chore: merge upstream opencode v1.2.26#142
Merged
anandgupta42 merged 327 commits intomainfrom Mar 15, 2026
Merged
Conversation
This reverts commit 426dcfa.
…tom-left" This reverts commit 69cb49f.
Co-authored-by: Shoubhit Dash <shoubhit2005@gmail.com>
Co-authored-by: Shoubhit Dash <shoubhit2005@gmail.com>
When the sidebar was collapsed (not on mobile), the background color was showing as the stronger variant instead of matching the base background. This fixes the hover state detection so users see a consistent lighter background when the sidebar is in collapsed mode.
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Shoubhit Dash <shoubhit2005@gmail.com>
…nt text area (#15374)
…s to prevent content overflow issues
|
🚧 Skipped: PR exceeds review size limit. Please split into smaller PRs and re-run. |
Remove `docs/research/`, `docs/strategy/`, `experiments/`, and `.github/meta/` — these are local working files that were accidentally staged during the upstream merge branding transforms step. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Remove `.opencode/glossary/`, `.opencode/agent/translator.md`, and `.github/workflows/storybook.yml` — these are upstream-only files we don't need. Added to `skipFiles` config so future merges auto-discard them. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
![sentry[bot]](https://avatars.githubusercontent.com/in/12637?s=60&v=4){kind=small}
Comment on lines
+118
to
+119
| // *.altimate.ai (https only, adjust if needed) | ||
| if (/^https:\/\/([a-z0-9-]+\.)*opencode\.ai$/.test(input)) { |
There was a problem hiding this comment.
Bug: The CORS origin validation regex incorrectly checks for opencode.ai instead of altimate.ai, which will block all requests from the frontend.
Severity: CRITICAL
Suggested Fix
Update the regular expression in the CORS origin validation function at server.ts to match altimate.ai domains. The regex should be changed from /^https:\/\/([a-z0-9-]+\.)*opencode\.ai$/ to /^https:\/\/([a-z0-9-]+\.)*altimate\.ai$/ to align with the comment and the intended proxy target.
Prompt for AI Agent
Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.
Location: packages/opencode/src/server/server.ts#L118-L119
Potential issue: The CORS origin validation uses a regular expression that incorrectly
checks for the `opencode.ai` domain. However, the server is designed to proxy requests
for a frontend hosted at `https://app.altimate.ai`. When the frontend makes a request,
its origin `https://app.altimate.ai` fails the regex test. This causes the CORS
middleware to block the request by not setting the `Access-Control-Allow-Origin` header,
preventing the frontend application from communicating with its backend server.
Did we get this right? 👍 / 👎 to inform future reviews.
| } | ||
| const wasPlan = input.messages.some((msg) => msg.info.role === "assistant" && msg.info.agent === "plan") | ||
| if (wasPlan && input.agent.name === "builder") { | ||
| if (wasPlan && input.agent.name === "build") { |
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
Add to skipFiles and remove: - `.opencode/tool/github-triage.*`, `github-pr-search.*` — upstream team triage tools - `.opencode/agent/duplicate-pr.md`, `triage.md`, `docs.md` — upstream agents - `.opencode/themes/mytheme.json` — upstream dev's personal theme - `.opencode/env.d.ts` — types for upstream plugins - `.opencode/command/rmslop.md`, `ai-deps.md`, `spellcheck.md` — upstream dev commands - `script/sync-zed.ts` — Zed extension sync (no workflow references it) - `AGENTS.md` — references `dev` branch, misleading for our fork Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Comment on lines
-333
to
-336
| message_id: input.assistantMessage.id, | ||
| model_id: input.model.id, | ||
| provider_id: input.model.providerID, | ||
| agent: input.assistantMessage.agent ?? "", |
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
Comment on lines
20977
to
20985
| "id": "opencode", | ||
| "env": ["OPENCODE_API_KEY"], | ||
| "npm": "@ai-sdk/openai-compatible", | ||
| "api": "https://opencode.ai/zen/v1", | ||
| "name": "OpenCode Zen", | ||
| "doc": "https://opencode.ai/docs/zen", | ||
| "api": "https://altimate.ai/zen/v1", | ||
| "name": "Altimate Code Zen", | ||
| "doc": "https://altimate.ai/docs/zen", | ||
| "models": { | ||
| "glm-4.7": { | ||
| "id": "glm-4.7", |
There was a problem hiding this comment.
Bug: The cloudflare-workers-ai provider refactoring removes a hardcoded baseURL, introducing a risk of failure if the expected URL template placeholder is missing from external model data.
Severity: MEDIUM
Suggested Fix
Verify that the api.url for cloudflare-workers-ai models in the external models.dev database contains the ${CLOUDFLARE_ACCOUNT_ID} placeholder. Alternatively, add a fallback to the previously hardcoded URL or add integration tests to validate this provider's configuration.
Prompt for AI Agent
Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.
Location: packages/opencode/test/tool/fixtures/models-api.json#L20977-L20985
Potential issue: The `cloudflare-workers-ai` provider was refactored to no longer use a
hardcoded `baseURL`. The new implementation relies on a template substitution mechanism,
assuming that the `model.api.url` fetched from an external service contains a
`${CLOUDFLARE_ACCOUNT_ID}` placeholder. If this placeholder is missing from the external
data for `cloudflare-workers-ai` models, the `baseURL` will be incomplete, causing all
API requests for this provider to fail. This change introduces a regression risk as it
depends on unverified external data and lacks tests.
