: string; contents: string }
-    | { type: "delete"; path: string }
-    | { type: "update"; path: string; move_path?: string; chunks: UpdateFileChunk[] }
-
-  export interface UpdateFileChunk {
-    old_lines: string[]
-    new_lines: string[]
-    change_context?: string
-    is_end_of_file?: boolean
-  }
-
-  export interface ApplyPatchAction {
-    changes: Map<string, ApplyPatchFileChange>
-    patch: string
-    cwd: string
-  }
-
-  export type ApplyPatchFileChange =
-    | { type: "add"; content: string }
-    | { type: "delete"; content: string }
-    | { type: "update"; unified_diff: string; move_path?: string; new_content: string }
-
-  export interface AffectedPaths {
-    added: string[]
-    modified: string[]
-    deleted: string[]
-  }
-
-  export enum ApplyPatchError {
-    ParseError = "ParseError",
-    IoError = "IoError",
-    ComputeReplacements = "ComputeReplacements",
-    ImplicitInvocation = "ImplicitInvocation",
-  }
-
-  export enum MaybeApplyPatch {
-    Body = "Body",
-    ShellParseError = "ShellParseError",
-    PatchParseError = "PatchParseError",
-    NotApplyPatch = "NotApplyPatch",
-  }
-
-  export enum MaybeApplyPatchVerified {
-    Body = "Body",
-    ShellParseError = "ShellParseError",
-    CorrectnessError = "CorrectnessError",
-    NotApplyPatch = "NotApplyPatch",
-  }
-
-  // Parser implementation
-  function parsePatchHeader(
-    lines: string[],
-    startIdx: number,
-  ): { filePath: string; movePath?: string; nextIdx: number } | null {
-    const line = lines[startIdx]
-
-    if (line.startsWith("*** Add File:")) {
-      const filePath = line.slice("*** Add File:".length).trim()
-      return filePath ? { filePath, nextIdx: startIdx + 1 } : null
-    }
-
-    if (line.startsWith("*** Delete File:")) {
-      const filePath = line.slice("*** Delete File:".length).trim()
-      return filePath ? { filePath, nextIdx: startIdx + 1 } : null
-    }
-
-    if (line.startsWith("*** Update File:")) {
-      const filePath = line.slice("*** Update File:".length).trim()
-      let movePath: string | undefined
-      let nextIdx = startIdx + 1
-
-      // Check for move directive
-      if (nextIdx < lines.length && lines[nextIdx].startsWith("*** Move to:")) {
-        movePath = lines[nextIdx].slice("*** Move to:".length).trim()
-        nextIdx++
-      }
-
-      return filePath ? { filePath, movePath, nextIdx } : null
-    }
-
-    return null
-  }
-
-  function parseUpdateFileChunks(lines: string[], startIdx: number): { chunks: UpdateFileChunk[]; nextIdx: number } {
-    const chunks: UpdateFileChunk[] = []
-    let i = startIdx
-
-    while (i < lines.length && !lines[i].startsWith("***")) {
-      if (lines[i].startsWith("@@")) {
-        // Parse context line
-        const contextLine = lines[i].substring(2).trim()
-        i++
-
-        const oldLines: string[] = []
-        const newLines: string[] = []
-        let isEndOfFile = false
-
-        // Parse change lines
-        while (i < lines.length && !lines[i].startsWith("@@") && !lines[i].startsWith("***")) {
-          const changeLine = lines[i]
-
-          if (changeLine === "*** End of File") {
-            isEndOfFile = true
-            i++
-            break
-          }
-
-          if (changeLine.startsWith(" ")) {
-            // Keep line - appears in both old and new
-            const content = changeLine.substring(1)
-            oldLines.push(content)
-            newLines.push(content)
-          } else if (changeLine.startsWith("-")) {
-            // Remove line - only in old
-            oldLines.push(changeLine.substring(1))
-          } else if (changeLine.startsWith("+")) {
-            // Add line - only in new
-            newLines.push(changeLine.substring(1))
-          }
-
-          i++
-        }
-
-        chunks.push({
-          old_lines: oldLines,
-          new_lines: newLines,
-          change_context: contextLine || undefined,
-          is_end_of_file: isEndOfFile || undefined,
-        })
-      } else {
-        i++
-      }
-    }
-
-    return { chunks, nextIdx: i }
-  }
-
-  function parseAddFileContent(lines: string[], startIdx: number): { content: string; nextIdx: number } {
-    let content = ""
-    let i = startIdx
-
-    while (i < lines.length && !lines[i].startsWith("***")) {
-      if (lines[i].startsWith("+")) {
-        content += lines[i].substring(1) + "\n"
-      }
-      i++
-    }
-
-    // Remove trailing newline
-    if (content.endsWith("\n")) {
-      content = content.slice(0, -1)
-    }
-
-    return { content, nextIdx: i }
-  }
-
-  function stripHeredoc(input: string): string {
-    // Match heredoc patterns like: cat <<'EOF'\n...\nEOF or <<EOF\n...\nEOF
-    const heredocMatch = input.match(/^(?:cat\s+)?<<['"]?(\w+)['"]?\s*\n([\s\S]*?)\n\1\s*$/)
-    if (heredocMatch) {
-      return heredocMatch[2]
-    }
-    return input
-  }
-
-  export function parsePatch(patchText: string): { hunks: Hunk[] } {
-    const cleaned = stripHeredoc(patchText.trim())
-    const lines = cleaned.split("\n")
-    const hunks: Hunk[] = []
-    let i = 0
-
-    // Look for Begin/End patch markers
-    const beginMarker = "*** Begin Patch"
-    const endMarker = "*** End Patch"
-
-    const beginIdx = lines.findIndex((line) => line.trim() === beginMarker)
-    const endIdx = lines.findIndex((line) => line.trim() === endMarker)
-
-    if (beginIdx === -1 || endIdx === -1 || beginIdx >= endIdx) {
-      throw new Error("Invalid patch format: missing Begin/End markers")
-    }
-
-    // Parse content between markers
-    i = beginIdx + 1
-
-    while (i < endIdx) {
-      const header = parsePatchHeader(lines, i)
-      if (!header) {
-        i++
-        continue
-      }
-
-      if (lines[i].startsWith("*** Add File:")) {
-        const { content, nextIdx } = parseAddFileContent(lines, header.nextIdx)
-        hunks.push({
-          type: "add",
-          path: header.filePath,
-          contents: content,
-        })
-        i = nextIdx
-      } else if (lines[i].startsWith("*** Delete File:")) {
-        hunks.push({
-          type: "delete",
-          path: header.filePath,
-        })
-        i = header.nextIdx
-      } else if (lines[i].startsWith("*** Update File:")) {
-        const { chunks, nextIdx } = parseUpdateFileChunks(lines, header.nextIdx)
-        hunks.push({
-          type: "update",
-          path: header.filePath,
-          move_path: header.movePath,
-          chunks,
-        })
-        i = nextIdx
-      } else {
-        i++
-      }
-    }
-
-    return { hunks }
-  }
-
-  // Apply patch functionality
-  export function maybeParseApplyPatch(
-    argv: string[],
-  ):
-    | { type: MaybeApplyPatch.Body; args: ApplyPatchArgs }
-    | { type: MaybeApplyPatch.PatchParseError; error: Error }
-    | { type: MaybeApplyPatch.NotApplyPatch } {
-    const APPLY_PATCH_COMMANDS = ["apply_patch", "applypatch"]
-
-    // Direct invocation: apply_patch <patch>
-    if (argv.length === 2 && APPLY_PATCH_COMMANDS.includes(argv[0])) {
-      try {
-        const { hunks } = parsePatch(argv[1])
-        return {
-          type: MaybeApplyPatch.Body,
-          args: {
-            patch: argv[1],
-            hunks,
-          },
-        }
-      } catch (error) {
-        return {
-          type: MaybeApplyPatch.PatchParseError,
-          error: error as Error,
-        }
-      }
-    }
-
-    // Bash heredoc form: bash -lc 'apply_patch <<"EOF" ...'
-    if (argv.length === 3 && argv[0] === "bash" && argv[1] === "-lc") {
-      // Simple extraction - in real implementation would need proper bash parsing
-      const script = argv[2]
-      const heredocMatch = script.match(/apply_patch\s*<<['"](\w+)['"]\s*\n([\s\S]*?)\n\1/)
-
-      if (heredocMatch) {
-        const patchContent = heredocMatch[2]
-        try {
-          const { hunks } = parsePatch(patchContent)
-          return {
-            type: MaybeApplyPatch.Body,
-            args: {
-              patch: patchContent,
-              hunks,
-            },
-          }
-        } catch (error) {
-          return {
-            type: MaybeApplyPatch.PatchParseError,
-            error: error as Error,
-          }
-        }
-      }
-    }
-
-    return { type: MaybeApplyPatch.NotApplyPatch }
-  }
-
-  // File content manipulation
-  interface ApplyPatchFileUpdate {
-    unified_diff: string
-    content: string
-  }
-
-  export function deriveNewContentsFromChunks(filePath: string, chunks: UpdateFileChunk[]): ApplyPatchFileUpdate {
-    // Read original file content
-    let originalContent: string
-    try {
-      originalContent = readFileSync(filePath, "utf-8")
-    } catch (error) {
-      throw new Error(`Failed to read file ${filePath}: ${error}`)
-    }
-
-    let originalLines = originalContent.split("\n")
-
-    // Drop trailing empty element for consistent line counting
-    if (originalLines.length > 0 && originalLines[originalLines.length - 1] === "") {
-      originalLines.pop()
-    }
-
-    const replacements = computeReplacements(originalLines, filePath, chunks)
-    let newLines = applyReplacements(originalLines, replacements)
-
-    // Ensure trailing newline
-    if (newLines.length === 0 || newLines[newLines.length - 1] !== "") {
-      newLines.push("")
-    }
-
-    const newContent = newLines.join("\n")
-
-    // Generate unified diff
-    const unifiedDiff = generateUnifiedDiff(originalContent, newContent)
-
-    return {
-      unified_diff: unifiedDiff,
-      content: newContent,
-    }
-  }
-
-  function computeReplacements(
-    originalLines: string[],
-    filePath: string,
-    chunks: UpdateFileChunk[],
-  ): Array<[number, number, string[]]> {
-    const replacements: Array<[number, number, string[]]> = []
-    let lineIndex = 0
-
-    for (const chunk of chunks) {
-      // Handle context-based seeking
-      if (chunk.change_context) {
-        const contextIdx = seekSequence(originalLines, [chunk.change_context], lineIndex)
-        if (contextIdx === -1) {
-          throw new Error(`Failed to find context '${chunk.change_context}' in ${filePath}`)
-        }
-        lineIndex = contextIdx + 1
-      }
-
-      // Handle pure addition (no old lines)
-      if (chunk.old_lines.length === 0) {
-        const insertionIdx =
-          originalLines.length > 0 && originalLines[originalLines.length - 1] === ""
-            ? originalLines.length - 1
-            : originalLines.length
-        replacements.push([insertionIdx, 0, chunk.new_lines])
-        continue
-      }
-
-      // Try to match old lines in the file
-      let pattern = chunk.old_lines
-      let newSlice = chunk.new_lines
-      let found = seekSequence(originalLines, pattern, lineIndex, chunk.is_end_of_file)
-
-      // Retry without trailing empty line if not found
-      if (found === -1 && pattern.length > 0 && pattern[pattern.length - 1] === "") {
-        pattern = pattern.slice(0, -1)
-        if (newSlice.length > 0 && newSlice[newSlice.length - 1] === "") {
-          newSlice = newSlice.slice(0, -1)
-        }
-        found = seekSequence(originalLines, pattern, lineIndex, chunk.is_end_of_file)
-      }
-
-      if (found !== -1) {
-        replacements.push([found, pattern.length, newSlice])
-        lineIndex = found + pattern.length
-      } else {
-        throw new Error(`Failed to find expected lines in ${filePath}:\n${chunk.old_lines.join("\n")}`)
-      }
-    }
-
-    // Sort replacements by index to apply in order
-    replacements.sort((a, b) => a[0] - b[0])
-
-    return replacements
-  }
-
-  function applyReplacements(lines: string[], replacements: Array<[number, number, string[]]>): string[] {
-    // Apply replacements in reverse order to avoid index shifting
-    const result = [...lines]
-
-    for (let i = replacements.length - 1; i >= 0; i--) {
-      const [startIdx, oldLen, newSegment] = replacements[i]
-
-      // Remove old lines
-      result.splice(startIdx, oldLen)
-
-      // Insert new lines
-      for (let j = 0; j < newSegment.length; j++) {
-        result.splice(startIdx + j, 0, newSegment[j])
