release: v3.1.11

- Remove non-functional batch tool handling (OpenCode has no batch tool)
- Keep working direct tool call path (read/write/edit/multiedit)
- Apply same cleanup to directory-agents-injector and directory-readme-injector
- Add .sisyphus/rules directory support

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -14,6 +14,8 @@ body:
       label: Prerequisites
       description: Please confirm the following before submitting
       options:
+        - label: I will write this issue in English (see our [Language Policy](https://github.com/code-yeongyu/oh-my-opencode/blob/dev/CONTRIBUTING.md#language-policy))
+          required: true
         - label: I have searched existing issues to avoid duplicates
           required: true
         - label: I am using the latest version of oh-my-opencode

.github/ISSUE_TEMPLATE/feature_request.yml

@@ -14,6 +14,8 @@ body:
       label: Prerequisites
       description: Please confirm the following before submitting
       options:
+        - label: I will write this issue in English (see our [Language Policy](https://github.com/code-yeongyu/oh-my-opencode/blob/dev/CONTRIBUTING.md#language-policy))
+          required: true
         - label: I have searched existing issues and discussions to avoid duplicates
           required: true
         - label: This feature request is specific to oh-my-opencode (not OpenCode core)

.github/ISSUE_TEMPLATE/general.yml

@@ -14,6 +14,8 @@ body:
       label: Prerequisites
       description: Please confirm the following before submitting
       options:
+        - label: I will write this issue in English (see our [Language Policy](https://github.com/code-yeongyu/oh-my-opencode/blob/dev/CONTRIBUTING.md#language-policy))
+          required: true
         - label: I have searched existing issues and discussions
           required: true
         - label: I have read the [documentation](https://github.com/code-yeongyu/oh-my-opencode#readme)

.github/workflows/ci.yml

@@ -44,8 +44,34 @@ jobs:
         env:
           BUN_INSTALL_ALLOW_SCRIPTS: "@ast-grep/napi"
 
-      - name: Run tests
-        run: bun test
+      - name: Run mock-heavy tests (isolated)
+        run: |
+          # These files use mock.module() which pollutes module cache
+          # Run them in separate processes to prevent cross-file contamination
+          bun test src/plugin-handlers
+          bun test src/hooks/atlas
+          bun test src/hooks/compaction-context-injector
+          bun test src/features/tmux-subagent
+
+      - name: Run remaining tests
+        run: |
+          # Run all other tests (mock-heavy ones are re-run but that's acceptable)
+          bun test bin script src/cli src/config src/mcp src/index.test.ts \
+            src/agents src/tools src/shared \
+            src/hooks/anthropic-context-window-limit-recovery \
+            src/hooks/claude-code-compatibility \
+            src/hooks/context-injection \
+            src/hooks/provider-toast \
+            src/hooks/session-notification \
+            src/hooks/sisyphus \
+            src/hooks/todo-continuation-enforcer \
+            src/features/background-agent \
+            src/features/builtin-commands \
+            src/features/builtin-skills \
+            src/features/claude-code-session-state \
+            src/features/hook-message-injector \
+            src/features/opencode-skill-loader \
+            src/features/skill-mcp-manager
 
   typecheck:
     runs-on: ubuntu-latest

.github/workflows/cla.yml

@@ -25,7 +25,7 @@ jobs:
           path-to-signatures: 'signatures/cla.json'
           path-to-document: 'https://github.com/code-yeongyu/oh-my-opencode/blob/master/CLA.md'
           branch: 'dev'
-          allowlist: bot*,dependabot*,github-actions*,*[bot],sisyphus-dev-ai
+          allowlist: code-yeongyu,bot*,dependabot*,github-actions*,*[bot],sisyphus-dev-ai
           custom-notsigned-prcomment: |
             Thank you for your contribution! Before we can merge this PR, we need you to sign our [Contributor License Agreement (CLA)](https://github.com/code-yeongyu/oh-my-opencode/blob/master/CLA.md).
             

.github/workflows/publish-platform.yml

@@ -28,16 +28,20 @@ permissions:
   id-token: write
 
 jobs:
-  publish-platform:
-    # Use windows-latest for Windows to avoid cross-compilation segfault (oven-sh/bun#18416)
-    # Fixes: #873, #844
+  # =============================================================================
+  # Job 1: Build binaries for all platforms
+  # - Windows builds on windows-latest (avoid bun cross-compile segfault)
+  # - All other platforms build on ubuntu-latest
+  # - Uploads compressed artifacts for the publish job
+  # =============================================================================
+  build:
     runs-on: ${{ matrix.platform == 'windows-x64' && 'windows-latest' || 'ubuntu-latest' }}
     defaults:
       run:
         shell: bash
     strategy:
       fail-fast: false
-      max-parallel: 2
+      max-parallel: 7
       matrix:
         platform: [darwin-arm64, darwin-x64, linux-x64, linux-arm64, linux-x64-musl, linux-arm64-musl, windows-x64]
     steps:
@@ -47,11 +51,6 @@ jobs:
         with:
           bun-version: latest
 