Document Vertex AI provider configuration including `project`, `location` options and supported environment variables (`GOOGLE_VERTEX_LOCATION`, `GOOGLE_CLOUD_LOCATION`, `VERTEX_LOCATION`). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Comment on lines
+655
to
659
| const skills = await SystemPrompt.skills(agent) | ||
| const system = [ | ||
| ...(await SystemPrompt.environment(model)), | ||
| ...(skills ? [skills] : []), | ||
| ...(await InstructionPrompt.system()), |
There was a problem hiding this comment.
Bug: The system field from the /session/prompt API input is stored but never used when constructing the system prompt for the LLM, silently ignoring user-provided instructions.
Severity: MEDIUM
Suggested Fix
The system prompt construction logic should be updated to include the system value from the user's message if it exists. Modify the array to include lastUser.system when it is available, for example: const system = [ ...(await SystemPrompt.environment(model)), ...(skills ? [skills] : []), ...(await InstructionPrompt.system()), ...(lastUser.system ? [lastUser.system] : []) ].
Prompt for AI Agent
Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.
Location: packages/opencode/src/session/prompt.ts#L655-L659
Potential issue: A functional regression has been introduced in the `/session/prompt`
endpoint. While the `system` field from the `PromptInput` is correctly received and
stored on the user message object, it is never referenced during the system prompt
construction. The logic around lines 655-659 builds the system prompt exclusively from
`SystemPrompt.environment`, `SystemPrompt.skills`, and `InstructionPrompt.system`.
Consequently, any custom system instructions provided by an API client via the `system`
field are silently ignored, altering the LLM's behavior from what the client expects.
- Sync `merge-config.json` with `config.ts` (22 → 39 skipFiles patterns) - Add skipFiles tests for all newly skipped upstream configs (glossary, triage tools, AGENTS.md, storybook workflow, etc.) - Add forbidden file/dir existence checks for all skipped items - Add repository hygiene tests: `__pycache__` in .gitignore, altimate-engine existence, bridge directory - Add config consistency tests: merge-config.json ↔ config.ts sync Total: 170 → 228 tests (58 new) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Fix CORS regex branding leak: `opencode.ai` → `altimate.ai` in server.ts origin validation - Fix agent name mismatch: `"build"` → `"builder"` in prompt.ts plan-to-build transition (our fork renamed the agent) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
# Conflicts: # packages/opencode/src/session/prompt.ts
Comment on lines
1070
to
1080
| if (provider.env) partial.env = provider.env | ||
| if (provider.name) partial.name = provider.name | ||
| if (provider.options) partial.options = provider.options | ||
| mergeProvider(providerID, partial) | ||
| } | ||
|
|
||
| for (const [providerID, provider] of Object.entries(providers)) { | ||
| for (const [id, provider] of Object.entries(providers)) { | ||
| const providerID = ProviderID.make(id) | ||
| if (!isProviderAllowed(providerID)) { | ||
| delete providers[providerID] | ||
| continue |
There was a problem hiding this comment.
Bug: The provider was renamed from altimate-code to opencode, but the custom loader only checks for the new opencode key in user configs, breaking existing setups.
Severity: HIGH
Suggested Fix
Update the custom loader to check for both the old altimate-code key and the new opencode key in the user's configuration to ensure backward compatibility. For example, change the condition to check for config.provider?.["opencode"] or config.provider?.["altimate-code"]. Alternatively, implement a configuration migration step that renames the key before providers are initialized.
Prompt for AI Agent
Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.
Location: packages/opencode/src/provider/provider.ts#L1056-L1080
Potential issue: The custom loader for the self-hosted provider was renamed from
`altimate-code` to `opencode`. However, the loader's check for an API key now
exclusively looks for `config.provider?.["opencode"]`. Existing users with
configurations using the old `altimate-code` key will fail this check. Consequently, the
`hasKey` check will return `false`, causing the provider to fail to load and potentially
deleting the user's configured models. This happens because no migration logic was added
to handle the old configuration key, nor is there a fallback to check for both the old
and new keys.
