refactor: sync opencode config schemas

[Astro-Han]

Summary

• Sync the OpenCode v1.14.19 config and schema base into PawWork while keeping packages/opencode on product version 0.2.4.
• Regenerate OpenAPI and SDK surfaces, and bump upstream-tracked package versions from 1.4.11 to 1.14.19.
• Preserve PawWork compatibility for pawwork.json aliases, config dependency bootstrap, console org state, config error serialization, and local tool dependency loading.

Why

This is the Base PR for the OpenCode sync cycle. It brings over the schema and generated surfaces that later slices can build on without mixing provider, TUI, desktop, or runtime feature decisions into this PR.

Compatibility Notes

• @/config now exposes config modules through namespace barrels such as Config, ConfigAgent, ConfigPermission, and ConfigError. Direct imports from the underlying files remain the safest internal path when a caller needs a specific schema or error class.
• parseManagedPlist() now returns sanitized JSON text for the caller to parse through the normal config parser. Malformed plutil JSON is propagated instead of becoming an empty config.
• Permission action schemas now live under ConfigPermission.Action; config errors now live under ConfigError.JsonError and ConfigError.InvalidError.
• MCP timeout is intentionally still a positive integer. The generated OpenAPI and SDK surfaces now reflect integer, exclusiveMinimum: 0.

Related Issue

Part of #92.

How To Verify

bun turbo typecheck
bun --cwd packages/opencode test test/config/config.test.ts test/tool/registry.test.ts test/util/effect-zod.test.ts test/server/middleware.test.ts
bun turbo test:ci

Latest local results for the review-fix batch:

• bun turbo typecheck: 8 successful tasks
• bun --cwd packages/opencode test test/config/config.test.ts test/server/middleware.test.ts test/util/effect-zod.test.ts: 170 pass, 0 fail
• bun packages/sdk/js/script/build.ts: completed and regenerated SDK v2 types
• git diff --check: clean

Earlier full local result for this PR:

• bun turbo test:ci: 2098 pass, 11 skip, 1 todo, 0 fail

Screenshots or Recordings

No visible UI changes.

Checklist

• I ran the relevant verification steps
• I tested visible changes manually when needed
• I am targeting the dev branch

Summary by CodeRabbit

• New Features
  • Expanded configuration: agents, commands, plugins, providers, permissions, MCP, keybinds, layout, server, skills, variables, managed preferences, and model-id validation.
• Bug Fixes
  • Improved dependency detection and install gating with skip-on-failure and clearer configuration error responses; safer event payload handling.
• Tests
  • Large test additions for config loading, parsing, schema interop, dependency installs, plugin/tool resolution, and managed prefs.
• Chores
  • Version bumped to 1.14.19 across packages.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Adds many new Effect-based config schemas and loaders, restructures config exports, enhances Effect→Zod translation, implements config dependency detection/install gating in the tool registry, expands TUI/server/util exports, adds extensive tests, and bumps several package versions.

Changes

Cohort / File(s)	Summary
Package Version Bumps packages/function/package.json, packages/plugin/package.json, packages/sdk/js/package.json, packages/shared/package.json, packages/ui/package.json	Bumped published package versions from 1.4.11 → 1.14.19.
Monorepo Manifest packages/opencode/package.json	Added workspace dependency @opencode-ai/shared.
CLI Event Casting packages/opencode/src/cli/cmd/tui/context/event.ts	Casts dispatched event payloads to the exported Event type in all routing branches.
Config Index & Re-exports packages/opencode/src/config/index.ts	Replaced prior namespace export with many explicit re-exports (agent, command, error, formatter, lsp, variable, parse, permission, paths, provider, skills, mcp, managed, model-id, markdown, etc.).
Markdown Loaders packages/opencode/src/config/agent.ts, packages/opencode/src/config/command.ts, packages/opencode/src/config/markdown.ts	New markdown-based loaders for agents/commands/modes; adjusted frontmatter parsing flow, validation, and error publishing via Session/Event bus.
Config Schema Additions packages/opencode/src/config/* (console-state.ts, error.ts, formatter.ts, keybinds.ts, layout.ts, model-id.ts, permission.ts, provider.ts, server.ts, skills.ts, plugin.ts, variable.ts, entry-name.ts, dependency.ts, mcp.ts)	Introduced many Effect Schema modules, Zod interop statics, helpers for entry-name and dependency scanning, variable substitution, plugin resolver APIs, permission/provider/server/mcp schemas.
Paths & Parsing packages/opencode/src/config/paths.ts, packages/opencode/src/config/parse.ts	Converted namespace exports to top-level, added Effect-based discovery (directories, files), refactored JSONC parsing, unified error types usage, and revised read/parse helpers.
Effect → Zod Enhancements packages/opencode/src/util/effect-zod.ts	Large rewrite: AST memoization, Zod preprocess & override support, encoding/decoding transforms, checks/filters translation, improved unions/tuples/objects/arrays handling, exported ZodPreprocess.
Tool Registry & Dependency Flow packages/opencode/src/tool/registry.ts	Per-config-dir dependency tracking (depsReady/depsFailed), integrated usesConfigDependencies, conditional Config.installDependencies with failure marking and skip logic before importing local tools.
TUI / Server / Util Updates packages/opencode/src/config/tui.ts, packages/opencode/src/server/instance/experimental.ts, packages/opencode/src/util/index.ts	TUI now runs ConfigPaths.directories via Effect runtime; OpenAPI uses ConsoleState.zod; util barrel exports expanded.
Tests Added / Expanded packages/opencode/test/* (config.test.ts, server/middleware.test.ts, tool/registry.test.ts, util/effect-zod.test.ts)	Extensive test additions covering config loaders, managed plist, MCP validation, dependency-install timing/failure handling, error middleware, and Effect→Zod translations.
Small Fixes packages/opencode/src/cli/cmd/tui/context/event.ts, packages/opencode/src/server/instance/experimental.ts	Minor casting and schema→zod usage adjustments.