-      - uses: actions/setup-node@v4
-        with:
-          node-version: "24"
-          registry-url: "https://registry.npmjs.org"
-
       - name: Install dependencies
         run: bun install
         env:
@@ -63,15 +62,20 @@ jobs:
           PKG_NAME="oh-my-opencode-${{ matrix.platform }}"
           VERSION="${{ inputs.version }}"
           STATUS=$(curl -s -o /dev/null -w "%{http_code}" "https://registry.npmjs.org/${PKG_NAME}/${VERSION}")
+          # Convert platform name for output (replace - with _)
+          PLATFORM_KEY="${{ matrix.platform }}"
+          PLATFORM_KEY="${PLATFORM_KEY//-/_}"
           if [ "$STATUS" = "200" ]; then
             echo "skip=true" >> $GITHUB_OUTPUT
+            echo "skip_${PLATFORM_KEY}=true" >> $GITHUB_OUTPUT
             echo "✓ ${PKG_NAME}@${VERSION} already published"
           else
             echo "skip=false" >> $GITHUB_OUTPUT
+            echo "skip_${PLATFORM_KEY}=false" >> $GITHUB_OUTPUT
             echo "→ ${PKG_NAME}@${VERSION} needs publishing"
           fi
 
-      - name: Update version
+      - name: Update version in package.json
         if: steps.check.outputs.skip != 'true'
         run: |
           VERSION="${{ inputs.version }}"
@@ -99,15 +103,109 @@ jobs:
           fi
           
           bun build src/cli/index.ts --compile --minify --target=$TARGET --outfile=$OUTPUT
+          
+          echo "Built binary:"
+          ls -lh "$OUTPUT"
+
+      - name: Compress binary
+        if: steps.check.outputs.skip != 'true'
+        run: |
+          PLATFORM="${{ matrix.platform }}"
+          cd packages/${PLATFORM}
+          
+          if [ "$PLATFORM" = "windows-x64" ]; then
+            # Windows: use 7z (pre-installed on windows-latest)
+            7z a -tzip ../../binary-${PLATFORM}.zip bin/ package.json
+          else
+            # Unix: use tar.gz
+            tar -czvf ../../binary-${PLATFORM}.tar.gz bin/ package.json
+          fi
+          
+          cd ../..
+          echo "Compressed artifact:"
+          ls -lh binary-${PLATFORM}.*
+
+      - name: Upload artifact
+        if: steps.check.outputs.skip != 'true'
+        uses: actions/upload-artifact@v4
+        with:
+          name: binary-${{ matrix.platform }}
+          path: |
+            binary-${{ matrix.platform }}.tar.gz
+            binary-${{ matrix.platform }}.zip
+          retention-days: 1
+          if-no-files-found: error
+
+  # =============================================================================
+  # Job 2: Publish all platforms using OIDC/Provenance
+  # - Runs on ubuntu-latest for ALL platforms (just downloading artifacts)
+  # - Uses npm Trusted Publishing (OIDC) - no NODE_AUTH_TOKEN needed
+  # - Fresh OIDC token at publish time avoids timeout issues
+  # =============================================================================
+  publish:
+    needs: build
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      max-parallel: 2
+      matrix:
+        platform: [darwin-arm64, darwin-x64, linux-x64, linux-arm64, linux-x64-musl, linux-arm64-musl, windows-x64]
+    steps:
+      - name: Check if already published
+        id: check
+        run: |
+          PKG_NAME="oh-my-opencode-${{ matrix.platform }}"
+          VERSION="${{ inputs.version }}"
+          STATUS=$(curl -s -o /dev/null -w "%{http_code}" "https://registry.npmjs.org/${PKG_NAME}/${VERSION}")
+          if [ "$STATUS" = "200" ]; then
+            echo "skip=true" >> $GITHUB_OUTPUT
+            echo "✓ ${PKG_NAME}@${VERSION} already published, skipping"
+          else
+            echo "skip=false" >> $GITHUB_OUTPUT
+            echo "→ ${PKG_NAME}@${VERSION} will be published"
+          fi
+
+      - name: Download artifact
+        if: steps.check.outputs.skip != 'true'
+        uses: actions/download-artifact@v4
+        with:
+          name: binary-${{ matrix.platform }}
+          path: .
+
+      - name: Extract artifact
+        if: steps.check.outputs.skip != 'true'
+        run: |
+          PLATFORM="${{ matrix.platform }}"
+          mkdir -p packages/${PLATFORM}
+          
+          if [ "$PLATFORM" = "windows-x64" ]; then
+            unzip binary-${PLATFORM}.zip -d packages/${PLATFORM}/
+          else
+            tar -xzvf binary-${PLATFORM}.tar.gz -C packages/${PLATFORM}/
+          fi
+          
+          echo "Extracted contents:"
+          ls -la packages/${PLATFORM}/
+          ls -la packages/${PLATFORM}/bin/
+
+      - uses: actions/setup-node@v4
+        if: steps.check.outputs.skip != 'true'
+        with:
+          node-version: "24"
+          registry-url: "https://registry.npmjs.org"
 
       - name: Publish ${{ matrix.platform }}
         if: steps.check.outputs.skip != 'true'
         run: |
           cd packages/${{ matrix.platform }}
+          
           TAG_ARG=""
           if [ -n "${{ inputs.dist_tag }}" ]; then
             TAG_ARG="--tag ${{ inputs.dist_tag }}"
           fi
-          npm publish --access public $TAG_ARG
+          
+          npm publish --access public --provenance $TAG_ARG
         env:
-          NPM_CONFIG_PROVENANCE: false
+          NODE_AUTH_TOKEN: ${{ secrets.NODE_AUTH_TOKEN }}
+          NPM_CONFIG_PROVENANCE: true
+        timeout-minutes: 15