- Restore our `isOverflow` formula with safety guard and unified headroom (upstream simplified it but introduced a bug with small-context models where `context == maxOutput` causes `usable=0` and premature compaction) - Restore observation masks, telemetry tracking, compaction attempt counting, and Data Context section in compaction prompt - Fix `project.test.ts`: source writes `.git/opencode` (internal identifier in `preservePatterns`), not `.git/altimate` — tests were over-branded - Fix `publish-package.test.ts`: `bin["altimate"]` points to `./bin/altimate-code`, not `./bin/altimate` All custom additions marked with `altimate_change` comments for merge safety. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…tion.ts` Align all markers to the project convention (`// altimate_change start —` / `// altimate_change end`) so the `analyze.ts` integrity checker recognizes them and future upstream merges don't silently overwrite our custom logic. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Upstream v1.2.26 refactored `prompt.ts` and `installation/index.ts`, silently removing our telemetry instrumentation (no `altimate_change` markers existed to protect it). Restored: - `prompt.ts`: session telemetry (`session_start`, `session_end`, `agent_outcome`), cost/token accumulation, emergency shutdown hooks - `installation/index.ts`: upgrade telemetry (`upgrade_attempted` with success/error status, version info, method) - `server.ts`: branded default username `"altimate"` (was `"opencode"`) All restored code wrapped with `// altimate_change start/end` markers to prevent future upstream overwrites. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Comment on lines
+91
to
+96
| function readCachedId(dir: string) { | ||
| return Filesystem.readText(path.join(dir, "opencode")) | ||
| .then((x) => x.trim()) | ||
| .then(ProjectID.make) | ||
| .catch(() => undefined) | ||
| } |
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
…arker integrity tests - Use lazy `getTelemetry()` import pattern for both upgrade success and error paths to avoid circular dep: installation → Telemetry → Installation - Add `"aborted"` to `agent_outcome` telemetry event `outcome` union type - Add missing `compactions` field to `agent_outcome` tracking in `prompt.ts` - Add marker integrity test section to upstream-merge-guard tests: validates required marker files and start/end block pairing Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Delete `merge-config.json` (superseded by `utils/config.ts`) - Delete unused `transforms/` directory (12 files, logic is inline in `merge.ts`) - Fix `keepOurs`/`skipFiles` overlap: remove `infra/**` and `README.*.md` from `keepOurs` (they belong in `skipFiles` only) - Consolidate ANSI color helpers into `utils/logger.ts` (was duplicated in `merge.ts`, `analyze.ts`, and `logger.ts`) - Merge `check-markers.ts` into `analyze.ts` as `--markers` mode with `--base` and `--strict` flags - Add Marker Guard CI job to `.github/workflows/ci.yml` — runs on every PR, catches upstream-shared files missing `altimate_change` markers - Update tests: replace config consistency tests with config integrity tests (overlap detection, dead file assertions) - Update README with new CLI commands and CI integration docs Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
New files don't exist upstream and can't be overwritten by a merge, so they don't need `altimate_change` markers. Changed `--diff-filter` from `AM` (Added+Modified) to `M` (Modified only). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Files that don't exist in upstream can't be overwritten by a merge, so they don't need `altimate_change` markers. The guard now loads the full upstream file tree via `git ls-tree` (cached in a Set for O(1) lookups) and checks all upstream-shared files — not just `packages/opencode/src/`. CI step fetches the upstream remote first. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Comment on lines
+800
to
810
| total_cost: sessionTotalCost, | ||
| total_tokens: sessionTotalTokens, | ||
| tool_call_count: toolCallCount, | ||
| duration_ms: Date.now() - sessionStartTime, | ||
| cost: sessionTotalCost, | ||
| compactions: totalCompactions, | ||
| outcome, | ||
| }) | ||
| if (!emergencySessionEndFired) { | ||
| Telemetry.track({ | ||
| type: "session_end", | ||
| timestamp: Date.now(), | ||
| session_id: sessionID, | ||
| total_cost: sessionTotalCost, | ||
| total_tokens: sessionTotalTokens, | ||
| tool_call_count: toolCallCount, | ||
| duration_ms: Date.now() - sessionStartTime, | ||
| }) | ||
| } | ||
| await Telemetry.shutdown() | ||
| } | ||
| await Telemetry.shutdown() | ||
| // altimate_change end | ||
| for await (const item of MessageV2.stream(sessionID)) { | ||
| if (item.info.role === "user") continue | ||
| const queued = state()[sessionID]?.callbacks ?? [] |
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
Bug fixes: - Fix `text-end` handler overwriting `start` time in `processor.ts` - Fix `toolCallCount` never incremented — now counts tool parts per step - Fix `emergencySessionEndFired` never set true after normal `session_end` - Clean up emergency process handlers after normal completion - Wire up `compactionCount` to `agent_outcome` telemetry (was hardcoded 0) - Add compaction circuit breaker (max 3 attempts per session) - Add legacy `.git/altimate-code` fallback in `readCachedId` - Cache lazy telemetry import in `installation/index.ts` - Fix duplicate `telemetryMethod` declaration in upgrade telemetry - Fix branding leak: `anomalyco` → `AltimateAI` in `parsers-config.ts` CI fixes: - Marker guard: skip strict mode for upstream merge PRs (branch detection) - Marker guard: use PR base ref instead of hardcoded `origin/main` - Marker guard: exclude test files, generated SDK, config files from checks - Fix tests referencing deleted `merge-config.json` — use `config.ts` directly Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…ggers - `beta.yml`: disable hourly schedule (upstream beta branch syncing not needed) - `opencode.yml`: replace `/oc` and `/opencode` triggers with `/altimate` and `/ac`, update model reference from `opencode/claude-opus-4-5` to `anthropic/claude-opus-4-5` Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Session regression tests (15 tests): - `toolCallCount` accumulation from tool parts per step - `text-end` time preservation (start time not overwritten) - `emergencySessionEndFired` deduplication and listener cleanup - Compaction circuit breaker (max 3 attempts, per-session, abort cleanup) - `compactionCount` wired to `agent_outcome` telemetry - Telemetry lazy import caching Branding regression tests (5 tests): - `parsers-config.ts` has no `anomalyco` references - `opencode.yml` uses `/altimate` triggers, not `/opencode` - `beta.yml` schedule is disabled - `opencode.yml` model reference doesn't use `opencode/` prefix Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Verify `markerExcludePatterns` never matches `src/` source files - Verify CI uses `--strict` mode for non-merge PRs - Prevents future changes from accidentally disabling marker protection Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Comment on lines
+809
to
819
| total_cost: sessionTotalCost, | ||
| total_tokens: sessionTotalTokens, | ||
| tool_call_count: toolCallCount, | ||
| duration_ms: Date.now() - sessionStartTime, | ||
| cost: sessionTotalCost, | ||
| compactions: totalCompactions, | ||
| outcome, | ||
| }) | ||
| if (!emergencySessionEndFired) { | ||
| Telemetry.track({ | ||
| type: "session_end", | ||
| timestamp: Date.now(), | ||
| session_id: sessionID, | ||
| total_cost: sessionTotalCost, | ||
| total_tokens: sessionTotalTokens, | ||
| tool_call_count: toolCallCount, | ||
| duration_ms: Date.now() - sessionStartTime, | ||
| }) | ||
| } | ||
| await Telemetry.shutdown() | ||
| } | ||
| await Telemetry.shutdown() | ||
| // altimate_change end | ||
| for await (const item of MessageV2.stream(sessionID)) { | ||
| if (item.info.role === "user") continue | ||
| const queued = state()[sessionID]?.callbacks ?? [] |
There was a problem hiding this comment.