-      }
-    }
-
-    return result
-  }
-
-  // Normalize Unicode punctuation to ASCII equivalents (like Rust's normalize_unicode)
-  function normalizeUnicode(str: string): string {
-    return str
-      .replace(/[\u2018\u2019\u201A\u201B]/g, "'") // single quotes
-      .replace(/[\u201C\u201D\u201E\u201F]/g, '"') // double quotes
-      .replace(/[\u2010\u2011\u2012\u2013\u2014\u2015]/g, "-") // dashes
-      .replace(/\u2026/g, "...") // ellipsis
-      .replace(/\u00A0/g, " ") // non-breaking space
-  }
-
-  type Comparator = (a: string, b: string) => boolean
-
-  function tryMatch(lines: string[], pattern: string[], startIndex: number, compare: Comparator, eof: boolean): number {
-    // If EOF anchor, try matching from end of file first
-    if (eof) {
-      const fromEnd = lines.length - pattern.length
-      if (fromEnd >= startIndex) {
-        let matches = true
-        for (let j = 0; j < pattern.length; j++) {
-          if (!compare(lines[fromEnd + j], pattern[j])) {
-            matches = false
-            break
-          }
-        }
-        if (matches) return fromEnd
-      }
-    }
-
-    // Forward search from startIndex
-    for (let i = startIndex; i <= lines.length - pattern.length; i++) {
-      let matches = true
-      for (let j = 0; j < pattern.length; j++) {
-        if (!compare(lines[i + j], pattern[j])) {
-          matches = false
-          break
-        }
-      }
-      if (matches) return i
-    }
-
-    return -1
-  }
-
-  function seekSequence(lines: string[], pattern: string[], startIndex: number, eof = false): number {
-    if (pattern.length === 0) return -1
-
-    // Pass 1: exact match
-    const exact = tryMatch(lines, pattern, startIndex, (a, b) => a === b, eof)
-    if (exact !== -1) return exact
-
-    // Pass 2: rstrip (trim trailing whitespace)
-    const rstrip = tryMatch(lines, pattern, startIndex, (a, b) => a.trimEnd() === b.trimEnd(), eof)
-    if (rstrip !== -1) return rstrip
-
-    // Pass 3: trim (both ends)
-    const trim = tryMatch(lines, pattern, startIndex, (a, b) => a.trim() === b.trim(), eof)
-    if (trim !== -1) return trim
-
-    // Pass 4: normalized (Unicode punctuation to ASCII)
-    const normalized = tryMatch(
-      lines,
-      pattern,
-      startIndex,
-      (a, b) => normalizeUnicode(a.trim()) === normalizeUnicode(b.trim()),
-      eof,
-    )
-    return normalized
-  }
-
-  function generateUnifiedDiff(oldContent: string, newContent: string): string {
-    const oldLines = oldContent.split("\n")
-    const newLines = newContent.split("\n")
-
-    // Simple diff generation - in a real implementation you'd use a proper diff algorithm
-    let diff = "@@ -1 +1 @@\n"
-
-    // Find changes (simplified approach)
-    const maxLen = Math.max(oldLines.length, newLines.length)
-    let hasChanges = false
-
-    for (let i = 0; i < maxLen; i++) {
-      const oldLine = oldLines[i] || ""
-      const newLine = newLines[i] || ""
-
-      if (oldLine !== newLine) {
-        if (oldLine) diff += `-${oldLine}\n`
-        if (newLine) diff += `+${newLine}\n`
-        hasChanges = true
-      } else if (oldLine) {
-        diff += ` ${oldLine}\n`
-      }
-    }
-
-    return hasChanges ? diff : ""
-  }
-
-  // Apply hunks to filesystem
-  export async function applyHunksToFiles(hunks: Hunk[]): Promise<AffectedPaths> {
-    if (hunks.length === 0) {
-      throw new Error("No files were modified.")
-    }
-
-    const added: string[] = []
-    const modified: string[] = []
-    const deleted: string[] = []
-
-    for (const hunk of hunks) {
-      switch (hunk.type) {
-        case "add":
-          // Create parent directories
-          const addDir = path.dirname(hunk.path)
-          if (addDir !== "." && addDir !== "/") {
-            await fs.mkdir(addDir, { recursive: true })
-          }
-
-          await fs.writeFile(hunk.path, hunk.contents, "utf-8")
-          added.push(hunk.path)
-          log.info(`Added file: ${hunk.path}`)
-          break
-
-        case "delete":
-          await fs.unlink(hunk.path)
-          deleted.push(hunk.path)
-          log.info(`Deleted file: ${hunk.path}`)
-          break
-
-        case "update":
-          const fileUpdate = deriveNewContentsFromChunks(hunk.path, hunk.chunks)
-
-          if (hunk.move_path) {
-            // Handle file move
-            const moveDir = path.dirname(hunk.move_path)
-            if (moveDir !== "." && moveDir !== "/") {
-              await fs.mkdir(moveDir, { recursive: true })
-            }
-
-            await fs.writeFile(hunk.move_path, fileUpdate.content, "utf-8")
-            await fs.unlink(hunk.path)
-            modified.push(hunk.move_path)
-            log.info(`Moved file: ${hunk.path} -> ${hunk.move_path}`)
-          } else {
-            // Regular update
-            await fs.writeFile(hunk.path, fileUpdate.content, "utf-8")
-            modified.push(hunk.path)
-            log.info(`Updated file: ${hunk.path}`)
-          }
-          break
-      }
-    }
-
-    return { added, modified, deleted }
-  }
-
-  // Main patch application function
-  export async function applyPatch(patchText: string): Promise<AffectedPaths> {
-    const { hunks } = parsePatch(patchText)
-    return applyHunksToFiles(hunks)
-  }
-
-  // Async version of maybeParseApplyPatchVerified
-  export async function maybeParseApplyPatchVerified(
-    argv: string[],
-    cwd: string,
-  ): Promise<
-    | { type: MaybeApplyPatchVerified.Body; action: ApplyPatchAction }
-    | { type: MaybeApplyPatchVerified.CorrectnessError; error: Error }
-    | { type: MaybeApplyPatchVerified.NotApplyPatch }
-  > {
-    // Detect implicit patch invocation (raw patch without apply_patch command)
-    if (argv.length === 1) {
-      try {
-        parsePatch(argv[0])
-        return {
-          type: MaybeApplyPatchVerified.CorrectnessError,
-          error: new Error(ApplyPatchError.ImplicitInvocation),
-        }
-      } catch {
-        // Not a patch, continue
-      }
-    }
-
-    const result = maybeParseApplyPatch(argv)
-
-    switch (result.type) {
-      case MaybeApplyPatch.Body:
-        const { args } = result
-        const effectiveCwd = args.workdir ? path.resolve(cwd, args.workdir) : cwd
-        const changes = new Map<string, ApplyPatchFileChange>()
-
-        for (const hunk of args.hunks) {
-          const resolvedPath = path.resolve(
-            effectiveCwd,
-            hunk.type === "update" && hunk.move_path ? hunk.move_path : hunk.path,
-          )
-
-          switch (hunk.type) {
-            case "add":
-              changes.set(resolvedPath, {
-                type: "add",
-                content: hunk.contents,
-              })
-              break
-
-            case "delete":
-              // For delete, we need to read the current content
-              const deletePath = path.resolve(effectiveCwd, hunk.path)
-              try {
-                const content = await fs.readFile(deletePath, "utf-8")
-                changes.set(resolvedPath, {
-                  type: "delete",
-                  content,
-                })
-              } catch {
-                return {
-                  type: MaybeApplyPatchVerified.CorrectnessError,
-                  error: new Error(`Failed to read file for deletion: ${deletePath}`),
-                }
-              }
-              break
-
-            case "update":
-              const updatePath = path.resolve(effectiveCwd, hunk.path)
-              try {
-                const fileUpdate = deriveNewContentsFromChunks(updatePath, hunk.chunks)
-                changes.set(resolvedPath, {
-                  type: "update",
-                  unified_diff: fileUpdate.unified_diff,
-                  move_path: hunk.move_path ? path.resolve(effectiveCwd, hunk.move_path) : undefined,
-                  new_content: fileUpdate.content,
-                })
-              } catch (error) {
-                return {
-                  type: MaybeApplyPatchVerified.CorrectnessError,
-                  error: error as Error,
-                }
-              }
-              break
-          }
-        }
-
-        return {
-          type: MaybeApplyPatchVerified.Body,
-          action: {
-            changes,
-            patch: args.patch,
-            cwd: effectiveCwd,
-          },
-        }
-
-      case MaybeApplyPatch.PatchParseError:
-        return {
-          type: MaybeApplyPatchVerified.CorrectnessError,
-          error: result.error,
-        }
-
-      case MaybeApplyPatch.NotApplyPatch:
-        return { type: MaybeApplyPatchVerified.NotApplyPatch }
-    }
-  }
-}
+export * as Patch from "./patch"
--- a/packages/opencode/src/patch/patch.ts
+++ b/packages/opencode/src/patch/patch.ts
@@ -0,0 +1,678 @@
+import z from "zod"
+import * as path from "path"
+import * as fs from "fs/promises"
+import { readFileSync } from "fs"
+import { Log } from "../util/log"
+
+const log = Log.create({ service: "patch" })
+
+// Schema definitions
+export const PatchSchema = z.object({
+  patchText: z.string().describe("The full patch text that describes all changes to be made"),
+})
+
+export type PatchParams = z.infer<typeof PatchSchema>
+
+// Core types matching the Rust implementation
+export interface ApplyPatchArgs {
+  patch: string
+  hunks: Hunk[]
+  workdir?: string
+}
+
+export type Hunk =
+  | { type: "add"; path: string; contents: string }
+  | { type: "delete"; path: string }
+  | { type: "update"; path: string; move_path?: string; chunks: UpdateFileChunk[] }
+
+export interface UpdateFileChunk {
+  old_lines: string[]
+  new_lines: string[]
+  change_context?: string
+  is_end_of_file?: boolean
+}
+
+export interface ApplyPatchAction {
+  changes: Map<string, ApplyPatchFileChange>
+  patch: string
+  cwd: string
+}
+
+export type ApplyPatchFileChange =
+  | { type: "add"; content: string }
+  | { type: "delete"; content: string }
+  | { type: "update"; unified_diff: string; move_path?: string; new_content: string }
+
+export interface AffectedPaths {
+  added: string[]
+  modified: string[]
+  deleted: string[]
+}
+
+export enum ApplyPatchError {
+  ParseError = "ParseError",
+  IoError = "IoError",
+  ComputeReplacements = "ComputeReplacements",
+  ImplicitInvocation = "ImplicitInvocation",
+}
+
+export enum MaybeApplyPatch {
+  Body = "Body",
+  ShellParseError = "ShellParseError",
+  PatchParseError = "PatchParseError",
+  NotApplyPatch = "NotApplyPatch",
+}
+
+export enum MaybeApplyPatchVerified {
+  Body = "Body",
+  ShellParseError = "ShellParseError",
+  CorrectnessError = "CorrectnessError",
+  NotApplyPatch = "NotApplyPatch",
+}
+
+// Parser implementation
+function parsePatchHeader(
+  lines: string[],
+  startIdx: number,
+): { filePath: string; movePath?: string; nextIdx: number } | null {
+  const line = lines[startIdx]
+
+  if (line.startsWith("*** Add File:")) {
+    const filePath = line.slice("*** Add File:".length).trim()
+    return filePath ? { filePath, nextIdx: startIdx + 1 } : null
+  }
+
+  if (line.startsWith("*** Delete File:")) {
+    const filePath = line.slice("*** Delete File:".length).trim()
+    return filePath ? { filePath, nextIdx: startIdx + 1 } : null
+  }
+
+  if (line.startsWith("*** Update File:")) {
+    const filePath = line.slice("*** Update File:".length).trim()
+    let movePath: string | undefined
+    let nextIdx = startIdx + 1
+
+    // Check for move directive
+    if (nextIdx < lines.length && lines[nextIdx].startsWith("*** Move to:")) {
+      movePath = lines[nextIdx].slice("*** Move to:".length).trim()
+      nextIdx++
+    }
+
+    return filePath ? { filePath, movePath, nextIdx } : null
+  }
+
+  return null
+}
+
+function parseUpdateFileChunks(lines: string[], startIdx: number): { chunks: UpdateFileChunk[]; nextIdx: number } {
+  const chunks: UpdateFileChunk[] = []
+  let i = startIdx
+
+  while (i < lines.length && !lines[i].startsWith("***")) {
+    if (lines[i].startsWith("@@")) {
+      // Parse context line
+      const contextLine = lines[i].substring(2).trim()