.github/workflows/publish.yml

@@ -45,8 +45,33 @@ jobs:
         env:
           BUN_INSTALL_ALLOW_SCRIPTS: "@ast-grep/napi"
 
-      - name: Run tests
-        run: bun test
+      - name: Run mock-heavy tests (isolated)
+        run: |
+          # These files use mock.module() which pollutes module cache
+          # Run them in separate processes to prevent cross-file contamination
+          bun test src/plugin-handlers
+          bun test src/hooks/atlas
+          bun test src/features/tmux-subagent
+
+      - name: Run remaining tests
+        run: |
+          # Run all other tests (mock-heavy ones are re-run but that's acceptable)
+          bun test bin script src/cli src/config src/mcp src/index.test.ts \
+            src/agents src/tools src/shared \
+            src/hooks/anthropic-context-window-limit-recovery \
+            src/hooks/claude-code-compatibility \
+            src/hooks/context-injection \
+            src/hooks/provider-toast \
+            src/hooks/session-notification \
+            src/hooks/sisyphus \
+            src/hooks/todo-continuation-enforcer \
+            src/features/background-agent \
+            src/features/builtin-commands \
+            src/features/builtin-skills \
+            src/features/claude-code-session-state \
+            src/features/hook-message-injector \
+            src/features/opencode-skill-loader \
+            src/features/skill-mcp-manager
 
   typecheck:
     runs-on: ubuntu-latest

.github/workflows/sisyphus-agent.yml

@@ -152,6 +152,41 @@ jobs:
                   "limit": { "context": 200000, "output": 64000 }
                 }
               }
+            } |
+            .provider["zai-coding-plan"] = {
+              "name": "Z.AI Coding Plan",
+              "npm": "@ai-sdk/openai-compatible",
+              "options": {
+                "baseURL": "https://api.z.ai/api/paas/v4"
+              },
+              "models": {
+                "glm-4.7": {
+                  "id": "glm-4.7",
+                  "name": "GLM 4.7",
+                  "limit": { "context": 128000, "output": 16000 }
+                },
+                "glm-4.6v": {
+                  "id": "glm-4.6v",
+                  "name": "GLM 4.6 Vision",
+                  "limit": { "context": 128000, "output": 16000 }
+                }
+              }
+            } |
+            .provider.openai = {
+              "name": "OpenAI",
+              "npm": "@ai-sdk/openai",
+              "models": {
+                "gpt-5.2": {
+                  "id": "gpt-5.2",
+                  "name": "GPT-5.2",
+                  "limit": { "context": 128000, "output": 16000 }
+                },
+                "gpt-5.2-codex": {
+                  "id": "gpt-5.2-codex",
+                  "name": "GPT-5.2 Codex",
+                  "limit": { "context": 128000, "output": 32000 }
+                }
+              }
             }
           ' "$OPENCODE_JSON" > /tmp/oc.json && mv /tmp/oc.json "$OPENCODE_JSON"
 
@@ -287,6 +322,9 @@ jobs:
           )
           jq --arg append "$PROMPT_APPEND" '.agents.Sisyphus.prompt_append = $append' "$OMO_JSON" > /tmp/omo.json && mv /tmp/omo.json "$OMO_JSON"
 
+          # Add categories configuration for unspecified-low to use GLM 4.7
+          jq '.categories["unspecified-low"] = { "model": "zai-coding-plan/glm-4.7" }' "$OMO_JSON" > /tmp/omo.json && mv /tmp/omo.json "$OMO_JSON"
+
           mkdir -p ~/.local/share/opencode
           echo "$OPENCODE_AUTH_JSON" > ~/.local/share/opencode/auth.json
           chmod 600 ~/.local/share/opencode/auth.json

.gitignore

@@ -33,3 +33,4 @@ yarn.lock
 test-injection/
 notepad.md
 oauth-success.html
+*.bun-build

.opencode/command/get-unpublished-changes.md

@@ -1,6 +1,5 @@
 ---
 description: Compare HEAD with the latest published npm version and list all unpublished changes
-model: anthropic/claude-haiku-4-5
 ---
 
 <command-instruction>
@@ -82,3 +81,68 @@ None 또는 목록
 - **Recommendation**: patch|minor|major
 - **Reason**: 이유
 </output-format>
+
+<oracle-safety-review>
+## Oracle 배포 안전성 검토 (사용자가 명시적으로 요청 시에만)
+
+**트리거 키워드**: "배포 가능", "배포해도 될까", "안전한지", "리뷰", "검토", "oracle", "오라클"
+
+사용자가 위 키워드 중 하나라도 포함하여 요청하면:
+
+### 1. 사전 검증 실행
+```bash
+bun run typecheck
+bun test
+```
+- 실패 시 → Oracle 소환 없이 즉시 "❌ 배포 불가" 보고
+
+### 2. Oracle 소환 프롬프트
+
+다음 정보를 수집하여 Oracle에게 전달:
+
+```
+## 배포 안전성 검토 요청
+
+### 변경사항 요약
+{위에서 분석한 변경사항 테이블}
+
+### 주요 diff (기능별로 정리)
+{각 feat/fix/refactor의 핵심 코드 변경 - 전체 diff가 아닌 핵심만}
+
+### 검증 결과
+- Typecheck: ✅/❌
+- Tests: {pass}/{total} (✅/❌)
+
+### 검토 요청사항
+1. **리그레션 위험**: 기존 기능에 영향을 줄 수 있는 변경이 있는가?
+2. **사이드이펙트**: 예상치 못한 부작용이 발생할 수 있는 부분은?
+3. **Breaking Changes**: 외부 사용자에게 영향을 주는 변경이 있는가?
+4. **Edge Cases**: 놓친 엣지 케이스가 있는가?
+5. **배포 권장 여부**: SAFE / CAUTION / UNSAFE
+
+### 요청
+위 변경사항을 깊이 분석하고, 배포 안전성에 대해 판단해주세요.
+리스크가 있다면 구체적인 시나리오와 함께 설명해주세요.
+배포 후 모니터링해야 할 키워드가 있다면 제안해주세요.
+```
+
+### 3. Oracle 응답 후 출력 포맷
+
+## 🔍 Oracle 배포 안전성 검토 결과
+
+### 판정: ✅ SAFE / ⚠️ CAUTION / ❌ UNSAFE
+
+### 리스크 분석
+| 영역 | 리스크 레벨 | 설명 |
+|------|-------------|------|
+| ... | 🟢/🟡/🔴 | ... |
+
+### 권장 사항
+- ...
+
+### 배포 후 모니터링 키워드
+- ...
+
+### 결론
+{Oracle의 최종 판단}
+</oracle-safety-review>