Bug: An unhandled exception inside the main session loop will bypass cleanup logic, leading to leaked process listeners and a failure to call Telemetry.shutdown().
Severity: MEDIUM
Suggested Fix
Wrap the while (true) loop within a try/finally block. Move the cleanup logic, including the removal of process listeners and the call to Telemetry.shutdown(), into the finally block to ensure it executes regardless of whether an exception occurs within the loop.
Prompt for AI Agent
Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.
Location: packages/opencode/src/session/prompt.ts#L753-L819
Potential issue: The `try/finally` block that previously wrapped the main `while (true)`
loop in the session prompt has been removed. The cleanup logic, including
`process.off()` for `beforeExit` and `exit` listeners and `Telemetry.shutdown()`, is now
placed sequentially after the loop. The loop contains multiple `await` calls that are
not individually wrapped in error handling. If any of these asynchronous operations
throw an unhandled exception, the function will exit prematurely, skipping the critical
cleanup logic. This will result in leaking process event listeners and failing to flush
pending telemetry events, potentially leading to data loss.
anandgupta42
added a commit
that referenced
this pull request
Mar 17, 2026
* Revert "tui: keep model + thinking selectors beside Add file" This reverts commit 426dcfa. * Revert "tui: dock auto-accept after thinking and move Add file to bottom-left" This reverts commit 69cb49f. * test: remove unused Ripgrep.search coverage (#16554) * fix(tui): fix broken /mcp toggling (#16431) Co-authored-by: Shoubhit Dash <shoubhit2005@gmail.com> * fix(opencode): avoid TTY corruption from double cleanup (#16565) Co-authored-by: Shoubhit Dash <shoubhit2005@gmail.com> * docs(zen.mdx): correct Italian grammar and punctuation errors (#16590) * test: make process cwd check cross-platform (#16594) * fix: prune and evict stale app session caches (#16584) * fix(app): messages not loading reliably * chore: refactoring ui hooks * fix(app): less auto-expand/collapse * chore: update nix node_modules hashes * fix: trim retained desktop terminal buffers (#16583) * app: suppress hover when opening project menu or right-clicking to prevent flickering * tui: fix sidebar background color when collapsed When the sidebar was collapsed (not on mobile), the background color was showing as the stronger variant instead of matching the base background. This fixes the hover state detection so users see a consistent lighter background when the sidebar is in collapsed mode. * fix(tui): canonicalize cwd after chdir (#16641) * guard tui exit (#16640) * release: v1.2.22 * disable fallback to free nano for small model * feat(app): generate color palettes (#16232) * docs: add session_child_first keybinding to documentation (#16631) * docs(i18n): sync locale docs from english changes * fix(opencode): pass missing auth headers in `run --attach` (#16097) Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Shoubhit Dash <shoubhit2005@gmail.com> * fix(app): fix issue with scroll jumping when pressing escape in comment text area (#15374) * fix(app): sanitize workspace store filenames on Windows (#16703) * revert(app): "STUPID SEXY TIMELINE (#16420)" (#16745) * chore: update nix node_modules hashes * fix(app): don't animate review panel in/out * tui: fix sidebar workspace container sizing by adding box-border class to prevent content overflow issues * fix(app): remove oc-1 theme * release: v1.2.23 * add copilot gpt-5.4 xhigh support (#16294) * feat(gitlab): send context-1m-2025-08-07 beta header to enable 1M context window (#16153) Co-authored-by: Aiden Cline <63023139+rekram1-node@users.noreply.github.com> * feat(tui): add initial support for workspaces into the tui (#16230) * fix(storybook): add ci build workflow (#16760) * fix(app): dismiss toast notifications when questions or permissions a… (#16758) * fix(app): session title turn spinner (#16764) * core: prevent accidental edits to migration files by restricting agent access * fix(app): scroll jitter/loop * release: v1.2.24 * fix: Multiple jdtls LSPs eating memory in java monorepos (#12123) * fix(tui): handle error when creating a session (#16767) * refactor: change pathToFileURL imports from bun to url module * refactor(opencode): replace Bun shell in core flows (#16286) * fix(tui): wait for model store before auto-submitting --prompt (#7476) * refactor: replace bun semver with npm semver package * chore: generate * docs: update opencode-morph-fast-apply to opencode-morph-plugin in ecosystem (#16634) * chore: update nix node_modules hashes * chore: update nix node_modules hashes * fix(core): put workspace routing behind OPENCODE_EXPERIMENTAL_WORKSPACES flag (#16775) * chore: generate * chore: cleanup * chore: cleanup * fix(app): terminal state corruption * chore(app): dev stats * refactor(server): extract createApp function for server initialization - Replace Server.App() with Server.Default() for internal server access - Extract server app creation into Server.createApp(opts) for testability - Move CORS whitelist from module-level variable to function parameter - Update all tests to use Server.Default() instead of Server.App() * fix(mcp): fix OAuth auto-connect failing on first connection (#15547) Co-authored-by: Aiden Cline <63023139+rekram1-node@users.noreply.github.com> * chore: generate * upgrade opentui to v0.1.87 (#16772) * chore: update nix node_modules hashes * docs: update opencode-morph-plugin in all language ecosystem pages (#16869) * chore: generate * chore(app): debug window * fix(opencode): add thinking variants support for SAP AI provider (#14958) Co-authored-by: Test <test@test.com> Co-authored-by: Stephen Collings <stevoland@gmail.com> * chore: generate * fix(core): make worktrees read the project id from local workspace (#16795) * fix(core): a chunk timeout when processing llm stream (#16366) * feat(core): allow passing `workspaceID` into session create endpoint (#16798) * chore: generate * chore: rekram1-node is no longer on vacation (#16905) * fix(core): don't permit access to system directories (#16891) * core: make account login upgrades safe while adding multi-account workspace auth (#15487) Co-authored-by: Kit Langton <kit.langton@gmail.