Sequence Diagram(s)

sequenceDiagram
    participant Loader as Config Loader
    participant FS as Filesystem
    participant Parser as Frontmatter Parser
    participant Validator as Effect/Zod Validator
    participant Bus as Event Bus
    participant Log as Logger

    Loader->>FS: scan `{agent,agents}/**/*.md`
    FS-->>Loader: file list
    loop per file
        Loader->>FS: read file content
        FS-->>Loader: content
        Loader->>Parser: parse frontmatter + prompt
        alt frontmatter parse fails
            Parser-->>Loader: parse error
            Loader->>Log: log parse error
            Loader->>Bus: publish Session.Event.Error
        else
            Parser-->>Loader: frontmatter + prompt
            Loader->>Validator: Info.safeParse(...)
            alt validation fails
                Validator-->>Loader: validation error
                Loader->>Log: log validation error
                Loader->>Bus: publish Session.Event.Error
            else
                Validator-->>Loader: validated config
                Loader-->>Loader: accumulate result
            end
        end
    end
    Loader-->>Loader: return Record<string, Info>

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related PRs

• fix: sync opencode tui compatibility slice #73: modifies the same TUI event module (packages/opencode/src/cli/cmd/tui/context/event.ts) and likely overlaps on event typing/import changes.

Suggested labels

enhancement

Poem

🐇 I nibble through configs bright,
New schemas hop into the light,
Markdown, Zod, and Effect entwine,
Dependencies tracked in tidy line,
Tests clap paws — the burrow's fine! 🥕

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 27.59% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The PR title 'refactor: sync opencode config schemas' clearly and concisely summarizes the main change: syncing OpenCode config schemas into the repository.
Description check	✅ Passed	The PR description is comprehensive and well-structured, covering summary, motivation, compatibility notes, related issue, verification steps with results, and completed checklist items.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch codex/sync-opencode-base

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Code Review

This pull request refactors the configuration system to use effect/Schema and enhances the effect-zod bridge to support transforms, defaults, and preprocessing. It introduces new configuration modules for agents, commands, keybinds, and providers, while updating the SDK to include experimental workspace and console management endpoints. Feedback highlights opportunities to improve robustness by handling dependency installation and validation errors more gracefully, as well as suggestions to refine type definitions and idiomatic usage in the agent configuration logic.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: a008583a70

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[Astro-Han]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[Astro-Han]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[Astro-Han]

Superseded by English inline review comments. The previous non-inline review body was cleared because review findings should be left inline on the affected diff lines.

[Astro-Han]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[Astro-Han]

Found two config validation regressions that should be fixed before merge.

[Astro-Han]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[Astro-Han]

Migrated the remaining actionable top-level review notes into inline comments.

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[Astro-Han]

Nitpick review. All specific observations are inline comments on the affected files.