+      i++
+
+      const oldLines: string[] = []
+      const newLines: string[] = []
+      let isEndOfFile = false
+
+      // Parse change lines
+      while (i < lines.length && !lines[i].startsWith("@@") && !lines[i].startsWith("***")) {
+        const changeLine = lines[i]
+
+        if (changeLine === "*** End of File") {
+          isEndOfFile = true
+          i++
+          break
+        }
+
+        if (changeLine.startsWith(" ")) {
+          // Keep line - appears in both old and new
+          const content = changeLine.substring(1)
+          oldLines.push(content)
+          newLines.push(content)
+        } else if (changeLine.startsWith("-")) {
+          // Remove line - only in old
+          oldLines.push(changeLine.substring(1))
+        } else if (changeLine.startsWith("+")) {
+          // Add line - only in new
+          newLines.push(changeLine.substring(1))
+        }
+
+        i++
+      }
+
+      chunks.push({
+        old_lines: oldLines,
+        new_lines: newLines,
+        change_context: contextLine || undefined,
+        is_end_of_file: isEndOfFile || undefined,
+      })
+    } else {
+      i++
+    }
+  }
+
+  return { chunks, nextIdx: i }
+}
+
+function parseAddFileContent(lines: string[], startIdx: number): { content: string; nextIdx: number } {
+  let content = ""
+  let i = startIdx
+
+  while (i < lines.length && !lines[i].startsWith("***")) {
+    if (lines[i].startsWith("+")) {
+      content += lines[i].substring(1) + "\n"
+    }
+    i++
+  }
+
+  // Remove trailing newline
+  if (content.endsWith("\n")) {
+    content = content.slice(0, -1)
+  }
+
+  return { content, nextIdx: i }
+}
+
+function stripHeredoc(input: string): string {
+  // Match heredoc patterns like: cat <<'EOF'\n...\nEOF or <<EOF\n...\nEOF
+  const heredocMatch = input.match(/^(?:cat\s+)?<<['"]?(\w+)['"]?\s*\n([\s\S]*?)\n\1\s*$/)
+  if (heredocMatch) {
+    return heredocMatch[2]
+  }
+  return input
+}
+
+export function parsePatch(patchText: string): { hunks: Hunk[] } {
+  const cleaned = stripHeredoc(patchText.trim())
+  const lines = cleaned.split("\n")
+  const hunks: Hunk[] = []
+  let i = 0
+
+  // Look for Begin/End patch markers
+  const beginMarker = "*** Begin Patch"
+  const endMarker = "*** End Patch"
+
+  const beginIdx = lines.findIndex((line) => line.trim() === beginMarker)
+  const endIdx = lines.findIndex((line) => line.trim() === endMarker)
+
+  if (beginIdx === -1 || endIdx === -1 || beginIdx >= endIdx) {
+    throw new Error("Invalid patch format: missing Begin/End markers")
+  }
+
+  // Parse content between markers
+  i = beginIdx + 1
+
+  while (i < endIdx) {
+    const header = parsePatchHeader(lines, i)
+    if (!header) {
+      i++
+      continue
+    }
+
+    if (lines[i].startsWith("*** Add File:")) {
+      const { content, nextIdx } = parseAddFileContent(lines, header.nextIdx)
+      hunks.push({
+        type: "add",
+        path: header.filePath,
+        contents: content,
+      })
+      i = nextIdx
+    } else if (lines[i].startsWith("*** Delete File:")) {
+      hunks.push({
+        type: "delete",
+        path: header.filePath,
+      })
+      i = header.nextIdx
+    } else if (lines[i].startsWith("*** Update File:")) {
+      const { chunks, nextIdx } = parseUpdateFileChunks(lines, header.nextIdx)
+      hunks.push({
+        type: "update",
+        path: header.filePath,
+        move_path: header.movePath,
+        chunks,
+      })
+      i = nextIdx
+    } else {
+      i++
+    }
+  }
+
+  return { hunks }
+}
+
+// Apply patch functionality
+export function maybeParseApplyPatch(
+  argv: string[],
+):
+  | { type: MaybeApplyPatch.Body; args: ApplyPatchArgs }
+  | { type: MaybeApplyPatch.PatchParseError; error: Error }
+  | { type: MaybeApplyPatch.NotApplyPatch } {
+  const APPLY_PATCH_COMMANDS = ["apply_patch", "applypatch"]
+
+  // Direct invocation: apply_patch <patch>
+  if (argv.length === 2 && APPLY_PATCH_COMMANDS.includes(argv[0])) {
+    try {
+      const { hunks } = parsePatch(argv[1])
+      return {
+        type: MaybeApplyPatch.Body,
+        args: {
+          patch: argv[1],
+          hunks,
+        },
+      }
+    } catch (error) {
+      return {
+        type: MaybeApplyPatch.PatchParseError,
+        error: error as Error,
+      }
+    }
+  }
+
+  // Bash heredoc form: bash -lc 'apply_patch <<"EOF" ...'
+  if (argv.length === 3 && argv[0] === "bash" && argv[1] === "-lc") {
+    // Simple extraction - in real implementation would need proper bash parsing
+    const script = argv[2]
+    const heredocMatch = script.match(/apply_patch\s*<<['"](\w+)['"]\s*\n([\s\S]*?)\n\1/)
+
+    if (heredocMatch) {
+      const patchContent = heredocMatch[2]
+      try {
+        const { hunks } = parsePatch(patchContent)
+        return {
+          type: MaybeApplyPatch.Body,
+          args: {
+            patch: patchContent,
+            hunks,
+          },
+        }
+      } catch (error) {
+        return {
+          type: MaybeApplyPatch.PatchParseError,
+          error: error as Error,
+        }
+      }
+    }
+  }
+
+  return { type: MaybeApplyPatch.NotApplyPatch }
+}
+
+// File content manipulation
+interface ApplyPatchFileUpdate {
+  unified_diff: string
+  content: string
+}
+
+export function deriveNewContentsFromChunks(filePath: string, chunks: UpdateFileChunk[]): ApplyPatchFileUpdate {
+  // Read original file content
+  let originalContent: string
+  try {
+    originalContent = readFileSync(filePath, "utf-8")
+  } catch (error) {
+    throw new Error(`Failed to read file ${filePath}: ${error}`, { cause: error })
+  }
+
+  let originalLines = originalContent.split("\n")
+
+  // Drop trailing empty element for consistent line counting
+  if (originalLines.length > 0 && originalLines[originalLines.length - 1] === "") {
+    originalLines.pop()
+  }
+
+  const replacements = computeReplacements(originalLines, filePath, chunks)
+  let newLines = applyReplacements(originalLines, replacements)
+
+  // Ensure trailing newline
+  if (newLines.length === 0 || newLines[newLines.length - 1] !== "") {
+    newLines.push("")
+  }
+
+  const newContent = newLines.join("\n")
+
+  // Generate unified diff
+  const unifiedDiff = generateUnifiedDiff(originalContent, newContent)
+
+  return {
+    unified_diff: unifiedDiff,
+    content: newContent,
+  }
+}
+
+function computeReplacements(
+  originalLines: string[],
+  filePath: string,
+  chunks: UpdateFileChunk[],
+): Array<[number, number, string[]]> {
+  const replacements: Array<[number, number, string[]]> = []
+  let lineIndex = 0
+
+  for (const chunk of chunks) {
+    // Handle context-based seeking
+    if (chunk.change_context) {
+      const contextIdx = seekSequence(originalLines, [chunk.change_context], lineIndex)
+      if (contextIdx === -1) {
+        throw new Error(`Failed to find context '${chunk.change_context}' in ${filePath}`)
+      }
+      lineIndex = contextIdx + 1
+    }
+
+    // Handle pure addition (no old lines)
+    if (chunk.old_lines.length === 0) {
+      const insertionIdx =
+        originalLines.length > 0 && originalLines[originalLines.length - 1] === ""
+          ? originalLines.length - 1
+          : originalLines.length
+      replacements.push([insertionIdx, 0, chunk.new_lines])
+      continue
+    }
+
+    // Try to match old lines in the file
+    let pattern = chunk.old_lines
+    let newSlice = chunk.new_lines
+    let found = seekSequence(originalLines, pattern, lineIndex, chunk.is_end_of_file)
+
+    // Retry without trailing empty line if not found
+    if (found === -1 && pattern.length > 0 && pattern[pattern.length - 1] === "") {
+      pattern = pattern.slice(0, -1)
+      if (newSlice.length > 0 && newSlice[newSlice.length - 1] === "") {
+        newSlice = newSlice.slice(0, -1)
+      }
+      found = seekSequence(originalLines, pattern, lineIndex, chunk.is_end_of_file)
+    }
+
+    if (found !== -1) {
+      replacements.push([found, pattern.length, newSlice])
+      lineIndex = found + pattern.length
+    } else {
+      throw new Error(`Failed to find expected lines in ${filePath}:\n${chunk.old_lines.join("\n")}`)
+    }
+  }
+
+  // Sort replacements by index to apply in order
+  replacements.sort((a, b) => a[0] - b[0])
+
+  return replacements
+}
+
+function applyReplacements(lines: string[], replacements: Array<[number, number, string[]]>): string[] {
+  // Apply replacements in reverse order to avoid index shifting
+  const result = [...lines]
+
+  for (let i = replacements.length - 1; i >= 0; i--) {
+    const [startIdx, oldLen, newSegment] = replacements[i]
+
+    // Remove old lines
+    result.splice(startIdx, oldLen)
+
+    // Insert new lines
+    for (let j = 0; j < newSegment.length; j++) {
+      result.splice(startIdx + j, 0, newSegment[j])
+    }
+  }
+
+  return result
+}
+
+// Normalize Unicode punctuation to ASCII equivalents (like Rust's normalize_unicode)
+function normalizeUnicode(str: string): string {
+  return str
+    .replace(/[\u2018\u2019\u201A\u201B]/g, "'") // single quotes
+    .replace(/[\u201C\u201D\u201E\u201F]/g, '"') // double quotes
+    .replace(/[\u2010\u2011\u2012\u2013\u2014\u2015]/g, "-") // dashes
+    .replace(/\u2026/g, "...") // ellipsis
+    .replace(/\u00A0/g, " ") // non-breaking space
+}
+
+type Comparator = (a: string, b: string) => boolean
+
+function tryMatch(lines: string[], pattern: string[], startIndex: number, compare: Comparator, eof: boolean): number {
+  // If EOF anchor, try matching from end of file first
+  if (eof) {
+    const fromEnd = lines.length - pattern.length
+    if (fromEnd >= startIndex) {
+      let matches = true
+      for (let j = 0; j < pattern.length; j++) {
+        if (!compare(lines[fromEnd + j], pattern[j])) {
+          matches = false
+          break
+        }
+      }
+      if (matches) return fromEnd
+    }
+  }
+
+  // Forward search from startIndex
+  for (let i = startIndex; i <= lines.length - pattern.length; i++) {
+    let matches = true
+    for (let j = 0; j < pattern.length; j++) {
+      if (!compare(lines[i + j], pattern[j])) {
+        matches = false
+        break
+      }
+    }
+    if (matches) return i
+  }
+
+  return -1
+}
+
+function seekSequence(lines: string[], pattern: string[], startIndex: number, eof = false): number {
+  if (pattern.length === 0) return -1
+
+  // Pass 1: exact match
+  const exact = tryMatch(lines, pattern, startIndex, (a, b) => a === b, eof)
+  if (exact !== -1) return exact
+
+  // Pass 2: rstrip (trim trailing whitespace)
+  const rstrip = tryMatch(lines, pattern, startIndex, (a, b) => a.trimEnd() === b.trimEnd(), eof)
+  if (rstrip !== -1) return rstrip
+
+  // Pass 3: trim (both ends)
+  const trim = tryMatch(lines, pattern, startIndex, (a, b) => a.trim() === b.trim(), eof)
+  if (trim !== -1) return trim
+
+  // Pass 4: normalized (Unicode punctuation to ASCII)
+  const normalized = tryMatch(
+    lines,
+    pattern,
+    startIndex,
+    (a, b) => normalizeUnicode(a.trim()) === normalizeUnicode(b.trim()),
+    eof,
+  )
+  return normalized
+}
+
+function generateUnifiedDiff(oldContent: string, newContent: string): string {
+  const oldLines = oldContent.split("\n")
+  const newLines = newContent.split("\n")
+
+  // Simple diff generation - in a real implementation you'd use a proper diff algorithm
+  let diff = "@@ -1 +1 @@\n"
+
+  // Find changes (simplified approach)
+  const maxLen = Math.max(oldLines.length, newLines.length)
+  let hasChanges = false
+
+  for (let i = 0; i < maxLen; i++) {
+    const oldLine = oldLines[i] || ""
+    const newLine = newLines[i] || ""
+
+    if (oldLine !== newLine) {
+      if (oldLine) diff += `-${oldLine}\n`
+      if (newLine) diff += `+${newLine}\n`
+      hasChanges = true
+    } else if (oldLine) {
+      diff += ` ${oldLine}\n`
+    }
+  }
+
+  return hasChanges ? diff : ""
+}
+
+// Apply hunks to filesystem
+export async function applyHunksToFiles(hunks: Hunk[]): Promise<AffectedPaths> {
+  if (hunks.length === 0) {
+    throw new Error("No files were modified.")
