fix: scope Npm.add() lock to per-package key

Use npm-install:${pkg} instead of a global npm-install lock so concurrent installs of different packages can run in parallel.
chore: extract node entry point into #18324
2026-03-20 05:34:45 +00:00 · 2026-03-19 21:48:43 -04:00 · 2026-03-19 21:30:35 -04:00 · 2026-03-19 21:22:28 -04:00 · 2026-03-19 21:22:06 -04:00 · 2026-03-19 21:21:55 -04:00
21 changed files with 864 additions and 521 deletions
--- a/README.md
+++ b/README.md
@@ -128,7 +128,7 @@ If you are working on a project that's related to OpenCode and is using "opencod

 #### How is this different from Claude Code?

-It's very similar to Claude Code in terms of capability. Here are the key differences:
+It's very similar to Claude Code in terms of capability. Here are the key differences::

 - 100% open source
 - Not coupled to any provider. Although we recommend the models we provide through [OpenCode Zen](https://opencode.ai/zen), OpenCode can be used with Claude, OpenAI, Google, or even local models. As models evolve, the gaps between them will close and pricing will drop, so being provider-agnostic is important.
--- a/bun.lock
+++ b/bun.lock
--- a/packages/opencode/package.json
+++ b/packages/opencode/package.json
@@ -89,8 +89,11 @@
    "@ai-sdk/xai": "2.0.51",
    "@aws-sdk/credential-providers": "3.993.0",
    "@clack/prompts": "1.0.0-alpha.1",
+    "@effect/platform-node": "catalog:",
    "@gitlab/gitlab-ai-provider": "3.6.0",
    "@gitlab/opencode-gitlab-auth": "1.3.3",
+    "@hono/node-server": "1.19.11",
+    "@hono/node-ws": "1.3.0",
    "@hono/standard-validator": "0.1.5",
    "@hono/zod-validator": "catalog:",
    "@modelcontextprotocol/sdk": "1.25.2",
@@ -104,7 +107,6 @@
    "@openrouter/ai-sdk-provider": "1.5.4",
    "@opentui/core": "0.1.87",
    "@opentui/solid": "0.1.87",
-    "@effect/platform-node": "catalog:",
    "@parcel/watcher": "2.5.1",
    "@pierre/diffs": "catalog:",
    "@solid-primitives/event-bus": "1.1.2",
--- a/packages/opencode/src/cli/cmd/acp.ts
+++ b/packages/opencode/src/cli/cmd/acp.ts
@@ -23,7 +23,7 @@ export const AcpCommand = cmd({
    process.env.OPENCODE_CLIENT = "acp"
    await bootstrap(process.cwd(), async () => {
      const opts = await resolveNetworkOptions(args)
-      const server = Server.listen(opts)
+      const server = await Server.listen(opts)

      const sdk = createOpencodeClient({
        baseUrl: `http://${server.hostname}:${server.port}`,
--- a/packages/opencode/src/cli/cmd/serve.ts
+++ b/packages/opencode/src/cli/cmd/serve.ts
@@ -15,7 +15,7 @@ export const ServeCommand = cmd({
      console.log("Warning: OPENCODE_SERVER_PASSWORD is not set; server is unsecured.")
    }
    const opts = await resolveNetworkOptions(args)
-    const server = Server.listen(opts)
+    const server = await Server.listen(opts)
    console.log(`opencode server listening on http://${server.hostname}:${server.port}`)

    await new Promise(() => {})
--- a/packages/opencode/src/cli/cmd/web.ts
+++ b/packages/opencode/src/cli/cmd/web.ts
@@ -37,7 +37,7 @@ export const WebCommand = cmd({
      UI.println(UI.Style.TEXT_WARNING_BOLD + "!  " + "OPENCODE_SERVER_PASSWORD is not set; server is unsecured.")
    }
    const opts = await resolveNetworkOptions(args)
-    const server = Server.listen(opts)
+    const server = await Server.listen(opts)
    UI.empty()
    UI.println(UI.logo("  "))
    UI.empty()
--- a/packages/opencode/src/control-plane/workspace-server/server.ts
+++ b/packages/opencode/src/control-plane/workspace-server/server.ts
@@ -1,3 +1,4 @@
+import { createAdaptorServer } from "@hono/node-server"
 import { Hono } from "hono"
 import { Instance } from "../../project/instance"
 import { InstanceBootstrap } from "../../project/bootstrap"
@@ -56,10 +57,24 @@ export namespace WorkspaceServer {
  }

  export function Listen(opts: { hostname: string; port: number }) {
-    return Bun.serve({
-      hostname: opts.hostname,
-      port: opts.port,
+    const server = createAdaptorServer({
      fetch: App().fetch,
    })
+    server.listen(opts.port, opts.hostname)
+    return {
+      hostname: opts.hostname,
+      port: opts.port,
+      stop() {
+        return new Promise<void>((resolve, reject) => {
+          server.close((err) => {
+            if (err) {
+              reject(err)
+              return
+            }
+            resolve()
+          })
+        })
+      },
+    }
  }
 }
--- a/packages/opencode/src/global/index.ts
+++ b/packages/opencode/src/global/index.ts
@@ -18,7 +18,7 @@ export namespace Global {
      return process.env.OPENCODE_TEST_HOME || os.homedir()
    },
    data,
-    bin: path.join(data, "bin"),
+    bin: path.join(cache, "bin"),
    log: path.join(data, "log"),
    cache,
    config,
--- a/packages/opencode/src/mcp/index.ts
+++ b/packages/opencode/src/mcp/index.ts
@@ -11,6 +11,7 @@ import {
 } from "@modelcontextprotocol/sdk/types.js"
 import { Config } from "../config/config"
 import { Log } from "../util/log"
+import { Process } from "../util/process"
 import { NamedError } from "@opencode-ai/util/error"
 import z from "zod/v4"
 import { Instance } from "../project/instance"
@@ -166,14 +167,10 @@ export namespace MCP {
    const queue = [pid]
    while (queue.length > 0) {
      const current = queue.shift()!
-      const proc = Bun.spawn(["pgrep", "-P", String(current)], { stdout: "pipe", stderr: "pipe" })
-      const [code, out] = await Promise.all([proc.exited, new Response(proc.stdout).text()]).catch(
-        () => [-1, ""] as const,
-      )
-      if (code !== 0) continue
-      for (const tok of out.trim().split(/\s+/)) {
+      const lines = await Process.lines(["pgrep", "-P", String(current)], { nothrow: true })
+      for (const tok of lines) {
        const cpid = parseInt(tok, 10)
-        if (!isNaN(cpid) && pids.indexOf(cpid) === -1) {
+        if (!isNaN(cpid) && !pids.includes(cpid)) {
          pids.push(cpid)
          queue.push(cpid)
        }
--- a/packages/opencode/src/mcp/oauth-callback.ts
+++ b/packages/opencode/src/mcp/oauth-callback.ts
@@ -1,4 +1,5 @@
 import { createConnection } from "net"
+import { createServer } from "http"
 import { Log } from "../util/log"
 import { OAUTH_CALLBACK_PORT, OAUTH_CALLBACK_PATH } from "./oauth-provider"