.opencode/skills/github-issue-triage/SKILL.md

@@ -0,0 +1,519 @@
+---
+name: github-issue-triage
+description: "Triage GitHub issues with parallel analysis. 1 issue = 1 background agent. Exhaustive pagination. Analyzes: question vs bug, project validity, resolution status, community engagement, linked PRs. Triggers: 'triage issues', 'analyze issues', 'issue report'."
+---
+
+# GitHub Issue Triage Specialist
+
+You are a GitHub issue triage automation agent. Your job is to:
+1. Fetch **EVERY SINGLE ISSUE** within a specified time range using **EXHAUSTIVE PAGINATION**
+2. Launch ONE background agent PER issue for parallel analysis
+3. Collect results and generate a comprehensive triage report
+
+---
+
+# CRITICAL: EXHAUSTIVE PAGINATION IS MANDATORY
+
+**THIS IS THE MOST IMPORTANT RULE. VIOLATION = COMPLETE FAILURE.**
+
+## YOU MUST FETCH ALL ISSUES. PERIOD.
+
+| WRONG | CORRECT |
+|----------|------------|
+| `gh issue list --limit 100` and stop | Paginate until ZERO results returned |
+| "I found 16 issues" (first page only) | "I found 61 issues after 5 pages" |
+| Assuming first page is enough | Using `--limit 500` and verifying count |
+| Stopping when you "feel" you have enough | Stopping ONLY when API returns empty |
+
+### WHY THIS MATTERS
+
+- GitHub API returns **max 100 issues per request** by default
+- A busy repo can have **50-100+ issues** in 48 hours
+- **MISSING ISSUES = MISSING CRITICAL BUGS = PRODUCTION OUTAGES**
+- The user asked for triage, not "sample triage"
+
+### THE ONLY ACCEPTABLE APPROACH
+
+```bash
+# ALWAYS use --limit 500 (maximum allowed)
+# ALWAYS check if more pages exist
+# ALWAYS continue until empty result
+
+gh issue list --repo $REPO --state all --limit 500 --json number,title,state,createdAt,updatedAt,labels,author
+```
+
+**If the result count equals your limit, THERE ARE MORE ISSUES. KEEP FETCHING.**
+
+---
+
+## PHASE 1: Issue Collection (EXHAUSTIVE Pagination)
+
+### 1.1 Determine Repository and Time Range
+
+Extract from user request:
+- `REPO`: Repository in `owner/repo` format (default: current repo via `gh repo view --json nameWithOwner -q .nameWithOwner`)
+- `TIME_RANGE`: Hours to look back (default: 48)
+
+---
+
+## AGENT CATEGORY RATIO RULES
+
+**Philosophy**: Use the cheapest agent that can do the job. Expensive agents = waste unless necessary.
+
+### Default Ratio: `unspecified-low:8, quick:1, writing:1`
+
+| Category | Ratio | Use For | Cost |
+|----------|-------|---------|------|
+| `unspecified-low` | 80% | Standard issue analysis - read issue, fetch comments, categorize | $ |
+| `quick` | 10% | Trivial issues - obvious duplicates, spam, clearly resolved | ¢ |
+| `writing` | 10% | Report generation, response drafting, summary synthesis | $$ |
+
+### When to Override Default Ratio
+
+| Scenario | Recommended Ratio | Reason |
+|----------|-------------------|--------|
+| Bug-heavy triage | `unspecified-low:7, quick:2, writing:1` | More simple duplicates |
+| Feature request triage | `unspecified-low:6, writing:3, quick:1` | More response drafting needed |
+| Security audit | `unspecified-high:5, unspecified-low:4, writing:1` | Deeper analysis required |
+| First-pass quick filter | `quick:8, unspecified-low:2` | Just categorize, don't analyze deeply |
+
+### Agent Assignment Algorithm
+
+```typescript
+function assignAgentCategory(issues: Issue[], ratio: Record<string, number>): Map<Issue, string> {
+  const assignments = new Map<Issue, string>();
+  const total = Object.values(ratio).reduce((a, b) => a + b, 0);
+  
+  // Calculate counts for each category
+  const counts: Record<string, number> = {};
+  for (const [category, weight] of Object.entries(ratio)) {
+    counts[category] = Math.floor(issues.length * (weight / total));
+  }
+  
+  // Assign remaining to largest category
+  const assigned = Object.values(counts).reduce((a, b) => a + b, 0);
+  const remaining = issues.length - assigned;
+  const largestCategory = Object.entries(ratio).sort((a, b) => b[1] - a[1])[0][0];
+  counts[largestCategory] += remaining;
+  
+  // Distribute issues
+  let issueIndex = 0;
+  for (const [category, count] of Object.entries(counts)) {