+  }
+
+  const added: string[] = []
+  const modified: string[] = []
+  const deleted: string[] = []
+
+  for (const hunk of hunks) {
+    switch (hunk.type) {
+      case "add":
+        // Create parent directories
+        const addDir = path.dirname(hunk.path)
+        if (addDir !== "." && addDir !== "/") {
+          await fs.mkdir(addDir, { recursive: true })
+        }
+
+        await fs.writeFile(hunk.path, hunk.contents, "utf-8")
+        added.push(hunk.path)
+        log.info(`Added file: ${hunk.path}`)
+        break
+
+      case "delete":
+        await fs.unlink(hunk.path)
+        deleted.push(hunk.path)
+        log.info(`Deleted file: ${hunk.path}`)
+        break
+
+      case "update":
+        const fileUpdate = deriveNewContentsFromChunks(hunk.path, hunk.chunks)
+
+        if (hunk.move_path) {
+          // Handle file move
+          const moveDir = path.dirname(hunk.move_path)
+          if (moveDir !== "." && moveDir !== "/") {
+            await fs.mkdir(moveDir, { recursive: true })
+          }
+
+          await fs.writeFile(hunk.move_path, fileUpdate.content, "utf-8")
+          await fs.unlink(hunk.path)
+          modified.push(hunk.move_path)
+          log.info(`Moved file: ${hunk.path} -> ${hunk.move_path}`)
+        } else {
+          // Regular update
+          await fs.writeFile(hunk.path, fileUpdate.content, "utf-8")
+          modified.push(hunk.path)
+          log.info(`Updated file: ${hunk.path}`)
+        }
+        break
+    }
+  }
+
+  return { added, modified, deleted }
+}
+
+// Main patch application function
+export async function applyPatch(patchText: string): Promise<AffectedPaths> {
+  const { hunks } = parsePatch(patchText)
+  return applyHunksToFiles(hunks)
+}
+
+// Async version of maybeParseApplyPatchVerified
+export async function maybeParseApplyPatchVerified(
+  argv: string[],
+  cwd: string,
+): Promise<
+  | { type: MaybeApplyPatchVerified.Body; action: ApplyPatchAction }
+  | { type: MaybeApplyPatchVerified.CorrectnessError; error: Error }
+  | { type: MaybeApplyPatchVerified.NotApplyPatch }
+> {
+  // Detect implicit patch invocation (raw patch without apply_patch command)
+  if (argv.length === 1) {
+    try {
+      parsePatch(argv[0])
+      return {
+        type: MaybeApplyPatchVerified.CorrectnessError,
+        error: new Error(ApplyPatchError.ImplicitInvocation),
+      }
+    } catch {
+      // Not a patch, continue
+    }
+  }
+
+  const result = maybeParseApplyPatch(argv)
+
+  switch (result.type) {
+    case MaybeApplyPatch.Body:
+      const { args } = result
+      const effectiveCwd = args.workdir ? path.resolve(cwd, args.workdir) : cwd
+      const changes = new Map<string, ApplyPatchFileChange>()
+
+      for (const hunk of args.hunks) {
+        const resolvedPath = path.resolve(
+          effectiveCwd,
+          hunk.type === "update" && hunk.move_path ? hunk.move_path : hunk.path,
+        )
+
+        switch (hunk.type) {
+          case "add":
+            changes.set(resolvedPath, {
+              type: "add",
+              content: hunk.contents,
+            })
+            break
+
+          case "delete":
+            // For delete, we need to read the current content
+            const deletePath = path.resolve(effectiveCwd, hunk.path)
+            try {
+              const content = await fs.readFile(deletePath, "utf-8")
+              changes.set(resolvedPath, {
+                type: "delete",
+                content,
+              })
+            } catch {
+              return {
+                type: MaybeApplyPatchVerified.CorrectnessError,
+                error: new Error(`Failed to read file for deletion: ${deletePath}`),
+              }
+            }
+            break
+
+          case "update":
+            const updatePath = path.resolve(effectiveCwd, hunk.path)
+            try {
+              const fileUpdate = deriveNewContentsFromChunks(updatePath, hunk.chunks)
+              changes.set(resolvedPath, {
+                type: "update",
+                unified_diff: fileUpdate.unified_diff,
+                move_path: hunk.move_path ? path.resolve(effectiveCwd, hunk.move_path) : undefined,
+                new_content: fileUpdate.content,
+              })
+            } catch (error) {
+              return {
+                type: MaybeApplyPatchVerified.CorrectnessError,
+                error: error as Error,
+              }
+            }
+            break
+        }
+      }
+
+      return {
+        type: MaybeApplyPatchVerified.Body,
+        action: {
+          changes,
+          patch: args.patch,
+          cwd: effectiveCwd,
+        },
+      }
+
+    case MaybeApplyPatch.PatchParseError:
+      return {
+        type: MaybeApplyPatchVerified.CorrectnessError,
+        error: result.error,
+      }
+
+    case MaybeApplyPatch.NotApplyPatch:
+      return { type: MaybeApplyPatchVerified.NotApplyPatch }
+  }
+}
--- a/packages/opencode/src/permission/index.ts
+++ b/packages/opencode/src/permission/index.ts
@@ -1,325 +1 @@
-import { Bus } from "@/bus"
-import { BusEvent } from "@/bus/bus-event"
-import { Config } from "@/config"
-import { InstanceState } from "@/effect/instance-state"
-import { ProjectID } from "@/project/schema"
-import { MessageID, SessionID } from "@/session/schema"
-import { PermissionTable } from "@/session/session.sql"
-import { Database, eq } from "@/storage/db"
-import { zod } from "@/util/effect-zod"
-import { Log } from "@/util/log"
-import { withStatics } from "@/util/schema"
-import { Wildcard } from "@/util/wildcard"
-import { Deferred, Effect, Layer, Schema, Context } from "effect"
-import os from "os"
-import { evaluate as evalRule } from "./evaluate"
-import { PermissionID } from "./schema"
-
-export namespace Permission {
-  const log = Log.create({ service: "permission" })
-
-  export const Action = Schema.Literals(["allow", "deny", "ask"])
-    .annotate({ identifier: "PermissionAction" })
-    .pipe(withStatics((s) => ({ zod: zod(s) })))
-  export type Action = Schema.Schema.Type<typeof Action>
-
-  export class Rule extends Schema.Class<Rule>("PermissionRule")({
-    permission: Schema.String,
-    pattern: Schema.String,
-    action: Action,
-  }) {
-    static readonly zod = zod(this)
-  }
-
-  export const Ruleset = Schema.mutable(Schema.Array(Rule))
-    .annotate({ identifier: "PermissionRuleset" })
-    .pipe(withStatics((s) => ({ zod: zod(s) })))
-  export type Ruleset = Schema.Schema.Type<typeof Ruleset>
-
-  export class Request extends Schema.Class<Request>("PermissionRequest")({
-    id: PermissionID,
-    sessionID: SessionID,
-    permission: Schema.String,
-    patterns: Schema.Array(Schema.String),
-    metadata: Schema.Record(Schema.String, Schema.Unknown),
-    always: Schema.Array(Schema.String),
-    tool: Schema.optional(
-      Schema.Struct({
-        messageID: MessageID,
-        callID: Schema.String,
-      }),
-    ),
-  }) {
-    static readonly zod = zod(this)
-  }
-
-  export const Reply = Schema.Literals(["once", "always", "reject"]).pipe(withStatics((s) => ({ zod: zod(s) })))
-  export type Reply = Schema.Schema.Type<typeof Reply>
-
-  const reply = {
-    reply: Reply,
-    message: Schema.optional(Schema.String),
-  }
-
-  export const ReplyBody = Schema.Struct(reply)
-    .annotate({ identifier: "PermissionReplyBody" })
-    .pipe(withStatics((s) => ({ zod: zod(s) })))
-  export type ReplyBody = Schema.Schema.Type<typeof ReplyBody>
-
-  export class Approval extends Schema.Class<Approval>("PermissionApproval")({
-    projectID: ProjectID,
-    patterns: Schema.Array(Schema.String),
-  }) {
-    static readonly zod = zod(this)
-  }
-
-  export const Event = {
-    Asked: BusEvent.define("permission.asked", Request.zod),
-    Replied: BusEvent.define(
-      "permission.replied",
-      zod(
-        Schema.Struct({
-          sessionID: SessionID,
-          requestID: PermissionID,
-          reply: Reply,
-        }),
-      ),
-    ),
-  }
-
-  export class RejectedError extends Schema.TaggedErrorClass<RejectedError>()("PermissionRejectedError", {}) {
-    override get message() {
-      return "The user rejected permission to use this specific tool call."