@@ -52,11 +53,74 @@ interface PendingAuth {
 }

 export namespace McpOAuthCallback {
-  let server: ReturnType<typeof Bun.serve> | undefined
+  let server: ReturnType<typeof createServer> | undefined
  const pendingAuths = new Map<string, PendingAuth>()

  const CALLBACK_TIMEOUT_MS = 5 * 60 * 1000 // 5 minutes

+  function handleRequest(req: import("http").IncomingMessage, res: import("http").ServerResponse) {
+    const url = new URL(req.url || "/", `http://localhost:${OAUTH_CALLBACK_PORT}`)
+
+    if (url.pathname !== OAUTH_CALLBACK_PATH) {
+      res.writeHead(404)
+      res.end("Not found")
+      return
+    }
+
+    const code = url.searchParams.get("code")
+    const state = url.searchParams.get("state")
+    const error = url.searchParams.get("error")
+    const errorDescription = url.searchParams.get("error_description")
+
+    log.info("received oauth callback", { hasCode: !!code, state, error })
+
+    // Enforce state parameter presence
+    if (!state) {
+      const errorMsg = "Missing required state parameter - potential CSRF attack"
+      log.error("oauth callback missing state parameter", { url: url.toString() })
+      res.writeHead(400, { "Content-Type": "text/html" })
+      res.end(HTML_ERROR(errorMsg))
+      return
+    }
+
+    if (error) {
+      const errorMsg = errorDescription || error
+      if (pendingAuths.has(state)) {
+        const pending = pendingAuths.get(state)!
+        clearTimeout(pending.timeout)
+        pendingAuths.delete(state)
+        pending.reject(new Error(errorMsg))
+      }
+      res.writeHead(200, { "Content-Type": "text/html" })
+      res.end(HTML_ERROR(errorMsg))
+      return
+    }
+
+    if (!code) {
+      res.writeHead(400, { "Content-Type": "text/html" })
+      res.end(HTML_ERROR("No authorization code provided"))
+      return
+    }
+
+    // Validate state parameter
+    if (!pendingAuths.has(state)) {
+      const errorMsg = "Invalid or expired state parameter - potential CSRF attack"
+      log.error("oauth callback with invalid state", { state, pendingStates: Array.from(pendingAuths.keys()) })
+      res.writeHead(400, { "Content-Type": "text/html" })
+      res.end(HTML_ERROR(errorMsg))
+      return
+    }
+
+    const pending = pendingAuths.get(state)!
+
+    clearTimeout(pending.timeout)
+    pendingAuths.delete(state)
+    pending.resolve(code)
+
+    res.writeHead(200, { "Content-Type": "text/html" })
+    res.end(HTML_SUCCESS)
+  }
+
  export async function ensureRunning(): Promise<void> {
    if (server) return

@@ -66,75 +130,14 @@ export namespace McpOAuthCallback {
      return
    }

-    server = Bun.serve({
-      port: OAUTH_CALLBACK_PORT,
-      fetch(req) {
-        const url = new URL(req.url)
-
-        if (url.pathname !== OAUTH_CALLBACK_PATH) {
-          return new Response("Not found", { status: 404 })
-        }
-
-        const code = url.searchParams.get("code")
-        const state = url.searchParams.get("state")
-        const error = url.searchParams.get("error")
-        const errorDescription = url.searchParams.get("error_description")
-
-        log.info("received oauth callback", { hasCode: !!code, state, error })
-
-        // Enforce state parameter presence
-        if (!state) {
-          const errorMsg = "Missing required state parameter - potential CSRF attack"
-          log.error("oauth callback missing state parameter", { url: url.toString() })
-          return new Response(HTML_ERROR(errorMsg), {
-            status: 400,
-            headers: { "Content-Type": "text/html" },
-          })
-        }
-
-        if (error) {
-          const errorMsg = errorDescription || error
-          if (pendingAuths.has(state)) {
-            const pending = pendingAuths.get(state)!
-            clearTimeout(pending.timeout)
-            pendingAuths.delete(state)
-            pending.reject(new Error(errorMsg))
-          }
-          return new Response(HTML_ERROR(errorMsg), {
-            headers: { "Content-Type": "text/html" },
-          })
-        }
-
-        if (!code) {
-          return new Response(HTML_ERROR("No authorization code provided"), {
-            status: 400,
-            headers: { "Content-Type": "text/html" },
-          })
-        }
-
-        // Validate state parameter
-        if (!pendingAuths.has(state)) {
-          const errorMsg = "Invalid or expired state parameter - potential CSRF attack"
-          log.error("oauth callback with invalid state", { state, pendingStates: Array.from(pendingAuths.keys()) })
-          return new Response(HTML_ERROR(errorMsg), {
-            status: 400,
-            headers: { "Content-Type": "text/html" },
-          })
-        }
-
-        const pending = pendingAuths.get(state)!
-
-        clearTimeout(pending.timeout)
-        pendingAuths.delete(state)
-        pending.resolve(code)
-
-        return new Response(HTML_SUCCESS, {
-          headers: { "Content-Type": "text/html" },
-        })
-      },
+    server = createServer(handleRequest)
+    await new Promise<void>((resolve, reject) => {
+      server!.listen(OAUTH_CALLBACK_PORT, () => {
+        log.info("oauth callback server started", { port: OAUTH_CALLBACK_PORT })
+        resolve()
+      })
+      server!.on("error", reject)
    })
-
-    log.info("oauth callback server started", { port: OAUTH_CALLBACK_PORT })
  }

  export function waitForCallback(oauthState: string): Promise<string> {
@@ -174,7 +177,7 @@ export namespace McpOAuthCallback {