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> * chore: generate * Fix ESM imports for @opencode-ai/plugin (#16916) * chore: update nix node_modules hashes * fix(app): terminal focus issues and jank * fix(app): terminal jank * chore: cleanup * ci: install setuptools to prevent Python distutils errors during dependency installation * ci: exclude draft PRs from beta labeling process to prevent unfinished work from being included in releases * zen: raise limit * feat(ui): restyle Card and improve tool error cards (#16888) Co-authored-by: Adam <2363879+adamdotdevin@users.noreply.github.com> * zen: raise limit * ci: cancel duplicate workflow runs and add read permissions - Add concurrency settings to cancel outdated runs when new commits are pushed - Add contents: read permission for security hardening - Remove redundant required job that checked test results * chore: kill old copilot 403 message that was used for old plugin migration (#16904) * chore(app): fix tests * sync * fix(account): resilient orgs fetch (#16944) * feat(web): use Feishu for Chinese community links (#16908) Co-authored-by: Frank <frank@anoma.ly> * fix: add GOOGLE_VERTEX_LOCATION env var support for Vertex AI (#16922) Co-authored-by: Aiden Cline <63023139+rekram1-node@users.noreply.github.com> * fix(electron): hide Windows background consoles (#16842) Co-authored-by: Brendan Allan <git@brendonovich.dev> * chore: generate * ci: setup node in tauri build * fix(app): make error tool card respect settings (#17005) * perf(app): trim session render work (#16987) * tweak: adjust way skills are presented to agent to increase likelyhood of skill invocations. (#17053) * docs(providers): clarify npm choice for chat vs responses APIs (#16974) Co-authored-by: wangxinxin <xinxin.wang@pharmbrain.com> * chore(app): simplify review pane (#17066) * fix(core): read stdout and stderr in PackageRegistry.info before waiting for the process to exit (#16998) * refactor(account): tighten effect-based account flows (#17072) * fix(app): skip editor reconcile during IME composition (#17041) * fix(app): todos not clearing * feat(id): brand ProjectID through Drizzle and Zod schemas (#16948) * chore: fix test * tweak: adjust skill presentation to be a little less token heavy (#17098) * chore: fix test * fix: re-enable snapshot in acp (#14918) * chore: skip test * feat(app): restore to message and fork session (#17092) * core: restore plugin serverUrl getter so plugins can connect to local server * zen: update header * zen: update usage graph on landing page * zen: add usage section * zen: add Go page * zen: add alipay for go sub * zen: add alipay for adding balance * zen: update discount copy on lander * go: first month discount * go: dashboard design * wip: zen * docs: zen update models * docs: go pricing * wip: zen * wip: zen * feat(id): brand SessionID through Drizzle and Zod schemas (#16953) * chore: generate * fix: resolve symlinks in Instance cache to prevent duplicate contexts (#16651) Co-authored-by: LukeParkerDev <10430890+Hona@users.noreply.github.com> * feat(id): brand WorkspaceID through Drizzle and Zod schemas (#16964) * chore: generate * feat(id): brand PartID through Drizzle and Zod schemas (#16966) * chore: generate * feat(windows): add arm64 release targets for cli and desktop (#16696) * chore: generate * feat(id): brand PermissionID, PtyID, QuestionID, and ToolID (#17042) * chore: generate * fix(e2e): re-focus prompt after terminal opens in slash-terminal test (#17113) * chore: generate * fix(ci): use dynamic bun cache path for cross-platform support (#17120) * core: remove external sourcemap generation to reduce build artifacts * fix(app): guard comment accessor in message timeline (#17126) * chore: generate * fix(desktop-electron): fix resource loading under file:// protocol (#17125) * fix(electron): theme Windows titlebar overlay (#16843) Co-authored-by: Brendan Allan <brendonovich@outlook.com> * fix(desktop): set default WebSocket username and prevent repeated calling of terminal spawn properly closing the terminal (#17061) * Fix terminal e2e flakiness with a real terminal driver (#17144) * chore: generate * refactor(desktop): rework default server initialization and connection handling (#16965) * chore: update nix node_modules hashes * chore: cleanup (#17115) * fix(app): sidebar quirks * feat(id): brand ProviderID and ModelID (#17110) * chore: generate * chore: cleanup * fix(app): terminal animation * fix(web): fix broken mobile sidebar (in workflows mode) sizing issue by adding flex-1 (#17055) * chore: cleanup (#17184) * docs: clarify subagent session navigation keybinds (#16455) * refactor(provider): flow branded ProviderID/ModelID through internal signatures (#17182) * chore: generate * refactor(import): use .parse() at boundaries instead of manual .make() (#17106) * fix: non openai azure models that use completions endpoints (#17128) * chore: update nix node_modules hashes * feat(app): better themes (#16889) * feat: session load perf (#17186) * chore: cleanup (#17197) * zen: fix nemotron issue * fix(app): titlebar cleanup (#17206) * fix(app): not loading message nav * feat(app): AMOLED theme * fix(app): optimistic