-    }
-  }
-
-  export class CorrectedError extends Schema.TaggedErrorClass<CorrectedError>()("PermissionCorrectedError", {
-    feedback: Schema.String,
-  }) {
-    override get message() {
-      return `The user rejected permission to use this specific tool call with the following feedback: ${this.feedback}`
-    }
-  }
-
-  export class DeniedError extends Schema.TaggedErrorClass<DeniedError>()("PermissionDeniedError", {
-    ruleset: Schema.Any,
-  }) {
-    override get message() {
-      return `The user has specified a rule which prevents you from using this specific tool call. Here are some of the relevant rules ${JSON.stringify(this.ruleset)}`
-    }
-  }
-
-  export type Error = DeniedError | RejectedError | CorrectedError
-
-  export const AskInput = Schema.Struct({
-    ...Request.fields,
-    id: Schema.optional(PermissionID),
-    ruleset: Ruleset,
-  })
-    .annotate({ identifier: "PermissionAskInput" })
-    .pipe(withStatics((s) => ({ zod: zod(s) })))
-  export type AskInput = Schema.Schema.Type<typeof AskInput>
-
-  export const ReplyInput = Schema.Struct({
-    requestID: PermissionID,
-    ...reply,
-  })
-    .annotate({ identifier: "PermissionReplyInput" })
-    .pipe(withStatics((s) => ({ zod: zod(s) })))
-  export type ReplyInput = Schema.Schema.Type<typeof ReplyInput>
-
-  export interface Interface {
-    readonly ask: (input: AskInput) => Effect.Effect<void, Error>
-    readonly reply: (input: ReplyInput) => Effect.Effect<void>
-    readonly list: () => Effect.Effect<ReadonlyArray<Request>>
-  }
-
-  interface PendingEntry {
-    info: Request
-    deferred: Deferred.Deferred<void, RejectedError | CorrectedError>
-  }
-
-  interface State {
-    pending: Map<PermissionID, PendingEntry>
-    approved: Ruleset
-  }
-
-  export function evaluate(permission: string, pattern: string, ...rulesets: Ruleset[]): Rule {
-    log.info("evaluate", { permission, pattern, ruleset: rulesets.flat() })
-    return evalRule(permission, pattern, ...rulesets)
-  }
-
-  export class Service extends Context.Service<Service, Interface>()("@opencode/Permission") {}
-
-  export const layer = Layer.effect(
-    Service,
-    Effect.gen(function* () {
-      const bus = yield* Bus.Service
-      const state = yield* InstanceState.make<State>(
-        Effect.fn("Permission.state")(function* (ctx) {
-          const row = Database.use((db) =>
-            db.select().from(PermissionTable).where(eq(PermissionTable.project_id, ctx.project.id)).get(),
-          )
-          const state = {
-            pending: new Map<PermissionID, PendingEntry>(),
-            approved: row?.data ?? [],
-          }
-
-          yield* Effect.addFinalizer(() =>
-            Effect.gen(function* () {
-              for (const item of state.pending.values()) {
-                yield* Deferred.fail(item.deferred, new RejectedError())
-              }
-              state.pending.clear()
-            }),
-          )
-
-          return state
-        }),
-      )
-
-      const ask = Effect.fn("Permission.ask")(function* (input: AskInput) {
-        const { approved, pending } = yield* InstanceState.get(state)
-        const { ruleset, ...request } = input
-        let needsAsk = false
-
-        for (const pattern of request.patterns) {
-          const rule = evaluate(request.permission, pattern, ruleset, approved)
-          log.info("evaluated", { permission: request.permission, pattern, action: rule })
-          if (rule.action === "deny") {
-            return yield* new DeniedError({
-              ruleset: ruleset.filter((rule) => Wildcard.match(request.permission, rule.permission)),
-            })
-          }
-          if (rule.action === "allow") continue
-          needsAsk = true
-        }
-
-        if (!needsAsk) return
-
-        const id = request.id ?? PermissionID.ascending()
-        const info = Schema.decodeUnknownSync(Request)({
-          id,
-          ...request,
-        })
-        log.info("asking", { id, permission: info.permission, patterns: info.patterns })
-
-        const deferred = yield* Deferred.make<void, RejectedError | CorrectedError>()
-        pending.set(id, { info, deferred })
-        yield* bus.publish(Event.Asked, info)
-        return yield* Effect.ensuring(
-          Deferred.await(deferred),
-          Effect.sync(() => {
-            pending.delete(id)
-          }),
-        )
-      })
-
-      const reply = Effect.fn("Permission.reply")(function* (input: ReplyInput) {
-        const { approved, pending } = yield* InstanceState.get(state)
-        const existing = pending.get(input.requestID)
-        if (!existing) return
-
-        pending.delete(input.requestID)
-        yield* bus.publish(Event.Replied, {
-          sessionID: existing.info.sessionID,
-          requestID: existing.info.id,
-          reply: input.reply,
-        })
-
-        if (input.reply === "reject") {
-          yield* Deferred.fail(
-            existing.deferred,
-            input.message ? new CorrectedError({ feedback: input.message }) : new RejectedError(),
-          )
-
-          for (const [id, item] of pending.entries()) {
-            if (item.info.sessionID !== existing.info.sessionID) continue
-            pending.delete(id)
-            yield* bus.publish(Event.Replied, {
-              sessionID: item.info.sessionID,
-              requestID: item.info.id,
-              reply: "reject",
-            })
-            yield* Deferred.fail(item.deferred, new RejectedError())
-          }
-          return
-        }
-
-        yield* Deferred.succeed(existing.deferred, undefined)
-        if (input.reply === "once") return
-
-        for (const pattern of existing.info.always) {
-          approved.push({
-            permission: existing.info.permission,
-            pattern,
-            action: "allow",
-          })
-        }
-
-        for (const [id, item] of pending.entries()) {
-          if (item.info.sessionID !== existing.info.sessionID) continue
-          const ok = item.info.patterns.every(
-            (pattern) => evaluate(item.info.permission, pattern, approved).action === "allow",
-          )
-          if (!ok) continue
-          pending.delete(id)
-          yield* bus.publish(Event.Replied, {
-            sessionID: item.info.sessionID,
-            requestID: item.info.id,
-            reply: "always",
-          })
-          yield* Deferred.succeed(item.deferred, undefined)
-        }
-      })
-
-      const list = Effect.fn("Permission.list")(function* () {
-        const pending = (yield* InstanceState.get(state)).pending
-        return Array.from(pending.values(), (item) => item.info)
-      })
-
-      return Service.of({ ask, reply, list })
-    }),
-  )
-
-  function expand(pattern: string): string {
-    if (pattern.startsWith("~/")) return os.homedir() + pattern.slice(1)
-    if (pattern === "~") return os.homedir()
-    if (pattern.startsWith("$HOME/")) return os.homedir() + pattern.slice(5)
-    if (pattern.startsWith("$HOME")) return os.homedir() + pattern.slice(5)
-    return pattern
-  }
-
-  export function fromConfig(permission: Config.Permission) {
-    const ruleset: Ruleset = []
-    for (const [key, value] of Object.entries(permission)) {
-      if (typeof value === "string") {
-        ruleset.push({ permission: key, action: value, pattern: "*" })
-        continue
-      }
-      ruleset.push(
-        ...Object.entries(value).map(([pattern, action]) => ({ permission: key, pattern: expand(pattern), action })),
-      )
-    }
-    return ruleset
-  }
-
-  export function merge(...rulesets: Ruleset[]): Ruleset {
-    return rulesets.flat()
-  }
-
-  const EDIT_TOOLS = ["edit", "write", "apply_patch", "multiedit"]
-
-  export function disabled(tools: string[], ruleset: Ruleset): Set<string> {
-    const result = new Set<string>()
-    for (const tool of tools) {
-      const permission = EDIT_TOOLS.includes(tool) ? "edit" : tool
-      const rule = ruleset.findLast((rule) => Wildcard.match(permission, rule.permission))
-      if (!rule) continue
-      if (rule.pattern === "*" && rule.action === "deny") result.add(tool)
-    }
-    return result
-  }
-
-  export const defaultLayer = layer.pipe(Layer.provide(Bus.layer))
-}
+export * as Permission from "./permission"
--- a/packages/opencode/src/permission/permission.ts
+++ b/packages/opencode/src/permission/permission.ts
@@ -0,0 +1,323 @@
+import { Bus } from "@/bus"
+import { BusEvent } from "@/bus/bus-event"
+import { Config } from "@/config"
+import { InstanceState } from "@/effect"
+import { ProjectID } from "@/project/schema"
+import { MessageID, SessionID } from "@/session/schema"
+import { PermissionTable } from "@/session/session.sql"
+import { Database, eq } from "@/storage/db"
+import { zod } from "@/util/effect-zod"
+import { Log } from "@/util/log"
+import { withStatics } from "@/util/schema"
+import { Wildcard } from "@/util/wildcard"
+import { Deferred, Effect, Layer, Schema, Context } from "effect"
+import os from "os"
+import { evaluate as evalRule } from "./evaluate"
+import { PermissionID } from "./schema"
+
+const log = Log.create({ service: "permission" })
+
+export const Action = Schema.Literals(["allow", "deny", "ask"])
+  .annotate({ identifier: "PermissionAction" })
+  .pipe(withStatics((s) => ({ zod: zod(s) })))
+export type Action = Schema.Schema.Type<typeof Action>
+
+export class Rule extends Schema.Class<Rule>("PermissionRule")({
+  permission: Schema.String,
+  pattern: Schema.String,
+  action: Action,
+}) {
+  static readonly zod = zod(this)
+}
+
+export const Ruleset = Schema.mutable(Schema.Array(Rule))
+  .annotate({ identifier: "PermissionRuleset" })
+  .pipe(withStatics((s) => ({ zod: zod(s) })))
+export type Ruleset = Schema.Schema.Type<typeof Ruleset>
+
+export class Request extends Schema.Class<Request>("PermissionRequest")({
+  id: PermissionID,
+  sessionID: SessionID,
+  permission: Schema.String,
+  patterns: Schema.Array(Schema.String),
+  metadata: Schema.Record(Schema.String, Schema.Unknown),
+  always: Schema.Array(Schema.String),
+  tool: Schema.optional(
+    Schema.Struct({
+      messageID: MessageID,
+      callID: Schema.String,
+    }),
+  ),
+}) {
+  static readonly zod = zod(this)
+}
+
+export const Reply = Schema.Literals(["once", "always", "reject"]).pipe(withStatics((s) => ({ zod: zod(s) })))
+export type Reply = Schema.Schema.Type<typeof Reply>
+
+const reply = {
+  reply: Reply,
+  message: Schema.optional(Schema.String),
+}
+
+export const ReplyBody = Schema.Struct(reply)
+  .annotate({ identifier: "PermissionReplyBody" })
+  .pipe(withStatics((s) => ({ zod: zod(s) })))
+export type ReplyBody = Schema.Schema.Type<typeof ReplyBody>
+
+export class Approval extends Schema.Class<Approval>("PermissionApproval")({
+  projectID: ProjectID,
+  patterns: Schema.Array(Schema.String),
+}) {
+  static readonly zod = zod(this)
+}
+
+export const Event = {
+  Asked: BusEvent.define("permission.asked", Request.zod),
+  Replied: BusEvent.define(
+    "permission.replied",
+    zod(
+      Schema.Struct({
+        sessionID: SessionID,
+        requestID: PermissionID,
+        reply: Reply,
+      }),
+    ),
+  ),
+}
+
+export class RejectedError extends Schema.TaggedErrorClass<RejectedError>()("PermissionRejectedError", {}) {
+  override get message() {
+    return "The user rejected permission to use this specific tool call."