  export async function stop(): Promise<void> {
    if (server) {
-      server.stop()
+      await new Promise<void>((resolve) => server!.close(() => resolve()))
      server = undefined
      log.info("oauth callback server stopped")
    }
--- a/packages/opencode/src/npm/index.ts
+++ b/packages/opencode/src/npm/index.ts
@@ -0,0 +1,180 @@
+// Workaround: Bun on Windows does not support the UV_FS_O_FILEMAP flag that
+// the `tar` package uses for files < 512KB (fs.open returns EINVAL).
+// tar silently swallows the error and skips writing files, leaving only empty
+// directories. Setting __FAKE_PLATFORM__ makes tar fall back to the plain 'w'
+// flag. See tar's get-write-flag.js.
+// Must be set before @npmcli/arborist is imported since tar caches the flag
+// at module evaluation time — so we use a dynamic import() below.
+if (process.platform === "win32") {
+  process.env.__FAKE_PLATFORM__ = "linux"
+}
+
+import semver from "semver"
+import z from "zod"
+import { NamedError } from "@opencode-ai/util/error"
+import { Global } from "../global"
+import { Lock } from "../util/lock"
+import { Log } from "../util/log"
+import path from "path"
+import { readdir } from "fs/promises"
+import { Filesystem } from "@/util/filesystem"
+
+const { Arborist } = await import("@npmcli/arborist")
+
+export namespace Npm {
+  const log = Log.create({ service: "npm" })
+
+  export const InstallFailedError = NamedError.create(
+    "NpmInstallFailedError",
+    z.object({
+      pkg: z.string(),
+    }),
+  )
+
+  function directory(pkg: string) {
+    return path.join(Global.Path.cache, "packages", pkg)
+  }
+
+  export async function outdated(pkg: string, cachedVersion: string): Promise<boolean> {
+    const response = await fetch(`https://registry.npmjs.org/${pkg}`)
+    if (!response.ok) {
+      log.warn("Failed to resolve latest version, using cached", { pkg, cachedVersion })
+      return false
+    }
+
+    const data = (await response.json()) as { "dist-tags"?: { latest?: string } }
+    const latestVersion = data?.["dist-tags"]?.latest
+    if (!latestVersion) {
+      log.warn("No latest version found, using cached", { pkg, cachedVersion })
+      return false
+    }
+
+    const range = /[\s^~*xX<>|=]/.test(cachedVersion)
+    if (range) return !semver.satisfies(latestVersion, cachedVersion)
+
+    return semver.lt(cachedVersion, latestVersion)
+  }
+
+  export async function add(pkg: string) {
+    using _ = await Lock.write(`npm-install:${pkg}`)
+    log.info("installing package", {
+      pkg,
+    })
+    const dir = directory(pkg)
+
+    const arborist = new Arborist({
+      path: dir,
+      binLinks: true,
+      progress: false,
+      savePrefix: "",
+    })
+    const tree = await arborist.loadVirtual().catch(() => {})
+    if (tree) {
+      const first = tree.edgesOut.values().next().value?.to
+      if (first) {
+        log.info("package already installed", { pkg })
+        return first.path
+      }
+    }
+
+    const result = await arborist
+      .reify({
+        add: [pkg],
+        save: true,
+        saveType: "prod",
+      })
+      .catch((cause) => {
+        throw new InstallFailedError(
+          { pkg },
+          {
+            cause,
+          },
+        )
+      })
+
+    const first = result.edgesOut.values().next().value?.to
+    if (!first) throw new InstallFailedError({ pkg })
+    return first.path
+  }
+
+  export async function install(dir: string) {
+    using _ = await Lock.write(`npm-install:${dir}`)
+    log.info("checking dependencies", { dir })
+
+    const reify = async () => {
+      const arb = new Arborist({
+        path: dir,
+        binLinks: true,
+        progress: false,
+        savePrefix: "",
+      })
+      await arb.reify().catch(() => {})
+    }
+
+    if (!(await Filesystem.exists(path.join(dir, "node_modules")))) {
+      log.info("node_modules missing, reifying")
+      await reify()
+      return
+    }
+
+    const pkg = await Filesystem.readJson(path.join(dir, "package.json")).catch(() => ({}))
+    const lock = await Filesystem.readJson(path.join(dir, "package-lock.json")).catch(() => ({}))
+
+    const declared = new Set([
+      ...Object.keys(pkg.dependencies || {}),
+      ...Object.keys(pkg.devDependencies || {}),
+      ...Object.keys(pkg.peerDependencies || {}),
+      ...Object.keys(pkg.optionalDependencies || {}),
+    ])
+
+    const root = lock.packages?.[""] || {}
+    const locked = new Set([
+      ...Object.keys(root.dependencies || {}),
+      ...Object.keys(root.devDependencies || {}),
+      ...Object.keys(root.peerDependencies || {}),
+      ...Object.keys(root.optionalDependencies || {}),
+    ])
+
+    for (const name of declared) {
+      if (!locked.has(name)) {
+        log.info("dependency not in lock file, reifying", { name })
+        await reify()
+        return
+      }
+    }
+
+    log.info("dependencies in sync")
+  }
+
+  export async function which(pkg: string) {
+    const dir = directory(pkg)
+    const binDir = path.join(dir, "node_modules", ".bin")
+
+    const pick = async () => {
+      const files = await readdir(binDir).catch(() => [])
+      if (files.length === 0) return undefined
+      if (files.length === 1) return files[0]
+      // Multiple binaries — resolve from package.json bin field like npx does
+      const pkgJson = await Filesystem.readJson<{ bin?: string | Record<string, string> }>(
+        path.join(dir, "node_modules", pkg, "package.json"),
+      ).catch(() => undefined)
+      if (pkgJson?.bin) {
+        const bin = pkgJson.bin
+        if (typeof bin === "string") return path.basename(bin)
+        const keys = Object.keys(bin)
+        if (keys.length === 1) return keys[0]
+        const unscoped = pkg.startsWith("@") ? pkg.split("/")[1] : pkg
+        return bin[unscoped] ? unscoped : keys[0]
+      }
+      return files[0]
+    }
+
+    const bin = await pick()
+    if (bin) return path.join(binDir, bin)
+
+    await add(pkg)
+    const resolved = await pick()
+    if (!resolved) throw new Error(`No binary found for package "${pkg}" after install`)
+    return path.join(binDir, resolved)
+  }
+}
--- a/packages/opencode/src/plugin/codex.ts
+++ b/packages/opencode/src/plugin/codex.ts
@@ -6,6 +6,7 @@ import os from "os"
 import { ProviderTransform } from "@/provider/transform"
 import { ModelID, ProviderID } from "@/provider/schema"
 import { setTimeout as sleep } from "node:timers/promises"
+import { createServer } from "http"

 const log = Log.create({ service: "plugin.codex" })

@@ -241,7 +242,7 @@ interface PendingOAuth {
  reject: (error: Error) => void
 }

-let oauthServer: ReturnType<typeof Bun.serve> | undefined
+let oauthServer: ReturnType<typeof createServer> | undefined
 let pendingOAuth: PendingOAuth | undefined

 async function startOAuthServer(): Promise<{ port: number; redirectUri: string }> {
@@ -249,77 +250,83 @@ async function startOAuthServer(): Promise<{ port: number; redirectUri: string }
    return { port: OAUTH_PORT, redirectUri: `http://localhost:${OAUTH_PORT}/auth/callback` }
  }