+    for (let i = 0; i < count && issueIndex < issues.length; i++) {
+      assignments.set(issues[issueIndex++], category);
+    }
+  }
+  
+  return assignments;
+}
+```
+
+### Category Selection Heuristics
+
+**Before launching agents, pre-classify issues for smarter category assignment:**
+
+| Issue Signal | Assign To | Reason |
+|--------------|-----------|--------|
+| Has `duplicate` label | `quick` | Just confirm and close |
+| Has `wontfix` label | `quick` | Just confirm and close |
+| No comments, < 50 char body | `quick` | Likely spam or incomplete |
+| Has linked PR | `quick` | Already being addressed |
+| Has `bug` label + long body | `unspecified-low` | Needs proper analysis |
+| Has `feature` label | `unspecified-low` or `writing` | May need response |
+| User is maintainer | `quick` | They know what they're doing |
+| 5+ comments | `unspecified-low` | Complex discussion |
+| Needs response drafted | `writing` | Prose quality matters |
+
+---
+
+### 1.2 Exhaustive Pagination Loop
+
+# STOP. READ THIS BEFORE EXECUTING.
+
+**YOU WILL FETCH EVERY. SINGLE. ISSUE. NO EXCEPTIONS.**
+
+## THE GOLDEN RULE
+
+```
+NEVER use --limit 100. ALWAYS use --limit 500.
+NEVER stop at first result. ALWAYS verify you got everything.
+NEVER assume "that's probably all". ALWAYS check if more exist.
+```
+
+## MANDATORY PAGINATION LOOP (COPY-PASTE THIS EXACTLY)
+
+You MUST execute this EXACT pagination loop. DO NOT simplify. DO NOT skip iterations.
+
+```bash
+#!/bin/bash
+# MANDATORY PAGINATION - Execute this EXACTLY as written
+
+REPO="code-yeongyu/oh-my-opencode"  # or use: gh repo view --json nameWithOwner -q .nameWithOwner
+TIME_RANGE=48  # hours
+CUTOFF_DATE=$(date -v-${TIME_RANGE}H +%Y-%m-%dT%H:%M:%SZ 2>/dev/null || date -d "${TIME_RANGE} hours ago" -Iseconds)
+
+echo "=== EXHAUSTIVE PAGINATION START ==="
+echo "Repository: $REPO"
+echo "Cutoff date: $CUTOFF_DATE"
+echo ""
+
+# STEP 1: First fetch with --limit 500
+echo "[Page 1] Fetching issues..."
+FIRST_FETCH=$(gh issue list --repo $REPO --state all --limit 500 --json number,title,state,createdAt,updatedAt,labels,author)
+FIRST_COUNT=$(echo "$FIRST_FETCH" | jq 'length')
+echo "[Page 1] Raw count: $FIRST_COUNT"
+
+# STEP 2: Filter by time range
+ALL_ISSUES=$(echo "$FIRST_FETCH" | jq --arg cutoff "$CUTOFF_DATE" \
+  '[.[] | select(.createdAt >= $cutoff or .updatedAt >= $cutoff)]')
+FILTERED_COUNT=$(echo "$ALL_ISSUES" | jq 'length')
+echo "[Page 1] After time filter: $FILTERED_COUNT issues"
+
+# STEP 3: CHECK IF MORE PAGES NEEDED
+# If we got exactly 500, there are MORE issues!
+if [ "$FIRST_COUNT" -eq 500 ]; then
+  echo ""
+  echo "WARNING: Got exactly 500 results. MORE PAGES EXIST!"
+  echo "Continuing pagination..."
+  
+  PAGE=2
+  LAST_ISSUE_NUMBER=$(echo "$FIRST_FETCH" | jq '.[- 1].number')
+  
+  # Keep fetching until we get less than 500
+  while true; do
+    echo ""
+    echo "[Page $PAGE] Fetching more issues..."
+    
+    # Use search API with pagination for more results
+    NEXT_FETCH=$(gh issue list --repo $REPO --state all --limit 500 \
+      --json number,title,state,createdAt,updatedAt,labels,author \
+      --search "created:<$(echo "$FIRST_FETCH" | jq -r '.[-1].createdAt')")
+    
+    NEXT_COUNT=$(echo "$NEXT_FETCH" | jq 'length')
+    echo "[Page $PAGE] Raw count: $NEXT_COUNT"
+    
+    if [ "$NEXT_COUNT" -eq 0 ]; then
+      echo "[Page $PAGE] No more results. Pagination complete."
+      break
+    fi
+    
+    # Filter and merge
+    NEXT_FILTERED=$(echo "$NEXT_FETCH" | jq --arg cutoff "$CUTOFF_DATE" \
+      '[.[] | select(.createdAt >= $cutoff or .updatedAt >= $cutoff)]')
+    ALL_ISSUES=$(echo "$ALL_ISSUES $NEXT_FILTERED" | jq -s 'add | unique_by(.number)')
+    
+    CURRENT_TOTAL=$(echo "$ALL_ISSUES" | jq 'length')
+    echo "[Page $PAGE] Running total: $CURRENT_TOTAL issues"
+    
+    if [ "$NEXT_COUNT" -lt 500 ]; then
+      echo "[Page $PAGE] Less than 500 results. Pagination complete."
+      break
+    fi
+    
+    PAGE=$((PAGE + 1))
+    
+    # Safety limit
+    if [ $PAGE -gt 20 ]; then
+      echo "SAFETY LIMIT: Stopped at page 20"
+      break
+    fi
+  done
+fi
+