+  }
+}
+
+export class CorrectedError extends Schema.TaggedErrorClass<CorrectedError>()("PermissionCorrectedError", {
+  feedback: Schema.String,
+}) {
+  override get message() {
+    return `The user rejected permission to use this specific tool call with the following feedback: ${this.feedback}`
+  }
+}
+
+export class DeniedError extends Schema.TaggedErrorClass<DeniedError>()("PermissionDeniedError", {
+  ruleset: Schema.Any,
+}) {
+  override get message() {
+    return `The user has specified a rule which prevents you from using this specific tool call. Here are some of the relevant rules ${JSON.stringify(this.ruleset)}`
+  }
+}
+
+export type Error = DeniedError | RejectedError | CorrectedError
+
+export const AskInput = Schema.Struct({
+  ...Request.fields,
+  id: Schema.optional(PermissionID),
+  ruleset: Ruleset,
+})
+  .annotate({ identifier: "PermissionAskInput" })
+  .pipe(withStatics((s) => ({ zod: zod(s) })))
+export type AskInput = Schema.Schema.Type<typeof AskInput>
+
+export const ReplyInput = Schema.Struct({
+  requestID: PermissionID,
+  ...reply,
+})
+  .annotate({ identifier: "PermissionReplyInput" })
+  .pipe(withStatics((s) => ({ zod: zod(s) })))
+export type ReplyInput = Schema.Schema.Type<typeof ReplyInput>
+
+export interface Interface {
+  readonly ask: (input: AskInput) => Effect.Effect<void, Error>
+  readonly reply: (input: ReplyInput) => Effect.Effect<void>
+  readonly list: () => Effect.Effect<ReadonlyArray<Request>>
+}
+
+interface PendingEntry {
+  info: Request
+  deferred: Deferred.Deferred<void, RejectedError | CorrectedError>
+}
+
+interface State {
+  pending: Map<PermissionID, PendingEntry>
+  approved: Ruleset
+}
+
+export function evaluate(permission: string, pattern: string, ...rulesets: Ruleset[]): Rule {
+  log.info("evaluate", { permission, pattern, ruleset: rulesets.flat() })
+  return evalRule(permission, pattern, ...rulesets)
+}
+
+export class Service extends Context.Service<Service, Interface>()("@opencode/Permission") {}
+
+export const layer = Layer.effect(
+  Service,
+  Effect.gen(function* () {
+    const bus = yield* Bus.Service
+    const state = yield* InstanceState.make<State>(
+      Effect.fn("Permission.state")(function* (ctx) {
+        const row = Database.use((db) =>
+          db.select().from(PermissionTable).where(eq(PermissionTable.project_id, ctx.project.id)).get(),
+        )
+        const state = {
+          pending: new Map<PermissionID, PendingEntry>(),
+          approved: row?.data ?? [],
+        }
+
+        yield* Effect.addFinalizer(() =>
+          Effect.gen(function* () {
+            for (const item of state.pending.values()) {
+              yield* Deferred.fail(item.deferred, new RejectedError())
+            }
+            state.pending.clear()
+          }),
+        )
+
+        return state
+      }),
+    )
+
+    const ask = Effect.fn("Permission.ask")(function* (input: AskInput) {
+      const { approved, pending } = yield* InstanceState.get(state)
+      const { ruleset, ...request } = input
+      let needsAsk = false
+
+      for (const pattern of request.patterns) {
+        const rule = evaluate(request.permission, pattern, ruleset, approved)
+        log.info("evaluated", { permission: request.permission, pattern, action: rule })
+        if (rule.action === "deny") {
+          return yield* new DeniedError({
+            ruleset: ruleset.filter((rule) => Wildcard.match(request.permission, rule.permission)),
+          })
+        }
+        if (rule.action === "allow") continue
+        needsAsk = true
+      }
+
+      if (!needsAsk) return
+
+      const id = request.id ?? PermissionID.ascending()
+      const info = Schema.decodeUnknownSync(Request)({
+        id,
+        ...request,
+      })
+      log.info("asking", { id, permission: info.permission, patterns: info.patterns })
+
+      const deferred = yield* Deferred.make<void, RejectedError | CorrectedError>()
+      pending.set(id, { info, deferred })
+      yield* bus.publish(Event.Asked, info)
+      return yield* Effect.ensuring(
+        Deferred.await(deferred),
+        Effect.sync(() => {
+          pending.delete(id)
+        }),
+      )
+    })
+
+    const reply = Effect.fn("Permission.reply")(function* (input: ReplyInput) {
+      const { approved, pending } = yield* InstanceState.get(state)
+      const existing = pending.get(input.requestID)
+      if (!existing) return
+
+      pending.delete(input.requestID)
+      yield* bus.publish(Event.Replied, {
+        sessionID: existing.info.sessionID,
+        requestID: existing.info.id,
+        reply: input.reply,
+      })
+
+      if (input.reply === "reject") {
+        yield* Deferred.fail(
+          existing.deferred,
+          input.message ? new CorrectedError({ feedback: input.message }) : new RejectedError(),
+        )
+
+        for (const [id, item] of pending.entries()) {
+          if (item.info.sessionID !== existing.info.sessionID) continue
+          pending.delete(id)
+          yield* bus.publish(Event.Replied, {
+            sessionID: item.info.sessionID,
+            requestID: item.info.id,
+            reply: "reject",
+          })
+          yield* Deferred.fail(item.deferred, new RejectedError())
+        }
+        return
+      }
+
+      yield* Deferred.succeed(existing.deferred, undefined)
+      if (input.reply === "once") return
+
+      for (const pattern of existing.info.always) {
+        approved.push({
+          permission: existing.info.permission,
+          pattern,
+          action: "allow",
+        })
+      }
+
+      for (const [id, item] of pending.entries()) {
+        if (item.info.sessionID !== existing.info.sessionID) continue
+        const ok = item.info.patterns.every(
+          (pattern) => evaluate(item.info.permission, pattern, approved).action === "allow",
+        )
+        if (!ok) continue
+        pending.delete(id)
+        yield* bus.publish(Event.Replied, {
+          sessionID: item.info.sessionID,
+          requestID: item.info.id,
+          reply: "always",
+        })
+        yield* Deferred.succeed(item.deferred, undefined)
+      }
+    })
+
+    const list = Effect.fn("Permission.list")(function* () {
+      const pending = (yield* InstanceState.get(state)).pending
+      return Array.from(pending.values(), (item) => item.info)
+    })
+
+    return Service.of({ ask, reply, list })
+  }),
+)
+
+function expand(pattern: string): string {
+  if (pattern.startsWith("~/")) return os.homedir() + pattern.slice(1)
+  if (pattern === "~") return os.homedir()
+  if (pattern.startsWith("$HOME/")) return os.homedir() + pattern.slice(5)
+  if (pattern.startsWith("$HOME")) return os.homedir() + pattern.slice(5)
+  return pattern
+}
+
+export function fromConfig(permission: Config.Permission) {
+  const ruleset: Ruleset = []
+  for (const [key, value] of Object.entries(permission)) {
+    if (typeof value === "string") {
+      ruleset.push({ permission: key, action: value, pattern: "*" })
+      continue
+    }
+    ruleset.push(
+      ...Object.entries(value).map(([pattern, action]) => ({ permission: key, pattern: expand(pattern), action })),
+    )
+  }
+  return ruleset
+}
+
+export function merge(...rulesets: Ruleset[]): Ruleset {
+  return rulesets.flat()
+}
+
+const EDIT_TOOLS = ["edit", "write", "apply_patch", "multiedit"]
+
+export function disabled(tools: string[], ruleset: Ruleset): Set<string> {
+  const result = new Set<string>()
+  for (const tool of tools) {
+    const permission = EDIT_TOOLS.includes(tool) ? "edit" : tool
+    const rule = ruleset.findLast((rule) => Wildcard.match(permission, rule.permission))
+    if (!rule) continue
+    if (rule.pattern === "*" && rule.action === "deny") result.add(tool)
+  }
+  return result
+}
+
+export const defaultLayer = layer.pipe(Layer.provide(Bus.layer))
--- a/packages/opencode/src/plugin/index.ts
+++ b/packages/opencode/src/plugin/index.ts
@@ -1,289 +1 @@
-import type {
-  Hooks,
-  PluginInput,
-  Plugin as PluginInstance,
-  PluginModule,
-  WorkspaceAdaptor as PluginWorkspaceAdaptor,
-} from "@opencode-ai/plugin"
-import { Config } from "../config"
-import { Bus } from "../bus"
-import { Log } from "../util/log"
-import { createOpencodeClient } from "@opencode-ai/sdk"
-import { Flag } from "../flag/flag"
-import { CodexAuthPlugin } from "./codex"
-import { Session } from "../session"
-import { NamedError } from "@opencode-ai/shared/util/error"
-import { CopilotAuthPlugin } from "./github-copilot/copilot"
-import { gitlabAuthPlugin as GitlabAuthPlugin } from "opencode-gitlab-auth"
-import { PoeAuthPlugin } from "opencode-poe-auth"
-import { CloudflareAIGatewayAuthPlugin, CloudflareWorkersAuthPlugin } from "./cloudflare"
-import { Effect, Layer, Context, Stream } from "effect"
-import { EffectBridge } from "@/effect/bridge"
-import { InstanceState } from "@/effect/instance-state"
-import { errorMessage } from "@/util/error"
-import { PluginLoader } from "./loader"
-import { parsePluginSpecifier, readPluginId, readV1Plugin, resolvePluginId } from "./shared"
-import { registerAdaptor } from "@/control-plane/adaptors"
-import type { WorkspaceAdaptor } from "@/control-plane/types"
-
-export namespace Plugin {
-  const log = Log.create({ service: "plugin" })
-
-  type State = {
-    hooks: Hooks[]
-  }
-
-  // Hook names that follow the (input, output) => Promise<void> trigger pattern
-  type TriggerName = {
-    [K in keyof Hooks]-?: NonNullable<Hooks[K]> extends (input: any, output: any) => Promise<void> ? K : never
-  }[keyof Hooks]
-
-  export interface Interface {
-    readonly trigger: <
-      Name extends TriggerName,
-      Input = Parameters<Required<Hooks>[Name]>[0],
-      Output = Parameters<Required<Hooks>[Name]>[1],
-    >(
-      name: Name,
-      input: Input,
-      output: Output,
-    ) => Effect.Effect<Output>
-    readonly list: () => Effect.Effect<Hooks[]>
-    readonly init: () => Effect.Effect<void>
-  }
-
-  export class Service extends Context.Service<Service, Interface>()("@opencode/Plugin") {}
-
-  // Built-in plugins that are directly imported (not installed from npm)
-  const INTERNAL_PLUGINS: PluginInstance[] = [
-    CodexAuthPlugin,
-    CopilotAuthPlugin,
-    GitlabAuthPlugin,
-    PoeAuthPlugin,
-    CloudflareWorkersAuthPlugin,
-    CloudflareAIGatewayAuthPlugin,
-  ]
-
-  function isServerPlugin(value: unknown): value is PluginInstance {
-    return typeof value === "function"
-  }
-
-  function getServerPlugin(value: unknown) {
-    if (isServerPlugin(value)) return value
-    if (!value || typeof value !== "object" || !("server" in value)) return
-    if (!isServerPlugin(value.server)) return
-    return value.server
-  }
-
-  function getLegacyPlugins(mod: Record<string, unknown>) {
-    const seen = new Set<unknown>()
-    const result: PluginInstance[] = []
-
-    for (const entry of Object.values(mod)) {
-      if (seen.has(entry)) continue
-      seen.add(entry)
-      const plugin = getServerPlugin(entry)
-      if (!plugin) throw new TypeError("Plugin export is not a function")
-      result.push(plugin)
-    }
-
-    return result
-  }
-
-  async function applyPlugin(load: PluginLoader.Loaded, input: PluginInput, hooks: Hooks[]) {
-    const plugin = readV1Plugin(load.mod, load.spec, "server", "detect")
-    if (plugin) {
-      await resolvePluginId(load.source, load.spec, load.target, readPluginId(plugin.id, load.spec), load.pkg)