-  oauthServer = Bun.serve({
-    port: OAUTH_PORT,
-    fetch(req) {
-      const url = new URL(req.url)
+  oauthServer = createServer((req, res) => {
+    const url = new URL(req.url || "/", `http://localhost:${OAUTH_PORT}`)

-      if (url.pathname === "/auth/callback") {
-        const code = url.searchParams.get("code")
-        const state = url.searchParams.get("state")
-        const error = url.searchParams.get("error")
-        const errorDescription = url.searchParams.get("error_description")
+    if (url.pathname === "/auth/callback") {
+      const code = url.searchParams.get("code")
+      const state = url.searchParams.get("state")
+      const error = url.searchParams.get("error")
+      const errorDescription = url.searchParams.get("error_description")

-        if (error) {
-          const errorMsg = errorDescription || error
-          pendingOAuth?.reject(new Error(errorMsg))
-          pendingOAuth = undefined
-          return new Response(HTML_ERROR(errorMsg), {
-            headers: { "Content-Type": "text/html" },
-          })
-        }
-
-        if (!code) {
-          const errorMsg = "Missing authorization code"
-          pendingOAuth?.reject(new Error(errorMsg))
-          pendingOAuth = undefined
-          return new Response(HTML_ERROR(errorMsg), {
-            status: 400,
-            headers: { "Content-Type": "text/html" },
-          })
-        }
-
-        if (!pendingOAuth || state !== pendingOAuth.state) {
-          const errorMsg = "Invalid state - potential CSRF attack"
-          pendingOAuth?.reject(new Error(errorMsg))
-          pendingOAuth = undefined
-          return new Response(HTML_ERROR(errorMsg), {
-            status: 400,
-            headers: { "Content-Type": "text/html" },
-          })
-        }
-
-        const current = pendingOAuth
+      if (error) {
+        const errorMsg = errorDescription || error
+        pendingOAuth?.reject(new Error(errorMsg))
        pendingOAuth = undefined
-
-        exchangeCodeForTokens(code, `http://localhost:${OAUTH_PORT}/auth/callback`, current.pkce)
-          .then((tokens) => current.resolve(tokens))
-          .catch((err) => current.reject(err))
-
-        return new Response(HTML_SUCCESS, {
-          headers: { "Content-Type": "text/html" },
-        })
+        res.writeHead(200, { "Content-Type": "text/html" })
+        res.end(HTML_ERROR(errorMsg))
+        return
      }

-      if (url.pathname === "/cancel") {
-        pendingOAuth?.reject(new Error("Login cancelled"))
+      if (!code) {
+        const errorMsg = "Missing authorization code"
+        pendingOAuth?.reject(new Error(errorMsg))
        pendingOAuth = undefined
-        return new Response("Login cancelled", { status: 200 })
+        res.writeHead(400, { "Content-Type": "text/html" })
+        res.end(HTML_ERROR(errorMsg))
+        return
      }

-      return new Response("Not found", { status: 404 })
-    },
+      if (!pendingOAuth || state !== pendingOAuth.state) {
+        const errorMsg = "Invalid state - potential CSRF attack"
+        pendingOAuth?.reject(new Error(errorMsg))
+        pendingOAuth = undefined
+        res.writeHead(400, { "Content-Type": "text/html" })
+        res.end(HTML_ERROR(errorMsg))
+        return
+      }
+
+      const current = pendingOAuth
+      pendingOAuth = undefined
+
+      exchangeCodeForTokens(code, `http://localhost:${OAUTH_PORT}/auth/callback`, current.pkce)
+        .then((tokens) => current.resolve(tokens))
+        .catch((err) => current.reject(err))
+
+      res.writeHead(200, { "Content-Type": "text/html" })
+      res.end(HTML_SUCCESS)
+      return
+    }
+
+    if (url.pathname === "/cancel") {
+      pendingOAuth?.reject(new Error("Login cancelled"))
+      pendingOAuth = undefined
+      res.writeHead(200)
+      res.end("Login cancelled")
+      return
+    }
+
+    res.writeHead(404)
+    res.end("Not found")
+  })
+
+  await new Promise<void>((resolve, reject) => {
+    oauthServer!.listen(OAUTH_PORT, () => {
+      log.info("codex oauth server started", { port: OAUTH_PORT })
+      resolve()
+    })
+    oauthServer!.on("error", reject)
  })

-  log.info("codex oauth server started", { port: OAUTH_PORT })
  return { port: OAUTH_PORT, redirectUri: `http://localhost:${OAUTH_PORT}/auth/callback` }
 }

 function stopOAuthServer() {
  if (oauthServer) {
-    oauthServer.stop()
+    oauthServer.close(() => {
+      log.info("codex oauth server stopped")
+    })
    oauthServer = undefined
-    log.info("codex oauth server stopped")
  }
 }

--- a/packages/opencode/src/pty/index.ts
+++ b/packages/opencode/src/pty/index.ts
@@ -23,6 +23,8 @@ export namespace Pty {
    close: (code?: number, reason?: string) => void
  }

+  const key = (ws: Socket) => (ws.data && typeof ws.data === "object" ? ws.data : ws)
+
  // WebSocket control frame: 0x00 + UTF-8 JSON.
  const meta = (cursor: number) => {
    const json = JSON.stringify({ cursor })
@@ -97,9 +99,9 @@ export namespace Pty {
        try {
          session.process.kill()
        } catch {}
-        for (const [key, ws] of session.subscribers.entries()) {
+        for (const [id, ws] of session.subscribers.entries()) {
          try {
-            if (ws.data === key) ws.close()
+            if (key(ws) === id) ws.close()
          } catch {
            // ignore
          }
@@ -230,9 +232,9 @@ export namespace Pty {
    try {
      session.process.kill()
    } catch {}
-    for (const [key, ws] of session.subscribers.entries()) {
+    for (const [id, ws] of session.subscribers.entries()) {
      try {
-        if (ws.data === key) ws.close()
+        if (key(ws) === id) ws.close()
      } catch {
        // ignore
      }
@@ -263,16 +265,13 @@ export namespace Pty {
    }
    log.info("client connected to session", { id })

-    // Use ws.data as the unique key for this connection lifecycle.
-    // If ws.data is undefined, fallback to ws object.
-    const connectionKey = ws.data && typeof ws.data === "object" ? ws.data : ws
+    const sub = key(ws)