Summary: 10 P1 suggestions (error handling, priority issues, API inconsistencies, etc.), 4 P2 notes (temporary hacks, type contracts, OpenAPI changes, etc.). All are minor details that do not block merge.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@packages/opencode/test/config/config.test.ts`:
- Around line 827-861: The test "duplicate derived command names keep the first
command" relies on glob brace expansion order so it can be flaky; make it
deterministic by ensuring the loader or test enforces a stable precedence
between ".opencode/command" and ".opencode/commands": either change load() (the
duplicate-resolution logic) to explicitly prefer entries from the singular
directory over the plural one when building config.command, or in the test
sort/normalize the discovered file list before asserting (e.g., ensure files
from singularDir are processed first) so expect(config.command?.["dup"]) always
reflects the singular file; update the unique symbols load(), config.command,
and the tmpdir init that creates singularDir and pluralDir accordingly.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 4da4666e-26b9-4ee6-a21d-8fc6399dd6da

📥 Commits

Reviewing files that changed from the base of the PR and between 561d9af and ec9905d.

📒 Files selected for processing (2)

• packages/opencode/src/config/command.ts
• packages/opencode/test/config/config.test.ts

[Astro-Han]

Summary

This PR brings in the OpenCode v1.14.19 config schema sync while preserving PawWork compatibility. Overall well-structured for a base sync PR. A few observations:

1. Config namespace export style change

The index.ts export style changed from:

// Before (dev)
import { Config } from "./config"
export { Config }

To:

// After (PR)
export * as Config from "./config"

This changes Config from a direct value/namespace import to a barrel re-export. While TypeScript consumers using import { Config } from "@/config/config" directly should remain unaffected, callers using import { Config } from "@/config" now receive a namespace wrapper rather than the original Config namespace.

2. Self-referencing barrel exports pattern

Each config module file now starts with:

export * as ConfigAgent from "./agent"
// ... rest of module implementation

This pattern allows internal code to reference ConfigAgent.Info before the actual export is defined. While TypeScript handles this correctly, the ordering is conceptually unusual — consider documenting why this is intentional if it's a deliberate pattern.

3. PawWork compatibility ✓

• PROJECT_CONFIG_NAMES = ["opencode", "pawwork"]
• GLOBAL_CONFIG_LOAD_FILES and GLOBAL_CONFIG_UPDATE_FILES include pawwork.json/pawwork.jsonc
• globalConfigFile() defaults to pawwork.json
• needsConfigDependencies and usesConfigDependencies retained
• ConsoleState Effect Schema migration with .zod compatibility

4. Test coverage

New tests for pawwork.json config file loading and updates cover the PawWork-specific paths.

---

CI passes, PawWork compatibility preserved. Ready to merge.

[Astro-Han]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (3)

packages/opencode/src/config/keybinds.ts (1)

125-127: ⚠️ Potential issue | 🟠 Major

Make the exported keybind schema strict.

This wrapper only checks instanceof z.ZodObject; it never calls .strict(). For a fixed-key config surface, typos like ledaer will be silently stripped instead of rejected. Mirroring the Server.zod pattern here would preserve typo detection.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/opencode/src/config/keybinds.ts` around lines 125 - 127, The
exported Keybinds schema currently casts KeybindsZod to a ZodObject without
enforcing strictness, so unknown keys are stripped instead of rejected; change
the validation to ensure KeybindsZod is a z.ZodObject and call .strict() (e.g.,
derive a strictZod = KeybindsZod.strict() or verify KeybindsZod.strict() before
casting) and export that strict object as Keybinds (reference symbols:
KeybindsZod, Keybinds, KeybindsSchema, z.ZodObject, .strict()) so typos in the
fixed key surface are rejected.

packages/opencode/src/config/agent.ts (1)

151-161: ⚠️ Potential issue | 🟠 Major

Detect duplicate derived names before writing to result.

These loaders still do last-write-wins assignment on result[config.name]. agent/foo.md vs agents/foo.md and mode/foo.md vs modes/foo.md can collapse to the same derived name and silently shadow each other based on scan order. Reuse the collision reporting/source-tracking flow from packages/opencode/src/config/command.ts here as well.

Also applies to: 189-199

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/opencode/src/config/agent.ts` around lines 151 - 161, The loader
currently derives a name via configEntryNameFromPath and unconditionally assigns
parsed.data into result[config.name], causing silent shadowing for paths like
agent/foo.md vs agents/foo.md; before assigning, check for an existing entry in
result with the same config.name and, if present, invoke the same
collision-reporting/source-tracking flow used in the command loader (reuse the
helper logic from command.ts) to record both sources and surface an error or
warning; apply the same change to the other block around lines 189-199 so all
derived-name collisions are detected and reported instead of doing
last-write-wins.

packages/opencode/src/config/permission.ts (1)

26-35: ⚠️ Potential issue | 🟠 Major

Keep __originalKeys out of the user-visible key space.