+# STEP 4: FINAL COUNT
+FINAL_COUNT=$(echo "$ALL_ISSUES" | jq 'length')
+echo ""
+echo "=== EXHAUSTIVE PAGINATION COMPLETE ==="
+echo "Total issues found: $FINAL_COUNT"
+echo ""
+
+# STEP 5: Verify we got everything
+if [ "$FINAL_COUNT" -lt 10 ]; then
+  echo "WARNING: Only $FINAL_COUNT issues found. Double-check time range!"
+fi
+```
+
+## VERIFICATION CHECKLIST (MANDATORY)
+
+BEFORE proceeding to Phase 2, you MUST verify:
+
+```
+CHECKLIST:
+[ ] Executed the FULL pagination loop above (not just --limit 500 once)
+[ ] Saw "EXHAUSTIVE PAGINATION COMPLETE" in output
+[ ] Counted total issues: _____ (fill this in)
+[ ] If first fetch returned 500, continued to page 2+
+[ ] Used --state all (not just open)
+```
+
+**If you did NOT see "EXHAUSTIVE PAGINATION COMPLETE", you did it WRONG. Start over.**
+
+## ANTI-PATTERNS (WILL CAUSE FAILURE)
+
+| NEVER DO THIS | Why It Fails |
+|------------------|--------------|
+| Single `gh issue list --limit 500` | If 500 returned, you missed the rest! |
+| `--limit 100` | Misses 80%+ of issues in active repos |
+| Stopping at first fetch | GitHub paginates - you got 1 page of N |
+| Not counting results | Can't verify completeness |
+| Filtering only by createdAt | Misses updated issues |
+| Assuming small repos have few issues | Even small repos can have bursts |
+
+**THE LOOP MUST RUN UNTIL:**
+1. Fetch returns 0 results, OR
+2. Fetch returns less than 500 results
+
+**IF FIRST FETCH RETURNS EXACTLY 500 = YOU MUST CONTINUE FETCHING.**
+
+### 1.3 Also Fetch All PRs (For Bug Correlation)
+
+```bash
+# Same pagination logic for PRs
+gh pr list --repo $REPO --state all --limit 500 --json number,title,state,createdAt,updatedAt,labels,author,body,headRefName | \
+  jq --arg cutoff "$CUTOFF_DATE" '[.[] | select(.createdAt >= $cutoff or .updatedAt >= $cutoff)]'
+```
+
+---
+
+## PHASE 2: Parallel Issue Analysis (1 Issue = 1 Agent)
+
+### 2.1 Agent Distribution Formula
+
+```
+Total issues: N
+Agent categories based on ratio:
+- unspecified-low: floor(N * 0.8)
+- quick: floor(N * 0.1)  
+- writing: ceil(N * 0.1)  # For report generation
+```
+
+### 2.2 Launch Background Agents
+
+**MANDATORY: Each issue gets its own dedicated background agent.**
+
+For each issue, launch:
+
+```typescript
+delegate_task(
+  category="unspecified-low",  // or quick/writing per ratio
+  load_skills=[],
+  run_in_background=true,
+  prompt=`
+## TASK
+Analyze GitHub issue #${issue.number} for ${REPO}.
+
+## ISSUE DATA
+- Number: #${issue.number}
+- Title: ${issue.title}
+- State: ${issue.state}
+- Author: ${issue.author.login}
+- Created: ${issue.createdAt}
+- Updated: ${issue.updatedAt}
+- Labels: ${issue.labels.map(l => l.name).join(', ')}
+
+## ISSUE BODY
+${issue.body}
+
+## FETCH COMMENTS
+Use: gh issue view ${issue.number} --repo ${REPO} --json comments
+
+## ANALYSIS CHECKLIST
+1. **TYPE**: Is this a BUG, QUESTION, FEATURE request, or INVALID?
+2. **PROJECT_VALID**: Is this issue relevant to OUR project? (YES/NO/UNCLEAR)
+3. **STATUS**: 
+   - RESOLVED: Already fixed (check for linked PRs, owner comments)
+   - NEEDS_ACTION: Requires maintainer attention
+   - CAN_CLOSE: Can be closed (duplicate, out of scope, stale, answered)
+   - NEEDS_INFO: Missing reproduction steps or details
+4. **COMMUNITY_RESPONSE**: 
+   - NONE: No comments
+   - HELPFUL: Useful workarounds or info provided
+   - WAITING: Awaiting user response
+5. **LINKED_PR**: If bug, search PRs that might fix this issue
+
+## PR CORRELATION
+Check these PRs for potential fixes:
+${PR_LIST}
+
+## RETURN FORMAT
+\`\`\`
+#${issue.number}: ${issue.title}
+TYPE: [BUG|QUESTION|FEATURE|INVALID]
+VALID: [YES|NO|UNCLEAR]
+STATUS: [RESOLVED|NEEDS_ACTION|CAN_CLOSE|NEEDS_INFO]
+COMMUNITY: [NONE|HELPFUL|WAITING]
+LINKED_PR: [#NUMBER or NONE]
+SUMMARY: [1-2 sentence summary]
+ACTION: [Recommended maintainer action]
+DRAFT_RESPONSE: [If auto-answerable, provide English draft. Otherwise "NEEDS_MANUAL_REVIEW"]
+\`\`\`
+`
+)
+```
+
+### 2.3 Collect All Results
+
+Wait for all background agents to complete, then collect:
+
+```typescript
+// Store all task IDs
+const taskIds: string[] = []
+
+// Launch all agents