-    // Optionally cleanup if the key somehow exists
-    session.subscribers.delete(connectionKey)
-    session.subscribers.set(connectionKey, ws)
+    session.subscribers.delete(sub)
+    session.subscribers.set(sub, ws)

    const cleanup = () => {
-      session.subscribers.delete(connectionKey)
+      session.subscribers.delete(sub)
    }

    const start = session.bufferCursor
--- a/packages/opencode/src/server/routes/project.ts
+++ b/packages/opencode/src/server/routes/project.ts
@@ -29,7 +29,7 @@ export const ProjectRoutes = lazy(() =>
        },
      }),
      async (c) => {
-        const projects = await Project.list()
+        const projects = Project.list()
        return c.json(projects)
      },
    )
--- a/packages/opencode/src/server/routes/pty.ts
+++ b/packages/opencode/src/server/routes/pty.ts
@@ -1,15 +1,14 @@
 import { Hono } from "hono"
 import { describeRoute, validator, resolver } from "hono-openapi"
-import { upgradeWebSocket } from "hono/bun"
+import type { UpgradeWebSocket } from "hono/ws"
 import z from "zod"
 import { Pty } from "@/pty"
 import { PtyID } from "@/pty/schema"
 import { NotFoundError } from "../../storage/db"
 import { errors } from "../error"
-import { lazy } from "../../util/lazy"

-export const PtyRoutes = lazy(() =>
-  new Hono()
+export function PtyRoutes(upgradeWebSocket: UpgradeWebSocket) {
+  return new Hono()
    .get(
      "/",
      describeRoute({
@@ -197,5 +196,5 @@ export const PtyRoutes = lazy(() =>
          },
        }
      }),
-    ),
-)
+    )
+}
--- a/packages/opencode/src/server/server.ts
+++ b/packages/opencode/src/server/server.ts
@@ -1,4 +1,7 @@
+import { streamSSE } from "hono/streaming"
 import { Log } from "../util/log"
+import { Bus } from "../bus"
+import { BusEvent } from "../bus/bus-event"
 import { describeRoute, generateSpecs, validator, resolver, openAPIRouteHandler } from "hono-openapi"
 import { Hono } from "hono"
 import { cors } from "hono/cors"
@@ -25,7 +28,7 @@ import { ProviderID } from "../provider/schema"
 import { WorkspaceRouterMiddleware } from "../control-plane/workspace-router-middleware"
 import { ProjectRoutes } from "./routes/project"
 import { SessionRoutes } from "./routes/session"
-import { PtyRoutes } from "./routes/pty"
+// import { PtyRoutes } from "./routes/pty"
 import { McpRoutes } from "./routes/mcp"
 import { FileRoutes } from "./routes/file"
 import { ConfigRoutes } from "./routes/config"
@@ -35,7 +38,8 @@ import { EventRoutes } from "./routes/event"
 import { InstanceBootstrap } from "../project/bootstrap"
 import { NotFoundError } from "../storage/db"
 import type { ContentfulStatusCode } from "hono/utils/http-status"
-import { websocket } from "hono/bun"
+import { createAdaptorServer, type ServerType } from "@hono/node-server"
+import { createNodeWebSocket } from "@hono/node-ws"
 import { HTTPException } from "hono/http-exception"
 import { errors } from "./error"
 import { Filesystem } from "@/util/filesystem"
@@ -49,13 +53,20 @@ import { lazy } from "@/util/lazy"
 globalThis.AI_SDK_LOG_WARNINGS = false

 export namespace Server {
-  const log = Log.create({ service: "server" })
+  export type Listener = {
+    hostname: string
+    port: number
+    url: URL
+    stop: (close?: boolean) => Promise<void>
+  }

-  export const Default = lazy(() => createApp({}))
+  export const Default = lazy(() => create({}).app)

-  export const createApp = (opts: { cors?: string[] }): Hono => {
+  function create(opts: { cors?: string[] }) {
+    const log = Log.create({ service: "server" })
    const app = new Hono()
-    return app
+    const ws = createNodeWebSocket({ app })
+    const route = app
      .onError((err, c) => {
        log.error("failed", {
          error: err,
@@ -241,7 +252,6 @@ export namespace Server {
        ),
      )
      .route("/project", ProjectRoutes())
-      .route("/pty", PtyRoutes())
      .route("/config", ConfigRoutes())
      .route("/experimental", ExperimentalRoutes())
      .route("/session", SessionRoutes())
@@ -497,22 +507,70 @@ export namespace Server {
          return c.json(await Format.status())
        },
      )
-      .all("/*", async (c) => {
-        const path = c.req.path
-
-        const response = await proxy(`https://app.opencode.ai${path}`, {
-          ...c.req,
-          headers: {
-            ...c.req.raw.headers,
-            host: "app.opencode.ai",
+      .get(
+        "/event",
+        describeRoute({
+          summary: "Subscribe to events",
+          description: "Get events",
+          operationId: "event.subscribe",
+          responses: {
+            200: {
+              description: "Event stream",
+              content: {
+                "text/event-stream": {
+                  schema: resolver(BusEvent.payloads()),
+                },
+              },
+            },
          },
-        })
-        response.headers.set(
-          "Content-Security-Policy",
-          "default-src 'self'; script-src 'self' 'wasm-unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; media-src 'self' data:; connect-src 'self' data:",
-        )
-        return response
-      })
+        }),
+        async (c) => {
+          log.info("event connected")
+          c.header("X-Accel-Buffering", "no")
+          c.header("X-Content-Type-Options", "nosniff")
+          return streamSSE(c, async (stream) => {
+            stream.writeSSE({
+              data: JSON.stringify({
+                type: "server.connected",
+                properties: {},
+              }),
+            })
+            const unsub = Bus.subscribeAll(async (event) => {
+              await stream.writeSSE({
+                data: JSON.stringify(event),
+              })
+              if (event.type === Bus.InstanceDisposed.type) {
+                stream.close()
+              }
+            })
+
+            // Send heartbeat every 10s to prevent stalled proxy streams.
+            const heartbeat = setInterval(() => {
+              stream.writeSSE({
+                data: JSON.stringify({
+                  type: "server.heartbeat",
+                  properties: {},
+                }),
+              })
+            }, 10_000)
+
+            await new Promise<void>((resolve) => {
+              stream.onAbort(() => {
+                clearInterval(heartbeat)
+                unsub()
+                resolve()
+                log.info("event disconnected")
+              })
+            })
+          })
+        },
+      )
+    // .route("/pty", PtyRoutes(ws.upgradeWebSocket))
+
+    return {
+      app: route as Hono,
+      ws,
+    }
  }

  export async function openapi() {
@@ -530,52 +588,89 @@ export namespace Server {
    return result
  }