This preprocess step reserves a real config key inside a schema that otherwise accepts arbitrary string permission names. A tool/permission literally named __originalKeys will now be rejected or mangled by the order-preservation workaround.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/opencode/src/config/permission.ts` around lines 26 - 35, The current
permissionPreprocess injects a visible "__originalKeys" property into the value
object which collides with user permission names; instead, set the original-keys
metadata as a non-enumerable property on the same object (use
Object.defineProperty(val, "__originalKeys", { value:
globalThis.Object.keys(val), enumerable: false, configurable: true })) so
Object.keys/Schema.StructWithRest won't see it, and leave the rest of the object
intact; update permissionPreprocess (and any code expecting a copied object) to
rely on the non-enumerable "__originalKeys" property while preserving
ObjectShape usage.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@packages/opencode/src/config/variable.ts`:
- Around line 35-45: The env-substitution pass in
packages/opencode/src/config/variable.ts unconditionally expands {env:...}
tokens inside input.text (inside the input.text.replace callback) even when
those tokens are commented; update the replacement callback to first detect
whether the matched token is inside a comment using the same comment-guard logic
used for the file-token pass (the check that skips tokens when the line starts
with '//' or when a token is in a commented region) and, if it is commented,
return the original token (or empty per existing file-token behavior) instead of
expanding or throwing; apply the same guarded behavior to the other
env-substitution block referenced around lines 60-66 so both spots use a shared
helper (e.g., isTokenCommented or reuse the file-token guard) to decide whether
to skip expansion and erroring for commented tokens.

---

Duplicate comments:
In `@packages/opencode/src/config/agent.ts`:
- Around line 151-161: The loader currently derives a name via
configEntryNameFromPath and unconditionally assigns parsed.data into
result[config.name], causing silent shadowing for paths like agent/foo.md vs
agents/foo.md; before assigning, check for an existing entry in result with the
same config.name and, if present, invoke the same
collision-reporting/source-tracking flow used in the command loader (reuse the
helper logic from command.ts) to record both sources and surface an error or
warning; apply the same change to the other block around lines 189-199 so all
derived-name collisions are detected and reported instead of doing
last-write-wins.

In `@packages/opencode/src/config/keybinds.ts`:
- Around line 125-127: The exported Keybinds schema currently casts KeybindsZod
to a ZodObject without enforcing strictness, so unknown keys are stripped
instead of rejected; change the validation to ensure KeybindsZod is a
z.ZodObject and call .strict() (e.g., derive a strictZod = KeybindsZod.strict()
or verify KeybindsZod.strict() before casting) and export that strict object as
Keybinds (reference symbols: KeybindsZod, Keybinds, KeybindsSchema, z.ZodObject,
.strict()) so typos in the fixed key surface are rejected.

In `@packages/opencode/src/config/permission.ts`:
- Around line 26-35: The current permissionPreprocess injects a visible
"__originalKeys" property into the value object which collides with user
permission names; instead, set the original-keys metadata as a non-enumerable
property on the same object (use Object.defineProperty(val, "__originalKeys", {
value: globalThis.Object.keys(val), enumerable: false, configurable: true })) so
Object.keys/Schema.StructWithRest won't see it, and leave the rest of the object
intact; update permissionPreprocess (and any code expecting a copied object) to
rely on the non-enumerable "__originalKeys" property while preserving
ObjectShape usage.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 09382baf-fc52-459c-8394-13244af96a54

📥 Commits

Reviewing files that changed from the base of the PR and between ec9905d and c4cc852.

⛔ Files ignored due to path filters (1)

• packages/sdk/js/src/v2/gen/types.gen.ts is excluded by !**/gen/**

📒 Files selected for processing (13)

• packages/opencode/src/config/agent.ts
• packages/opencode/src/config/command.ts
• packages/opencode/src/config/entry-name.ts
• packages/opencode/src/config/keybinds.ts
• packages/opencode/src/config/managed.ts
• packages/opencode/src/config/permission.ts
• packages/opencode/src/config/server.ts
• packages/opencode/src/config/variable.ts
• packages/opencode/src/util/effect-zod.ts
• packages/opencode/test/config/config.test.ts
• packages/opencode/test/server/middleware.test.ts
• packages/opencode/test/util/effect-zod.test.ts
• packages/sdk/openapi.json