+for (const issue of issues) {
+  const result = await delegate_task(...)
+  taskIds.push(result.task_id)
+}
+
+// Collect results
+const results = []
+for (const taskId of taskIds) {
+  const output = await background_output(task_id=taskId)
+  results.push(output)
+}
+```
+
+---
+
+## PHASE 3: Report Generation
+
+### 3.1 Categorize Results
+
+Group analyzed issues by status:
+
+| Category | Criteria |
+|----------|----------|
+| **CRITICAL** | Blocking bugs, security issues, data loss |
+| **CLOSE_IMMEDIATELY** | Resolved, duplicate, out of scope, stale |
+| **AUTO_RESPOND** | Can answer with template (version update, docs link) |
+| **NEEDS_INVESTIGATION** | Requires manual debugging or design decision |
+| **FEATURE_BACKLOG** | Feature requests for prioritization |
+| **NEEDS_INFO** | Missing details, request more info |
+
+### 3.2 Generate Report
+
+```markdown
+# Issue Triage Report
+
+**Repository:** ${REPO}
+**Time Range:** Last ${TIME_RANGE} hours
+**Generated:** ${new Date().toISOString()}
+**Total Issues Analyzed:** ${issues.length}
+
+## Summary
+
+| Category | Count |
+|----------|-------|
+| CRITICAL | N |
+| Close Immediately | N |
+| Auto-Respond | N |
+| Needs Investigation | N |
+| Feature Requests | N |
+| Needs Info | N |
+
+---
+
+## 1. CRITICAL (Immediate Action Required)
+
+[List issues with full details]
+
+## 2. Close Immediately
+
+[List with closing reason and template response]
+
+## 3. Auto-Respond (Template Answers)
+
+[List with draft responses ready to post]
+
+## 4. Needs Investigation
+
+[List with investigation notes]
+
+## 5. Feature Backlog
+
+[List for prioritization]
+
+## 6. Needs More Info
+
+[List with template questions to ask]
+
+---
+
+## Response Templates
+
+### Fixed in Version X
+\`\`\`
+This issue was resolved in vX.Y.Z via PR #NNN.
+Please update: \`bunx oh-my-opencode@X.Y.Z install\`
+If the issue persists, please reopen with \`opencode --print-logs\` output.
+\`\`\`
+
+### Needs More Info
+\`\`\`
+Thank you for reporting. To investigate, please provide:
+1. \`opencode --print-logs\` output
+2. Your configuration file
+3. Minimal reproduction steps
+Labeling as \`needs-info\`. Auto-closes in 7 days without response.
+\`\`\`
+
+### Out of Scope
+\`\`\`
+Thank you for reaching out. This request falls outside the scope of this project.
+[Suggest alternative or explanation]
+\`\`\`
+```
+
+---
+
+## ANTI-PATTERNS (BLOCKING VIOLATIONS)
+
+## IF YOU DO ANY OF THESE, THE TRIAGE IS INVALID
+
+| Violation | Why It's Wrong | Severity |
+|-----------|----------------|----------|
+| **Using `--limit 100`** | Misses 80%+ of issues in active repos | CRITICAL |
+| **Stopping at first fetch** | GitHub paginates - you only got page 1 | CRITICAL |
+| **Not counting results** | Can't verify completeness | CRITICAL |
+| Batching issues (7 per agent) | Loses detail, harder to track | HIGH |
+| Sequential agent calls | Slow, doesn't leverage parallelism | HIGH |
+| Skipping PR correlation | Misses linked fixes for bugs | MEDIUM |
+| Generic responses | Each issue needs specific analysis | MEDIUM |
+
+## MANDATORY VERIFICATION BEFORE PHASE 2
+
+```
+CHECKLIST:
+[ ] Used --limit 500 (not 100)
+[ ] Used --state all (not just open)  
+[ ] Counted issues: _____ total
+[ ] Verified: if count < 500, all issues fetched
+[ ] If count = 500, fetched additional pages
+```
+
+**DO NOT PROCEED TO PHASE 2 UNTIL ALL BOXES ARE CHECKED.**
+
+---
+
+## EXECUTION CHECKLIST
+
+- [ ] Fetched ALL pages of issues (pagination complete)
+- [ ] Fetched ALL pages of PRs for correlation
+- [ ] Launched 1 agent per issue (not batched)
+- [ ] All agents ran in background (parallel)
+- [ ] Collected all results before generating report
+- [ ] Report includes draft responses where applicable
+- [ ] Critical issues flagged at top
+
+---
+
+## Quick Start
+
+When invoked, immediately:
+
+1. `gh repo view --json nameWithOwner -q .nameWithOwner` (get current repo)
+2. Parse user's time range request (default: 48 hours)
+3. Exhaustive pagination for issues AND PRs
+4. Launch N background agents (1 per issue)
+5. Collect all results
+6. Generate categorized report with action items