-      hooks.push(await (plugin as PluginModule).server(input, load.options))
-      return
-    }
-
-    for (const server of getLegacyPlugins(load.mod)) {
-      hooks.push(await server(input, load.options))
-    }
-  }
-
-  export const layer = Layer.effect(
-    Service,
-    Effect.gen(function* () {
-      const bus = yield* Bus.Service
-      const config = yield* Config.Service
-
-      const state = yield* InstanceState.make<State>(
-        Effect.fn("Plugin.state")(function* (ctx) {
-          const hooks: Hooks[] = []
-          const bridge = yield* EffectBridge.make()
-
-          function publishPluginError(message: string) {
-            bridge.fork(bus.publish(Session.Event.Error, { error: new NamedError.Unknown({ message }).toObject() }))
-          }
-
-          const { Server } = yield* Effect.promise(() => import("../server/server"))
-
-          const client = createOpencodeClient({
-            baseUrl: "http://localhost:4096",
-            directory: ctx.directory,
-            headers: Flag.OPENCODE_SERVER_PASSWORD
-              ? {
-                  Authorization: `Basic ${Buffer.from(`${Flag.OPENCODE_SERVER_USERNAME ?? "opencode"}:${Flag.OPENCODE_SERVER_PASSWORD}`).toString("base64")}`,
-                }
-              : undefined,
-            fetch: async (...args) => (await Server.Default()).app.fetch(...args),
-          })
-          const cfg = yield* config.get()
-          const input: PluginInput = {
-            client,
-            project: ctx.project,
-            worktree: ctx.worktree,
-            directory: ctx.directory,
-            experimental_workspace: {
-              register(type: string, adaptor: PluginWorkspaceAdaptor) {
-                registerAdaptor(ctx.project.id, type, adaptor as WorkspaceAdaptor)
-              },
-            },
-            get serverUrl(): URL {
-              return Server.url ?? new URL("http://localhost:4096")
-            },
-            // @ts-expect-error
-            $: typeof Bun === "undefined" ? undefined : Bun.$,
-          }
-
-          for (const plugin of INTERNAL_PLUGINS) {
-            log.info("loading internal plugin", { name: plugin.name })
-            const init = yield* Effect.tryPromise({
-              try: () => plugin(input),
-              catch: (err) => {
-                log.error("failed to load internal plugin", { name: plugin.name, error: err })
-              },
-            }).pipe(Effect.option)
-            if (init._tag === "Some") hooks.push(init.value)
-          }
-
-          const plugins = Flag.OPENCODE_PURE ? [] : (cfg.plugin_origins ?? [])
-          if (Flag.OPENCODE_PURE && cfg.plugin_origins?.length) {
-            log.info("skipping external plugins in pure mode", { count: cfg.plugin_origins.length })
-          }
-          if (plugins.length) yield* config.waitForDependencies()
-
-          const loaded = yield* Effect.promise(() =>
-            PluginLoader.loadExternal({
-              items: plugins,
-              kind: "server",
-              report: {
-                start(candidate) {
-                  log.info("loading plugin", { path: candidate.plan.spec })
-                },
-                missing(candidate, _retry, message) {
-                  log.warn("plugin has no server entrypoint", { path: candidate.plan.spec, message })
-                },
-                error(candidate, _retry, stage, error, resolved) {
-                  const spec = candidate.plan.spec
-                  const cause = error instanceof Error ? (error.cause ?? error) : error
-                  const message = stage === "load" ? errorMessage(error) : errorMessage(cause)
-
-                  if (stage === "install") {
-                    const parsed = parsePluginSpecifier(spec)
-                    log.error("failed to install plugin", { pkg: parsed.pkg, version: parsed.version, error: message })
-                    publishPluginError(`Failed to install plugin ${parsed.pkg}@${parsed.version}: ${message}`)
-                    return
-                  }
-
-                  if (stage === "compatibility") {
-                    log.warn("plugin incompatible", { path: spec, error: message })
-                    publishPluginError(`Plugin ${spec} skipped: ${message}`)
-                    return
-                  }
-
-                  if (stage === "entry") {
-                    log.error("failed to resolve plugin server entry", { path: spec, error: message })
-                    publishPluginError(`Failed to load plugin ${spec}: ${message}`)
-                    return
-                  }
-
-                  log.error("failed to load plugin", { path: spec, target: resolved?.entry, error: message })
-                  publishPluginError(`Failed to load plugin ${spec}: ${message}`)
-                },
-              },
-            }),
-          )
-          for (const load of loaded) {
-            if (!load) continue
-
-            // Keep plugin execution sequential so hook registration and execution
-            // order remains deterministic across plugin runs.
-            yield* Effect.tryPromise({
-              try: () => applyPlugin(load, input, hooks),
-              catch: (err) => {
-                const message = errorMessage(err)
-                log.error("failed to load plugin", { path: load.spec, error: message })
-                return message
-              },
-            }).pipe(
-              Effect.catch(() => {
-                // TODO: make proper events for this
-                // bus.publish(Session.Event.Error, {
-                //   error: new NamedError.Unknown({
-                //     message: `Failed to load plugin ${load.spec}: ${message}`,
-                //   }).toObject(),
-                // })
-                return Effect.void
-              }),
-            )
-          }
-
-          // Notify plugins of current config
-          for (const hook of hooks) {
-            yield* Effect.tryPromise({
-              try: () => Promise.resolve((hook as any).config?.(cfg)),
-              catch: (err) => {
-                log.error("plugin config hook failed", { error: err })
-              },
-            }).pipe(Effect.ignore)
-          }
-
-          // Subscribe to bus events, fiber interrupted when scope closes
-          yield* bus.subscribeAll().pipe(
-            Stream.runForEach((input) =>
-              Effect.sync(() => {
-                for (const hook of hooks) {
-                  hook["event"]?.({ event: input as any })
-                }
-              }),
-            ),
-            Effect.forkScoped,
-          )
-
-          return { hooks }
-        }),
-      )
-
-      const trigger = Effect.fn("Plugin.trigger")(function* <
-        Name extends TriggerName,
-        Input = Parameters<Required<Hooks>[Name]>[0],
-        Output = Parameters<Required<Hooks>[Name]>[1],
-      >(name: Name, input: Input, output: Output) {
-        if (!name) return output
-        const s = yield* InstanceState.get(state)
-        for (const hook of s.hooks) {
-          const fn = hook[name] as any
-          if (!fn) continue
-          yield* Effect.promise(async () => fn(input, output))
-        }
-        return output
-      })
-
-      const list = Effect.fn("Plugin.list")(function* () {
-        const s = yield* InstanceState.get(state)
-        return s.hooks
-      })
-
-      const init = Effect.fn("Plugin.init")(function* () {
-        yield* InstanceState.get(state)
-      })
-
-      return Service.of({ trigger, list, init })
-    }),
-  )
-
-  export const defaultLayer = layer.pipe(Layer.provide(Bus.layer), Layer.provide(Config.defaultLayer))
-}
+export * as Plugin from "./plugin"
--- a/packages/opencode/src/plugin/plugin.ts
+++ b/packages/opencode/src/plugin/plugin.ts
@@ -0,0 +1,287 @@
+import type {
+  Hooks,
+  PluginInput,
+  Plugin as PluginInstance,
+  PluginModule,
+  WorkspaceAdaptor as PluginWorkspaceAdaptor,
+} from "@opencode-ai/plugin"
+import { Config } from "../config"
+import { Bus } from "../bus"
+import { Log } from "../util/log"
+import { createOpencodeClient } from "@opencode-ai/sdk"
+import { Flag } from "../flag/flag"
+import { CodexAuthPlugin } from "./codex"
+import { Session } from "../session"
+import { NamedError } from "@opencode-ai/shared/util/error"
+import { CopilotAuthPlugin } from "./github-copilot/copilot"
+import { gitlabAuthPlugin as GitlabAuthPlugin } from "opencode-gitlab-auth"
+import { PoeAuthPlugin } from "opencode-poe-auth"
+import { CloudflareAIGatewayAuthPlugin, CloudflareWorkersAuthPlugin } from "./cloudflare"
+import { Effect, Layer, Context, Stream } from "effect"
+import { EffectBridge } from "@/effect"
+import { InstanceState } from "@/effect"
+import { errorMessage } from "@/util/error"
+import { PluginLoader } from "./loader"
+import { parsePluginSpecifier, readPluginId, readV1Plugin, resolvePluginId } from "./shared"
+import { registerAdaptor } from "@/control-plane/adaptors"
+import type { WorkspaceAdaptor } from "@/control-plane/types"
+
+const log = Log.create({ service: "plugin" })
+
+type State = {
+  hooks: Hooks[]
+}
+
+// Hook names that follow the (input, output) => Promise<void> trigger pattern
+type TriggerName = {
+  [K in keyof Hooks]-?: NonNullable<Hooks[K]> extends (input: any, output: any) => Promise<void> ? K : never
+}[keyof Hooks]
+
+export interface Interface {
+  readonly trigger: <
+    Name extends TriggerName,
+    Input = Parameters<Required<Hooks>[Name]>[0],
+    Output = Parameters<Required<Hooks>[Name]>[1],
+  >(
+    name: Name,
+    input: Input,
+    output: Output,
+  ) => Effect.Effect<Output>
+  readonly list: () => Effect.Effect<Hooks[]>
+  readonly init: () => Effect.Effect<void>
+}
+
+export class Service extends Context.Service<Service, Interface>()("@opencode/Plugin") {}
+
+// Built-in plugins that are directly imported (not installed from npm)
+const INTERNAL_PLUGINS: PluginInstance[] = [
+  CodexAuthPlugin,
+  CopilotAuthPlugin,
+  GitlabAuthPlugin,
+  PoeAuthPlugin,
+  CloudflareWorkersAuthPlugin,
+  CloudflareAIGatewayAuthPlugin,
+]
+
+function isServerPlugin(value: unknown): value is PluginInstance {
+  return typeof value === "function"
+}
+
+function getServerPlugin(value: unknown) {
+  if (isServerPlugin(value)) return value
+  if (!value || typeof value !== "object" || !("server" in value)) return
+  if (!isServerPlugin(value.server)) return
+  return value.server
+}
+
+function getLegacyPlugins(mod: Record<string, unknown>) {
+  const seen = new Set<unknown>()
+  const result: PluginInstance[] = []
+
+  for (const entry of Object.values(mod)) {
+    if (seen.has(entry)) continue
+    seen.add(entry)
+    const plugin = getServerPlugin(entry)
+    if (!plugin) throw new TypeError("Plugin export is not a function")
+    result.push(plugin)
+  }
+
+  return result
+}
+
+async function applyPlugin(load: PluginLoader.Loaded, input: PluginInput, hooks: Hooks[]) {
+  const plugin = readV1Plugin(load.mod, load.spec, "server", "detect")
+  if (plugin) {
+    await resolvePluginId(load.source, load.spec, load.target, readPluginId(plugin.id, load.spec), load.pkg)
+    hooks.push(await (plugin as PluginModule).server(input, load.options))
+    return
+  }
+
+  for (const server of getLegacyPlugins(load.mod)) {
+    hooks.push(await server(input, load.options))
+  }
+}
+
+export const layer = Layer.effect(
+  Service,
+  Effect.gen(function* () {
+    const bus = yield* Bus.Service
+    const config = yield* Config.Service