revert/restore * feat(app): follow-up behavior (#17233) * fix: if server password exists, use basic auth for plugin client by default (#17213) * fix(app): message loading * fix(app): task error state * fix(app): sidebar re-rendering too often * zen: handle cache key * release: v1.2.25 * fix(ci): keep test runs on dev (#17260) * feat(app): interruption state * reorder provider list in providers login (#17262) * fix(app): increase CI e2e workers (#17263) * tweak: rm openrouter warning (#17259) * refactor(auth): effectify AuthService (#17212) * feat(cli): add console account subcommands (#17265) * desktop: multi-window support in electron (#17155) * refactor(provider): effectify ProviderAuthService (#17227) * chore: generate * fix(app): stabilize todo dock e2e with composer probe (#17267) * fix(cli): hide console command from help output (#17277) * chore: generate * fix: filter empty content blocks for Bedrock provider (#14586) * feat(app): missing themes (#17275) * fix(app): list item background colors * fix(e2e): fail fast on config dependency installs (#17280) * fix(opencode): sessions lost after git init in existing project (#16814) Co-authored-by: Aiden Cline <63023139+rekram1-node@users.noreply.github.com> * chore: cleanup migrate from global code (#17292) * go: upi pay * fix(app): simplify themes (#17274) * perf(server): paginate session history (#17134) * chore: generate * Remove prompt mode toggle (#17216) * perf(app): use cursor session history loading (#17329) * chore: cleanup (#17284) * chore(app): i18n sync (#17283) * fix(app): support text attachments (#17335) * fix(app): oc-2 went too dark * fix(opencode): serialize config bun installs (#17342) * fix(app): better optimistic prompt submit (#17337) * fix(app): todo spacing * fix(app): tooltip quirks * fix(app): scroll falls behind prompt input * fix(app): terminal cloning without retry (#17354) * fix(app): sidebar spacing + session list spinner transition (#17355) * fix(ui): force wasm highlighter for markdown code blocks (#17373) * fix(app): fork should copy prompt into new session (#17375) * feat(schema): scaffold effect-to-zod bridge (#17273) * fix(app): restore sidebar dash and sync session spinner colors (#17384) * fix(app): animate titlebar controls on sidebar open * fix(app): avoid clipping new session during sidebar anim * tweak(ui): use new-session icon in sidebar buttons * fix(app): sidebar sync * fix(app): polish prompt composer controls (#17388) * fix(app): model selection persist by session (#17348) * release: v1.2.26 * chore: apply branding transforms for upstream v1.2.26 * fix: improve merge tooling and add upstream merge guard tests Merge script improvements: - Add per-file error handling in `autoResolveConflicts` so one failure doesn't abort all resolution - Handle delete/add conflicts in skipFiles with `git rm` fallback - Add `cleanupSkipFiles` step to `postMergeTransforms` — automatically removes skipFiles packages after merge - Change `stageAll()` from `git add -A` to `git add -u` to avoid ENOBUFS from untracked experiment directories - Add `--force` to `fetchRemote` tag fetches to resolve local/upstream tag conflicts - Handle already-committed merges in `--continue` flow gracefully New tests (upstream-merge-guard.test.ts): - Installation branding: USER_AGENT, brew tap, npm package name - Root package.json integrity: no globs in workspaces, no sst/electron - Deleted packages stay deleted (14 upstream-only dirs/files) - OAuth/MCP branding: client_name, HTML titles - opencode.ai domain leak scanner for src/*.ts and src/*.tsx Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: re-apply post-merge branding, cleanup, and type fixes Re-applies all post-merge fixes that were needed after the rebase to remove large .duckdb files from commit history. - Delete upstream-only packages (app, console, desktop, etc.) - Fix root package.json (explicit workspaces, remove sst/electron) - Fix bin entries in opencode package.json - Fix branding leaks in installation/index.ts - Fix branded type errors in custom files - Fix telemetry @/control → @/account import - Regenerate bun.lock Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * chore: remove local-only files accidentally included in merge Remove `docs/research/`, `docs/strategy/`, `experiments/`, and `.github/meta/` — these are local working files that were accidentally staged during the upstream merge branding transforms step. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * chore: add `__pycache__` to `.gitignore` and remove tracked copies Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * chore: add glossary, translator, and storybook workflow to skipFiles Remove `.opencode/glossary/`, `.opencode/agent/translator.md`, and `.github/workflows/storybook.yml` — these are upstream-only files we don't need. Added to `skipFiles` config so future merges auto-discard them. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * chore: skip and remove upstream-only project configs Add to skipFiles and remove: - `.opencode/tool/github-triage.*`, `github-pr-search.*` — upstream team triage tools - `.opencode/agent/duplicate-pr.md`, `triage.md`, `docs.md` — upstream agents - `.opencode/themes/mytheme.json` — upstream dev's personal theme - `.opencode/env.d.ts` — types for upstream plugins - `.opencode/command/rmslop.md`, `ai-deps.md`, `spellcheck.md` — upstream dev commands - `script/sync-zed.ts` — Zed extension sync (no workflow references it) - `AGENTS.md` — references `dev` branch, misleading for our fork Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * docs: add Google Vertex AI provider section Document Vertex AI provider configuration including `project`, `location` options and supported environment variables (`GOOGLE_VERTEX_LOCATION`, `GOOGLE_CLOUD_LOCATION`, `VERTEX_LOCATION`). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * test: add 58 new upstream merge guard tests - Sync `merge-config.json` with `config.ts` (22 → 39 skipFiles patterns) - Add skipFiles tests for all newly skipped upstream configs (glossary, triage tools, AGENTS.md, storybook workflow, etc.) - Add forbidden file/dir existence checks for all skipped items - Add repository hygiene tests: `__pycache__` in .gitignore, altimate-engine existence, bridge directory - Add config consistency tests: merge-config.json ↔ config.ts sync Total: 170 → 228 tests (58 new) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: address Sentry review findings - Fix CORS regex branding leak: `opencode.ai` → `altimate.ai` in server.ts origin validation - Fix agent name mismatch: `"build"` → `"builder"` in prompt.ts plan-to-build transition (our fork renamed the agent) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: restore custom compaction logic and fix CI test failures - Restore our `isOverflow` formula with safety guard and unified headroom (upstream simplified it but introduced a bug with small-context models where `context == maxOutput` causes `usable=0` and premature compaction) - Restore observation masks, telemetry tracking, compaction attempt counting, and Data Context section in compaction prompt - Fix `project.test.ts`: source writes `.git/opencode` (internal identifier in `preservePatterns`), not `.git/altimate` — tests were over-branded - Fix `publish-package.test.ts`: `bin["altimate"]` points to `./bin/altimate-code`, not `./bin/altimate` All custom additions marked with `altimate_change` comments for merge safety. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: use correct `altimate_change start/end` marker format in `compaction.ts` Align all markers to the project convention (`// altimate_change start —` / `// altimate_change end`) so the `analyze.ts` integrity checker recognizes them and future upstream merges don't silently overwrite our custom logic. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: restore telemetry and branding overwritten by upstream merge Upstream v1.2.26 refactored `prompt.ts` and `installation/index.ts`, silently removing our telemetry instrumentation (no `altimate_change` markers existed to protect it). Restored: - `prompt.ts`: session telemetry (`session_start`, `session_end`, `agent_outcome`), cost/token accumulation, emergency shutdown hooks - `installation/index.ts`: upgrade telemetry (`upgrade_attempted` with success/error status, version info, method) - `server.ts`: branded default username `"altimate"` (was `"opencode"`) All restored code wrapped with `// altimate_change start/end` markers to prevent future upstream overwrites. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: resolve circular dependency in `installation/index.ts` and add marker integrity tests - Use lazy `getTelemetry()` import pattern for both upgrade success and error paths to avoid circular dep: installation → Telemetry → Installation - Add `"aborted"` to `agent_outcome` telemetry event `outcome` union type - Add missing `compactions` field to `agent_outcome` tracking in `prompt.ts` - Add marker integrity test section to upstream-merge-guard tests: validates required marker files and start/end block pairing Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * refactor: simplify upstream merge strategy - Delete `merge-config.json` (superseded by `utils/config.ts`) - Delete unused `transforms/` directory (12 files, logic is inline in `merge.ts`) - Fix `keepOurs`/`skipFiles` overlap: remove `infra/**` and `README.*.md` from `keepOurs` (they belong in `skipFiles` only) - Consolidate ANSI color helpers into `utils/logger.ts` (was duplicated in `merge.ts`, `analyze.ts`, and `logger.ts`) - Merge `check-markers.ts` into `analyze.ts` as `--markers` mode with `--base` and `--strict` flags - Add Marker Guard CI job to `.github/workflows/ci.yml` — runs on every PR, catches upstream-shared files missing `altimate_change` markers - Update tests: replace config consistency tests with config integrity tests (overlap detection, dead file assertions) - Update README with new CLI commands and CI integration docs Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: marker guard should only check modified files, not newly added ones New files don't exist upstream and can't be overwritten by a merge, so they don't need `altimate_change` markers. Changed `--diff-filter` from `AM` (Added+Modified) to `M` (Modified only). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: marker guard checks upstream remote to skip our-only files Files that don't exist in upstream can't be overwritten by a merge, so they don't need `altimate_change` markers. The guard now loads the full upstream file tree via `git ls-tree` (cached in a Set for O(1) lookups) and checks all upstream-shared files — not just `packages/opencode/src/`. CI step fetches the upstream remote first. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: address review feedback — telemetry bugs, CI fixes, branding leak Bug fixes: - Fix `text-end` handler overwriting `start` time in `processor.ts` - Fix `toolCallCount` never incremented — now counts tool parts per step - Fix `emergencySessionEndFired` never set true after normal `session_end` - Clean up emergency process handlers after normal completion - Wire up `compactionCount` to `agent_outcome` telemetry (was hardcoded 0) - Add compaction circuit breaker (max 3 attempts per session) - Add legacy `.git/altimate-code` fallback in `readCachedId` - Cache lazy telemetry import in `installation/index.ts` - Fix duplicate `telemetryMethod` declaration in upgrade telemetry - Fix branding leak: `anomalyco` → `AltimateAI` in `parsers-config.ts` CI fixes: - Marker guard: skip strict mode for upstream merge PRs (branch detection) - Marker guard: use PR base ref instead of hardcoded `origin/main` - Marker guard: exclude test files, generated SDK, config files from checks - Fix tests referencing deleted `merge-config.json` — use `config.ts` directly Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: disable upstream `beta.yml` schedule, rebrand `opencode.yml` triggers - `beta.yml`: disable hourly schedule (upstream beta branch syncing not needed) - `opencode.yml`: replace `/oc` and `/opencode` triggers with `/altimate` and `/ac`, update model reference from `opencode/claude-opus-4-5` to `anthropic/claude-opus-4-5` Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * test: add regression tests for telemetry, compaction, and branding fixes Session regression tests (15 tests): - `toolCallCount` accumulation from tool parts per step - `text-end` time preservation (start time not overwritten) - `emergencySessionEndFired` deduplication and listener cleanup - Compaction circuit breaker (max 3 attempts, per-session, abort cleanup) - `compactionCount` wired to `agent_outcome` telemetry - Telemetry lazy import caching Branding regression tests (5 tests): - `parsers-config.ts` has no `anomalyco` references - `opencode.yml` uses `/altimate` triggers, not `/opencode` - `beta.yml` schedule is disabled - `opencode.yml` model reference doesn't use `opencode/` prefix Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * test: add marker guard safety tests to prevent bypass - Verify `markerExcludePatterns` never matches `src/` source files - Verify CI uses `--strict` mode for non-merge PRs - Prevents future changes from accidentally disabling marker protection Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: David Hill <iamdavidhill@gmail.com> Co-authored-by: Dax <mail@thdxr.com> Co-authored-by: Nate Williams <50088025+natewill@users.noreply.github.com> Co-authored-by: Shoubhit Dash <shoubhit2005@gmail.com> Co-authored-by: tobwen <1864057+tobwen@users.noreply.github.com> Co-authored-by: Roy Bruschini <bruroy96@gmail.com> Co-authored-by: Adam <2363879+adamdotdevin@users.noreply.github.com> Co-authored-by: opencode-agent[bot] <opencode-agent[bot]@users.noreply.github.com> Co-authored-by: Luke Parker <10430890+Hona@users.noreply.github.com> Co-authored-by: Sebastian <hasta84@gmail.com> Co-authored-by: opencode <opencode@sst.dev> Co-authored-by: Dax Raad <d@ironbay.co> Co-authored-by: Ariane Emory <97994360+ariane-emory@users.noreply.github.com> Co-authored-by: Eric Clemmons <eric@smarterspam.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Yihui Khuu <yihui.khuu@gmail.com> Co-authored-by: Jack <jack@anoma.ly> Co-authored-by: Armin Pašalić <armin@pasalic.me> Co-authored-by: Aiden Cline <63023139+rekram1-node@users.noreply.github.com> Co-authored-by: James Long <longster@gmail.com> Co-authored-by: Karan Handa <79533543+ShriKaranHanda@users.noreply.github.com> Co-authored-by: Filip <34747899+neriousy@users.noreply.github.com> Co-authored-by: David Hill <1879069+iamdavidhill@users.noreply.github.com> Co-authored-by: Stephen Collings <stevoland@gmail.com> Co-authored-by: Kyle Altendorf <sda@fstab.net> Co-authored-by: bhaktatejas922 <bhaktatejas922@gmail.com> Co-authored-by: adam jones <domdomegg+git@gmail.com> Co-authored-by: Jérôme Benoit <jerome.benoit@piment-noir.org> Co-authored-by: Test <test@test.com> Co-authored-by: Kit Langton <kit.langton@gmail.com> Co-authored-by: Frank <frank@anoma.ly> Co-authored-by: SOUMITRA-SAHA <soumitrosahaofficial@gmail.com> Co-authored-by: Brendan Allan <git@brendonovich.dev> Co-authored-by: xinxin <45682184+andyWang1688@users.noreply.github.com> Co-authored-by: wangxinxin <xinxin.wang@pharmbrain.com> Co-authored-by: Johannes Loher <johannes.loher@fg4f.de> Co-authored-by: Chris Yang <18487241+ysm-dev@users.noreply.github.com> Co-authored-by: Noam Bressler <noamzbr@gmail.com> Co-authored-by: John Mylchreest <jmylchreest@gmail.com> Co-authored-by: Brendan Allan <brendonovich@outlook.com> Co-authored-by: OpeOginni <107570612+OpeOginni@users.noreply.github.com> Co-authored-by: max tomashevsky <nasadregistr@gmail.com> Co-authored-by: Wang Siyuan <wsy0227@sjtu.edu.cn> Co-authored-by: Tom Ryder <tom.ryder@live.co.uk> Co-authored-by: Michael Dwan <m@dwan.io>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What does this PR do?
Merges upstream OpenCode v1.2.21 through v1.2.26 (6 releases, 302 commits) into our fork, with all branding transforms, conflict resolution, and post-merge fixes applied.
Key upstream features & fixes included:
perf(server): paginate session history)git initin existing projectGOOGLE_VERTEX_LOCATIONenv var supportPost-merge fixes (our code):
trajectory.ts,attach.ts,telemetry/index.ts, test files)@/control→@/accountimport rename in telemetry moduleUSER_AGENT, brew tap (anomalyco→AltimateAI), npm package nameMerge tooling improvements:
autoResolveConflicts— one failure no longer aborts all resolutiongit rmfallbackcleanupSkipFilesstep removes upstream-only packages after mergestageAll()fromgit add -Atogit add -uto avoid ENOBUFS from untracked directories--forceto tag fetches to resolve local/upstream tag conflicts--continueflowNew tests (29 tests in
upstream-merge-guard.test.ts):Type of change
Issue for this PR
N/A — recurring upstream merge task
How did you verify your code works?
bunx turbo typecheck— 4/4 packages passbun test --cwd packages/opencode test/branding/— 170/170 tests pass (including 29 new upstream merge guards)bun test --cwd packages/opencode— 1843 pass, 48 fail (all failures are pre-existing upstream issues, main has 591 failures)Checklist