-  /** @deprecated do not use this dumb shit */
  export let url: URL

-  export function listen(opts: {
+  export async function listen(opts: {
    port: number
    hostname: string
    mdns?: boolean
    mdnsDomain?: string
    cors?: string[]
-  }) {
-    url = new URL(`http://${opts.hostname}:${opts.port}`)
-    const app = createApp(opts)
-    const args = {
-      hostname: opts.hostname,
-      idleTimeout: 0,
-      fetch: app.fetch,
-      websocket: websocket,
-    } as const
-    const tryServe = (port: number) => {
-      try {
-        return Bun.serve({ ...args, port })
-      } catch {
-        return undefined
-      }
+  }): Promise<Listener> {
+    const log = Log.create({ service: "server" })
+    const built = create({
+      ...opts,
+    })
+    const start = (port: number) =>
+      new Promise<ServerType>((resolve, reject) => {
+        const server = createAdaptorServer({ fetch: built.app.fetch })
+        built.ws.injectWebSocket(server)
+        const fail = (err: Error) => {
+          cleanup()
+          reject(err)
+        }
+        const ready = () => {
+          cleanup()
+          resolve(server)
+        }
+        const cleanup = () => {
+          server.off("error", fail)
+          server.off("listening", ready)
+        }
+        server.once("error", fail)
+        server.once("listening", ready)
+        server.listen(port, opts.hostname)
+      })
+
+    const server = opts.port === 0 ? await start(4096).catch(() => start(0)) : await start(opts.port)
+    const addr = server.address()
+    if (!addr || typeof addr === "string") {
+      throw new Error(`Failed to resolve server address for port ${opts.port}`)
    }
-    const server = opts.port === 0 ? (tryServe(4096) ?? tryServe(0)) : tryServe(opts.port)
-    if (!server) throw new Error(`Failed to start server on port ${opts.port}`)
+
+    const url = new URL("http://localhost")
+    url.hostname = opts.hostname
+    url.port = String(addr.port)
+    Server.url = url

    const shouldPublishMDNS =
      opts.mdns &&
-      server.port &&
+      addr.port &&
      opts.hostname !== "127.0.0.1" &&
      opts.hostname !== "localhost" &&
      opts.hostname !== "::1"
    if (shouldPublishMDNS) {
-      MDNS.publish(server.port!, opts.mdnsDomain)
+      MDNS.publish(addr.port, opts.mdnsDomain)
    } else if (opts.mdns) {
      log.warn("mDNS enabled but hostname is loopback; skipping mDNS publish")
    }

-    const originalStop = server.stop.bind(server)
-    server.stop = async (closeActiveConnections?: boolean) => {
-      if (shouldPublishMDNS) MDNS.unpublish()
-      return originalStop(closeActiveConnections)
+    let closing: Promise<void> | undefined
+    return {
+      hostname: opts.hostname,
+      port: addr.port,
+      url,
+      stop(close?: boolean) {
+        closing ??= new Promise((resolve, reject) => {
+          if (shouldPublishMDNS) MDNS.unpublish()
+          server.close((err) => {
+            if (err) {
+              reject(err)
+              return
+            }
+            resolve()
+          })
+          if (close) {
+            if ("closeAllConnections" in server && typeof server.closeAllConnections === "function") {
+              server.closeAllConnections()
+            }
+            if ("closeIdleConnections" in server && typeof server.closeIdleConnections === "function") {
+              server.closeIdleConnections()
+            }
+          }
+        })
+        return closing
+      },
    }
-
-    return server
  }
 }
--- a/packages/opencode/src/session/message-v2.ts
+++ b/packages/opencode/src/session/message-v2.ts
@@ -13,7 +13,7 @@ import { STATUS_CODES } from "http"
 import { Storage } from "@/storage/storage"
 import { ProviderError } from "@/provider/error"
 import { iife } from "@/util/iife"
-import { type SystemError } from "bun"
+import type { SystemError } from "bun"
 import type { Provider } from "@/provider/provider"
 import { ModelID, ProviderID } from "@/provider/schema"

--- a/packages/opencode/src/session/prompt.ts
+++ b/packages/opencode/src/session/prompt.ts
@@ -32,7 +32,6 @@ import { Flag } from "../flag/flag"
 import { ulid } from "ulid"
 import { spawn } from "child_process"
 import { Command } from "../command"
-import { $ } from "bun"
 import { pathToFileURL, fileURLToPath } from "url"
 import { ConfigMarkdown } from "../config/markdown"
 import { SessionSummary } from "./summary"
@@ -48,6 +47,7 @@ import { iife } from "@/util/iife"
 import { Shell } from "@/shell/shell"
 import { Truncate } from "@/tool/truncate"
 import { decodeDataUrl } from "@/util/data-url"
+import { Process } from "@/util/process"

 // @ts-ignore
 globalThis.AI_SDK_LOG_WARNINGS = false
@@ -1812,15 +1812,13 @@ NOTE: At any point in time through this workflow you should feel free to ask the
      template = template + "\n\n" + input.arguments
    }

-    const shell = ConfigMarkdown.shell(template)
-    if (shell.length > 0) {
+    const shellMatches = ConfigMarkdown.shell(template)
+    if (shellMatches.length > 0) {
+      const sh = Shell.preferred()
      const results = await Promise.all(
-        shell.map(async ([, cmd]) => {
-          try {
-            return await $`${{ raw: cmd }}`.quiet().nothrow().text()
-          } catch (error) {
-            return `Error executing command: ${error instanceof Error ? error.message : String(error)}`
-          }
+        shellMatches.map(async ([, cmd]) => {
+          const out = await Process.text([cmd], { shell: sh, nothrow: true })
+          return out.text
        }),
      )
      let index = 0
--- a/packages/opencode/src/tool/registry.ts
+++ b/packages/opencode/src/tool/registry.ts
@@ -46,7 +46,7 @@ export namespace ToolRegistry {
    if (matches.length) await Config.waitForDependencies()
    for (const match of matches) {
      const namespace = path.basename(match, path.extname(match))
-      const mod = await import(pathToFileURL(match).href)
+      const mod = await import(process.platform === "win32" ? match : pathToFileURL(match).href)
      for (const [id, def] of Object.entries<ToolDefinition>(mod)) {
        custom.push(fromPlugin(id === "default" ? namespace : `${namespace}_${id}`, def))
      }
--- a/packages/opencode/src/util/process.ts
+++ b/packages/opencode/src/util/process.ts
@@ -61,9 +61,9 @@ export namespace Process {

    const proc = launch(cmd[0], cmd.slice(1), {
      cwd: opts.cwd,
+      shell: opts.shell,
      env: opts.env === null ? {} : opts.env ? { ...process.env, ...opts.env } : undefined,
      stdio: [opts.stdin ?? "ignore", opts.stdout ?? "ignore", opts.stderr ?? "ignore"],
-      shell: opts.shell,
      windowsHide: process.platform === "win32",
    })