+
+    const state = yield* InstanceState.make<State>(
+      Effect.fn("Plugin.state")(function* (ctx) {
+        const hooks: Hooks[] = []
+        const bridge = yield* EffectBridge.make()
+
+        function publishPluginError(message: string) {
+          bridge.fork(bus.publish(Session.Event.Error, { error: new NamedError.Unknown({ message }).toObject() }))
+        }
+
+        const { Server } = yield* Effect.promise(() => import("../server/server"))
+
+        const client = createOpencodeClient({
+          baseUrl: "http://localhost:4096",
+          directory: ctx.directory,
+          headers: Flag.OPENCODE_SERVER_PASSWORD
+            ? {
+                Authorization: `Basic ${Buffer.from(`${Flag.OPENCODE_SERVER_USERNAME ?? "opencode"}:${Flag.OPENCODE_SERVER_PASSWORD}`).toString("base64")}`,
+              }
+            : undefined,
+          fetch: async (...args) => (await Server.Default()).app.fetch(...args),
+        })
+        const cfg = yield* config.get()
+        const input: PluginInput = {
+          client,
+          project: ctx.project,
+          worktree: ctx.worktree,
+          directory: ctx.directory,
+          experimental_workspace: {
+            register(type: string, adaptor: PluginWorkspaceAdaptor) {
+              registerAdaptor(ctx.project.id, type, adaptor as WorkspaceAdaptor)
+            },
+          },
+          get serverUrl(): URL {
+            return Server.url ?? new URL("http://localhost:4096")
+          },
+          // @ts-expect-error
+          $: typeof Bun === "undefined" ? undefined : Bun.$,
+        }
+
+        for (const plugin of INTERNAL_PLUGINS) {
+          log.info("loading internal plugin", { name: plugin.name })
+          const init = yield* Effect.tryPromise({
+            try: () => plugin(input),
+            catch: (err) => {
+              log.error("failed to load internal plugin", { name: plugin.name, error: err })
+            },
+          }).pipe(Effect.option)
+          if (init._tag === "Some") hooks.push(init.value)
+        }
+
+        const plugins = Flag.OPENCODE_PURE ? [] : (cfg.plugin_origins ?? [])
+        if (Flag.OPENCODE_PURE && cfg.plugin_origins?.length) {
+          log.info("skipping external plugins in pure mode", { count: cfg.plugin_origins.length })
+        }
+        if (plugins.length) yield* config.waitForDependencies()
+
+        const loaded = yield* Effect.promise(() =>
+          PluginLoader.loadExternal({
+            items: plugins,
+            kind: "server",
+            report: {
+              start(candidate) {
+                log.info("loading plugin", { path: candidate.plan.spec })
+              },
+              missing(candidate, _retry, message) {
+                log.warn("plugin has no server entrypoint", { path: candidate.plan.spec, message })
+              },
+              error(candidate, _retry, stage, error, resolved) {
+                const spec = candidate.plan.spec
+                const cause = error instanceof Error ? (error.cause ?? error) : error
+                const message = stage === "load" ? errorMessage(error) : errorMessage(cause)
+
+                if (stage === "install") {
+                  const parsed = parsePluginSpecifier(spec)
+                  log.error("failed to install plugin", { pkg: parsed.pkg, version: parsed.version, error: message })
+                  publishPluginError(`Failed to install plugin ${parsed.pkg}@${parsed.version}: ${message}`)
+                  return
+                }
+
+                if (stage === "compatibility") {
+                  log.warn("plugin incompatible", { path: spec, error: message })
+                  publishPluginError(`Plugin ${spec} skipped: ${message}`)
+                  return
+                }
+
+                if (stage === "entry") {
+                  log.error("failed to resolve plugin server entry", { path: spec, error: message })
+                  publishPluginError(`Failed to load plugin ${spec}: ${message}`)
+                  return
+                }
+
+                log.error("failed to load plugin", { path: spec, target: resolved?.entry, error: message })
+                publishPluginError(`Failed to load plugin ${spec}: ${message}`)
+              },
+            },
+          }),
+        )
+        for (const load of loaded) {
+          if (!load) continue
+
+          // Keep plugin execution sequential so hook registration and execution
+          // order remains deterministic across plugin runs.
+          yield* Effect.tryPromise({
+            try: () => applyPlugin(load, input, hooks),
+            catch: (err) => {
+              const message = errorMessage(err)
+              log.error("failed to load plugin", { path: load.spec, error: message })
+              return message
+            },
+          }).pipe(
+            Effect.catch(() => {
+              // TODO: make proper events for this
+              // bus.publish(Session.Event.Error, {
+              //   error: new NamedError.Unknown({
+              //     message: `Failed to load plugin ${load.spec}: ${message}`,
+              //   }).toObject(),
+              // })
+              return Effect.void
+            }),
+          )
+        }
+
+        // Notify plugins of current config
+        for (const hook of hooks) {
+          yield* Effect.tryPromise({
+            try: () => Promise.resolve((hook as any).config?.(cfg)),
+            catch: (err) => {
+              log.error("plugin config hook failed", { error: err })
+            },
+          }).pipe(Effect.ignore)
+        }
+
+        // Subscribe to bus events, fiber interrupted when scope closes
+        yield* bus.subscribeAll().pipe(
+          Stream.runForEach((input) =>
+            Effect.sync(() => {
+              for (const hook of hooks) {
+                hook["event"]?.({ event: input as any })
+              }
+            }),
+          ),
+          Effect.forkScoped,
+        )
+
+        return { hooks }
+      }),
+    )
+
+    const trigger = Effect.fn("Plugin.trigger")(function* <
+      Name extends TriggerName,
+      Input = Parameters<Required<Hooks>[Name]>[0],
+      Output = Parameters<Required<Hooks>[Name]>[1],
+    >(name: Name, input: Input, output: Output) {
+      if (!name) return output
+      const s = yield* InstanceState.get(state)
+      for (const hook of s.hooks) {
+        const fn = hook[name] as any
+        if (!fn) continue
+        yield* Effect.promise(async () => fn(input, output))
+      }
+      return output
+    })
+
+    const list = Effect.fn("Plugin.list")(function* () {
+      const s = yield* InstanceState.get(state)
+      return s.hooks
+    })
+
+    const init = Effect.fn("Plugin.init")(function* () {
+      yield* InstanceState.get(state)
+    })
+
+    return Service.of({ trigger, list, init })
+  }),
+)
+
+export const defaultLayer = layer.pipe(Layer.provide(Bus.layer), Layer.provide(Config.defaultLayer))
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Kit Langton	1170776f8c	feat: unwrap project namespaces to flat exports + barrel	2026-04-15 23:14:54 -04:00
Kit Langton	b0eae5e12f	feat: bridge permission and provider auth routes behind OPENCODE_EXPERIMENTAL_HTTPAPI (#22736 )	2026-04-15 23:02:48 -04:00
Kit Langton	702f741267	feat: enable oxlint suspicious category, fix 24 violations (#22727 )	2026-04-16 02:53:10 +00:00
Kit Langton	665a843086	feat: unwrap Archive namespace to flat exports + barrel (#22722 )	2026-04-16 02:52:34 +00:00
Kit Langton	1508196c0f	feat: bridge question routes from Hono to Effect HttpApi (#22718 )	2026-04-15 22:50:22 -04:00
opencode-agent[bot]	f6243603f8	chore: generate	2026-04-16 02:46:39 +00:00
Kit Langton	379e40d772	feat: unwrap InstanceState + EffectBridge namespaces to flat exports + barrel (#22721 )	2026-04-16 02:45:45 +00:00
Kit Langton	6c7e9f6f3a	refactor: migrate Effect call sites from Flock to EffectFlock (#22688 )	2026-04-16 02:39:59 +00:00
opencode-agent[bot]	48f88af9aa	chore: update nix node_modules hashes	2026-04-16 02:39:40 +00:00
Kit Langton	60c927cf4f	feat: unwrap Pty namespace to flat exports + barrel (#22719 )	2026-04-16 02:21:46 +00:00
opencode-agent[bot]	069cef8a44	chore: generate	2026-04-16 02:18:58 +00:00
Kit Langton	cf423d2769	fix: remove 10 unused type-only imports and declarations (#22696 )	2026-04-16 02:17:59 +00:00
Kit Langton	62ddb9d3ad	feat: unwrap uskill namespace to flat exports + barrel (#22714 )	2026-04-16 02:17:19 +00:00
Kit Langton	0b975b01fb	feat: unwrap ugit namespace to flat exports + barrel (#22704 )	2026-04-16 02:16:42 +00:00
Kit Langton	bb90aa6cb2	feat: unwrap uworktree namespace to flat exports + barrel (#22717 )	2026-04-16 02:16:17 +00:00
Kit Langton	ce4e47a2e3	feat: unwrap uformat namespace to flat exports + barrel (#22703 )	2026-04-16 02:16:01 +00:00
Kit Langton	e3677c2ba2	feat: unwrap upatch namespace to flat exports + barrel (#22709 )	2026-04-16 02:15:58 +00:00
Kit Langton	a653a4b887	feat: unwrap usync namespace to flat exports + barrel (#22716 )	2026-04-16 02:15:46 +00:00
Kit Langton	f7edffc11a	feat: unwrap uglobal namespace to flat exports + barrel (#22705 )	2026-04-16 02:15:36 +00:00
Kit Langton	dc16488bd7	feat: unwrap uide namespace to flat exports + barrel (#22706 )	2026-04-16 02:15:21 +00:00
Kit Langton	d7a072dd46	feat: unwrap usnapshot namespace to flat exports + barrel (#22715 )	2026-04-16 02:15:20 +00:00
Kit Langton	5ae91aa810	feat: unwrap uplugin namespace to flat exports + barrel (#22711 )	2026-04-16 02:15:19 +00:00
Kit Langton	18538e359b	feat: unwrap usession namespace to flat exports + barrel (#22713 )	2026-04-16 02:15:17 +00:00
Kit Langton	47577ae857	feat: unwrap upermission namespace to flat exports + barrel (#22710 )	2026-04-16 02:14:59 +00:00
Kit Langton	d22b5f026d	feat: unwrap unpm namespace to flat exports + barrel (#22708 )	2026-04-16 02:14:44 +00:00
Kit Langton	26cdbc20b2	feat: unwrap ufile namespace to flat exports + barrel (#22702 )	2026-04-16 02:14:37 +00:00
Kit Langton	360d8dd940	feat: unwrap uinstallation namespace to flat exports + barrel (#22707 )	2026-04-16 02:14:34 +00:00
Kit Langton	426815a829	feat: unwrap ucommand namespace to flat exports + barrel (#22700 )	2026-04-16 02:14:18 +00:00
Kit Langton	c6286d1bb9	feat: unwrap uenv namespace to flat exports + barrel (#22701 )	2026-04-16 02:14:14 +00:00
Kit Langton	710c81984a	feat: unwrap uauth namespace to flat exports + barrel (#22699 )	2026-04-16 02:13:56 +00:00
Kit Langton	a1dbfb5967	feat: unwrap uaccount namespace to flat exports + barrel (#22698 )	2026-04-16 02:13:33 +00:00
opencode-agent[bot]	64cc4623b5	chore: generate	2026-04-16 02:08:47 +00:00
Kit Langton	5eae926846	add experimental provider auth HttpApi slice (#22389 )	2026-04-16 02:07:42 +00:00
Kit Langton	cce05c1665	fix: clean up 49 unused variables, catch params, and stale imports (#22695 )	2026-04-16 02:01:53 +00:00
Kit Langton	34213d4446	fix: delete 9 dead functions with zero callers (#22697 )	2026-04-16 02:01:02 +00:00
opencode-agent[bot]	70aeebf2df	chore: generate	2026-04-16 01:57:23 +00:00
Kit Langton	d6b14e2467	fix: prefix 32 unused parameters with underscore (#22694 )	2026-04-15 21:56:23 -04:00
Kit Langton	6625766350	feat: unwrap MCP namespace to flat exports + barrel (#22693 )	2026-04-16 01:56:02 +00:00
opencode-agent[bot]	7baf998752	chore: generate	2026-04-16 01:45:44 +00:00
Kit Langton	1d81335ab5	feat: unwrap Provider namespace + improved automation script (#22690 )	2026-04-15 21:44:46 -04:00