--- a/packages/opencode/src/util/which.ts
+++ b/packages/opencode/src/util/which.ts
@@ -1,9 +1,13 @@
 import whichPkg from "which"
+import path from "path"
+import { Global } from "../global"

 export function which(cmd: string, env?: NodeJS.ProcessEnv) {
+  const base = env?.PATH ?? env?.Path ?? process.env.PATH ?? process.env.Path ?? ""
+  const full = base ? base + path.delimiter + Global.Path.bin : Global.Path.bin
  const result = whichPkg.sync(cmd, {
    nothrow: true,
-    path: env?.PATH ?? env?.Path ?? process.env.PATH ?? process.env.Path,
+    path: full,
    pathExt: env?.PATHEXT ?? env?.PathExt ?? process.env.PATHEXT ?? process.env.PathExt,
  })
  return typeof result === "string" ? result : null
Author	SHA1	Message	Date
Dax Raad	ad741cbea0	fix: scope Npm.add() lock to per-package key Use npm-install:${pkg} instead of a global npm-install lock so concurrent installs of different packages can run in parallel.	2026-03-19 21:48:43 -04:00
Dax Raad	cbc40a5981	chore: extract node entry point into #18324	2026-03-19 21:30:35 -04:00
Dax Raad	b9b210a864	Merge branch 'dev' into opencode-2-0	2026-03-19 21:22:28 -04:00
Dax Raad	d473b7e971	chore: extract which/global changes into #18320	2026-03-19 21:22:06 -04:00
Dax	6fcc970def	fix: include cache bin directory in which() lookups (#18320 )	2026-03-19 21:21:55 -04:00
Dax	52a7a04ad8	refactor: replace Bun shell execution with portable Process utilities (#18318 )	2026-03-19 21:17:06 -04:00
Dax Raad	f5783c4313	chore: extract portable process changes into #18318	2026-03-19 21:15:31 -04:00
Dax Raad	9439a5647e	chore: revert drizzle upgrade (extracted to sqlite PR)	2026-03-19 21:10:53 -04:00
Dax Raad	2bfe81ee5c	chore: extract SQLite abstraction into separate PR (#refactor/sqlite-abstraction)	2026-03-19 21:02:58 -04:00
Dax Raad	fcf1bb010c	chore: update lockfile and package.json	2026-03-19 20:53:04 -04:00
Dax Raad	08b6d9c6dc	sync	2026-03-19 20:48:44 -04:00
Dax Raad	0293a8bb80	chore: revert changes overlapping with #18308	2026-03-19 20:48:23 -04:00
Dax Raad	850dbb93eb	Merge remote-tracking branch 'origin/dev' into opencode-2-0	2026-03-19 19:33:19 -04:00
Dax Raad	48e867ee20	Merge remote-tracking branch 'origin/dev' into opencode-2-0 # Conflicts: # .opencode/tool/github-pr-search.ts # .opencode/tool/github-triage.ts	2026-03-19 19:03:48 -04:00
Dax Raad	b5ebc541b9	Merge remote-tracking branch 'origin/dev' into opencode-2-0	2026-03-19 18:52:18 -04:00
Dax Raad	bd7a4cec90	sync	2026-03-19 17:53:35 -04:00
Dax Raad	63af295a17	Merge origin/dev into opencode-2-0	2026-03-19 16:07:13 -04:00
Dax Raad	04954a9620	Merge remote-tracking branch 'origin/opencode-2-0' into opencode-2-0	2026-03-11 14:32:38 -04:00
Dax Raad	fb63fd79a3	cleanup	2026-03-11 14:29:35 -04:00
Dax Raad	2e04b66eab	sync	2026-03-11 14:29:03 -04:00
Dax Raad	f0b7c8c374	refactor(npm): inline pkgPath and lockPath variables	2026-03-11 14:29:03 -04:00
Dax Raad	be6f59035a	unbreak	2026-03-11 14:29:03 -04:00
Dax Raad	27ab51f490	sync	2026-03-11 14:29:03 -04:00
Dax Raad	bca723e8fe	core: enable running in non-Bun environments by using standard Node.js APIs for OAuth servers and retry logic	2026-03-11 14:29:03 -04:00
Dax Raad	1ac39718d8	sync	2026-03-11 14:29:03 -04:00
Dax Raad	190319fb56	core: cleaner error output and more flexible custom tool directories - Removed debug console.log when dependency installation fails so users see clean warning messages instead of raw error dumps - Fixed database connection cleanup to prevent resource leaks between sessions - Added support for loading custom tools from both .opencode/tool (singular) and .opencode/tools (plural) directories, matching common naming conventions	2026-03-11 14:29:03 -04:00
Dax Raad	3154f0a61c	core: return structured server info with stop method from workspace server - Enables graceful server shutdown for workspace management - Removes unsupported serverUrl getter that threw errors in plugin context	2026-03-11 14:29:03 -04:00
Dax Raad	0b686b8178	core: remove shell execution and server URL from plugin API Plugins no longer receive shell access or server URL to prevent unauthorized execution and limit plugin sandbox surface area.	2026-03-11 14:29:03 -04:00
Dax Raad	4cba56171b	sync	2026-03-11 14:29:03 -04:00
Dax Raad	66342acd31	core: bundle database migrations into node build and auto-start server on port 1338	2026-03-11 14:29:03 -04:00
Dax Raad	88dae67549	refactor(server): replace Bun serve with Hono node adapters	2026-03-11 14:29:03 -04:00
Dax Raad	0ec42582f3	core: add Node.js runtime support Enable running opencode on Node.js by adding platform-specific database adapters and replacing Bun-specific shell execution with cross-platform Process utility.	2026-03-11 14:29:02 -04:00
Luke Parker	4f82248a68	fix: work around Bun/Windows UV_FS_O_FILEMAP incompatibility in tar (#16853 )	2026-03-11 14:29:02 -04:00
Dax Raad	5e069aab97	tui: fix Windows plugin loading by using direct paths instead of file URLs	2026-03-11 14:29:02 -04:00
Dax Raad	5325b2ec99	core: fix custom tool loading to properly resolve module paths	2026-03-11 14:29:02 -04:00
Dax Raad	2a98920922	sync	2026-03-11 14:29:02 -04:00
Dax Raad	5ea92ea6cb	sync	2026-03-11 14:29:02 -04:00
Dax Raad	a18528a7ee	sync	2026-03-11 14:29:02 -04:00
Dax Raad	ced125a974	core: log npm install errors to console for debugging dependency failures	2026-03-11 14:29:02 -04:00
Dax Raad	655fe20beb	sync	2026-03-11 14:29:02 -04:00
Dax Raad	dd0c258e23	core: fix CLI tools from npm packages not being accessible after install on Windows	2026-03-11 14:29:02 -04:00
Dax Raad	791e27d289	sync	2026-03-11 14:29:02 -04:00
Dax Raad	fac0aec69f	tui: export sessions using consistent Filesystem API instead of Bun.write	2026-03-11 14:29:02 -04:00
Dax Raad	ca26e639f6	core: fix npm dependency installation on Windows CI by disabling bin links when symlink permissions are restricted	2026-03-11 14:29:02 -04:00
Dax Raad	0b5d54f2cb	core: enable npm bin links on non-Windows platforms to allow plugin executables to work while keeping them disabled on Windows CI where symlink permissions are restricted	2026-03-11 14:29:02 -04:00
Dax Raad	1b408cf06b	core: fix dependency installation failures behind corporate proxies or in CI by disabling Bun cache when network interception is detected	2026-03-11 14:29:02 -04:00
Dax Raad	8e102d19ed	core: disable npm bin links to fix package installation in sandboxed environments	2026-03-11 14:29:02 -04:00
Dax Raad	721b2406e9	core: dynamically resolve formatter executable paths at runtime Formatters now determine their executable location when enabled rather than using hardcoded paths. This ensures formatters work correctly regardless of how the tool was installed or where executables are located on the system.	2026-03-11 14:29:01 -04:00
Dax Raad	4a6a18cd79	sync	2026-03-11 14:28:37 -04:00
Dax	c10b5880cc	Update packages/opencode/src/util/which.ts Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>	2026-03-11 14:28:37 -04:00
Dax	e6bf83084c	Update packages/opencode/src/npm/index.ts Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>	2026-03-11 14:28:37 -04:00
Dax Raad	6722ee22ee	sync	2026-03-11 14:28:36 -04:00
Dax Raad	870a5731ac	refactor: lsp server and core improvements	2026-03-11 14:28:24 -04:00
Luke Parker	7910ce5d36	fix: guard Npm.which() against infinite loop when .bin is empty (#16961 )	2026-03-11 09:34:58 -04:00
Dax	6ad171dba9	Merge branch 'dev' into opencode-2-0	2026-03-10 17:20:19 -04:00
Dax Raad	cb5674edc7	sync	2026-03-10 17:00:15 -04:00
Dax Raad	b99de4118e	refactor(npm): inline pkgPath and lockPath variables	2026-03-10 16:59:01 -04:00
Dax Raad	040700dbc4	unbreak	2026-03-10 16:07:25 -04:00
Dax Raad	4d5da9697e	sync	2026-03-10 16:02:40 -04:00
Dax Raad	a28648f530	core: enable running in non-Bun environments by using standard Node.js APIs for OAuth servers and retry logic	2026-03-10 16:02:40 -04:00
Dax Raad	4d81e2d4d9	sync	2026-03-10 16:02:40 -04:00
Dax Raad	21e72cbf42	core: cleaner error output and more flexible custom tool directories - Removed debug console.log when dependency installation fails so users see clean warning messages instead of raw error dumps - Fixed database connection cleanup to prevent resource leaks between sessions - Added support for loading custom tools from both .opencode/tool (singular) and .opencode/tools (plural) directories, matching common naming conventions	2026-03-10 16:02:40 -04:00
Dax Raad	5f277d1e62	core: return structured server info with stop method from workspace server - Enables graceful server shutdown for workspace management - Removes unsupported serverUrl getter that threw errors in plugin context	2026-03-10 16:02:40 -04:00
Dax Raad	d67e877e28	core: remove shell execution and server URL from plugin API Plugins no longer receive shell access or server URL to prevent unauthorized execution and limit plugin sandbox surface area.	2026-03-10 16:02:40 -04:00
Dax Raad	d4e51e04b3	sync	2026-03-10 16:02:40 -04:00
Dax Raad	070c1679e4	core: bundle database migrations into node build and auto-start server on port 1338	2026-03-10 16:02:40 -04:00
Dax Raad	406d216cd2	refactor(server): replace Bun serve with Hono node adapters	2026-03-10 16:02:40 -04:00
Dax Raad	5dc8b4ef29	core: add Node.js runtime support Enable running opencode on Node.js by adding platform-specific database adapters and replacing Bun-specific shell execution with cross-platform Process utility.	2026-03-10 16:02:39 -04:00
Luke Parker	2f41d89163	fix: work around Bun/Windows UV_FS_O_FILEMAP incompatibility in tar (#16853 )	2026-03-10 16:02:39 -04:00
Dax Raad	b2eae867a1	tui: fix Windows plugin loading by using direct paths instead of file URLs	2026-03-10 16:02:39 -04:00
Dax Raad	3c2fda4d91	core: fix custom tool loading to properly resolve module paths	2026-03-10 16:02:39 -04:00
Dax Raad	2678ceb45e	sync	2026-03-10 16:02:39 -04:00
Dax Raad	58a4cd00b6	sync	2026-03-10 16:02:39 -04:00
Dax Raad	0faa191b6d	sync	2026-03-10 16:02:39 -04:00
Dax Raad	58cf092105	core: log npm install errors to console for debugging dependency failures	2026-03-10 16:02:39 -04:00
Dax Raad	0ff8bfe1d9	sync	2026-03-10 16:02:39 -04:00
Dax Raad	ceb79c786a	core: fix CLI tools from npm packages not being accessible after install on Windows	2026-03-10 16:02:39 -04:00
Dax Raad	b1a15d559b	sync	2026-03-10 16:02:39 -04:00
Dax Raad	124a8abf9b	tui: export sessions using consistent Filesystem API instead of Bun.write	2026-03-10 16:02:39 -04:00
Dax Raad	85c2bb342b	core: fix npm dependency installation on Windows CI by disabling bin links when symlink permissions are restricted	2026-03-10 16:02:39 -04:00
Dax Raad	4c57e39466	core: enable npm bin links on non-Windows platforms to allow plugin executables to work while keeping them disabled on Windows CI where symlink permissions are restricted	2026-03-10 16:02:39 -04:00
Dax Raad	0cdd4e4e16	core: fix dependency installation failures behind corporate proxies or in CI by disabling Bun cache when network interception is detected	2026-03-10 16:02:39 -04:00
Dax Raad	a9b01be0c2	core: disable npm bin links to fix package installation in sandboxed environments	2026-03-10 16:02:39 -04:00
Dax Raad	528daf5490	core: dynamically resolve formatter executable paths at runtime Formatters now determine their executable location when enabled rather than using hardcoded paths. This ensures formatters work correctly regardless of how the tool was installed or where executables are located on the system.	2026-03-10 16:02:39 -04:00
Dax Raad	0e176d3ac3	sync	2026-03-10 16:02:39 -04:00
Dax	27f359852e	Update packages/opencode/src/util/which.ts Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>	2026-03-10 16:02:39 -04:00
Dax	173128d431	Update packages/opencode/src/npm/index.ts Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>	2026-03-10 16:02:39 -04:00
Dax Raad	e8ee1e239f	sync	2026-03-10 16:02:39 -04:00
Dax Raad	656fa191c1	refactor: lsp server and core improvements	2026-03-10 16:02:39 -04:00