AGENTS.md

@@ -98,13 +98,13 @@ oh-my-opencode/
 
 | Agent | Model | Purpose |
 |-------|-------|---------|
-| Sisyphus | anthropic/claude-opus-4-5 | Primary orchestrator |
-| Atlas | anthropic/claude-opus-4-5 | Master orchestrator |
+| Sisyphus | anthropic/claude-opus-4-5 | Primary orchestrator (fallback: kimi-k2.5 → glm-4.7 → gpt-5.2-codex → gemini-3-pro) |
+| Atlas | anthropic/claude-sonnet-4-5 | Master orchestrator (fallback: kimi-k2.5 → gpt-5.2) |
 | oracle | openai/gpt-5.2 | Consultation, debugging |
-| librarian | opencode/big-pickle | Docs, GitHub search |
-| explore | opencode/gpt-5-nano | Fast codebase grep |
+| librarian | zai-coding-plan/glm-4.7 | Docs, GitHub search (fallback: glm-4.7-free) |
+| explore | anthropic/claude-haiku-4-5 | Fast codebase grep (fallback: gpt-5-mini → gpt-5-nano) |
 | multimodal-looker | google/gemini-3-flash | PDF/image analysis |
-| Prometheus | anthropic/claude-opus-4-5 | Strategic planning |
+| Prometheus | anthropic/claude-opus-4-5 | Strategic planning (fallback: kimi-k2.5 → gpt-5.2) |
 
 ## COMMANDS
 

README.ja.md

@@ -189,7 +189,7 @@ Windows から Linux に初めて乗り換えた時のこと、自分の思い
   - Oracle: 設計、デバッグ (GPT 5.2 Medium)
   - Frontend UI/UX Engineer: フロントエンド開発 (Gemini 3 Pro)
   - Librarian: 公式ドキュメント、オープンソース実装、コードベース探索 (Claude Sonnet 4.5)
-  - Explore: 超高速コードベース探索 (Contextual Grep) (Grok Code)
+   - Explore: 超高速コードベース探索 (Contextual Grep) (Claude Haiku 4.5)
 - Full LSP / AstGrep Support: 決定的にリファクタリングしましょう。
 - Todo Continuation Enforcer: 途中で諦めたら、続行を強制します。これがシジフォスに岩を転がし続けさせる秘訣です。
 - Comment Checker: AIが過剰なコメントを付けないようにします。シジフォスが生成したコードは、人間が書いたものと区別がつかないべきです。

README.ko.md

@@ -197,7 +197,7 @@ Hey please read this readme and tell me why it is different from other agent har
   - Oracle: 디자인, 디버깅 (GPT 5.2 Medium)
   - Frontend UI/UX Engineer: 프론트엔드 개발 (Gemini 3 Pro)
   - Librarian: 공식 문서, 오픈 소스 구현, 코드베이스 탐색 (Claude Sonnet 4.5)
-  - Explore: 엄청나게 빠른 코드베이스 탐색 (Contextual Grep) (Grok Code)
+   - Explore: 엄청나게 빠른 코드베이스 탐색 (Contextual Grep) (Claude Haiku 4.5)
 - 완전한 LSP / AstGrep 지원: 결정적으로 리팩토링합니다.
 - TODO 연속 강제: 에이전트가 중간에 멈추면 계속하도록 강제합니다. **이것이 Sisyphus가 그 바위를 굴리게 하는 것입니다.**
 - 주석 검사기: AI가 과도한 주석을 추가하는 것을 방지합니다. Sisyphus가 생성한 코드는 인간이 작성한 것과 구별할 수 없어야 합니다.

README.md

@@ -196,7 +196,7 @@ Meet our main agent: Sisyphus (Opus 4.5 High). Below are the tools Sisyphus uses
   - Oracle: Design, debugging (GPT 5.2 Medium)
   - Frontend UI/UX Engineer: Frontend development (Gemini 3 Pro)
   - Librarian: Official docs, open source implementations, codebase exploration (Claude Sonnet 4.5)
-  - Explore: Blazing fast codebase exploration (Contextual Grep) (Grok Code)
+  - Explore: Blazing fast codebase exploration (Contextual Grep) (Claude Haiku 4.5)
 - Full LSP / AstGrep Support: Refactor decisively.
 - Todo Continuation Enforcer: Forces the agent to continue if it quits halfway. **This is what keeps Sisyphus rolling that boulder.**
 - Comment Checker: Prevents AI from adding excessive comments. Code generated by Sisyphus should be indistinguishable from human-written code.

README.zh-cn.md

@@ -193,7 +193,7 @@
   - Oracle：设计、调试 (GPT 5.2 Medium)
   - Frontend UI/UX Engineer：前端开发 (Gemini 3 Pro)
   - Librarian：官方文档、开源实现、代码库探索 (Claude Sonnet 4.5)
-  - Explore：极速代码库探索（上下文感知 Grep）(Grok Code)
+   - Explore：极速代码库探索（上下文感知 Grep）(Claude Haiku 4.5)
 - 完整 LSP / AstGrep 支持：果断重构。
 - Todo 继续执行器：如果智能体中途退出，强制它继续。**这就是让 Sisyphus 继续推动巨石的关键。**
 - 注释检查器：防止 AI 添加过多注释。Sisyphus 生成的代码应该与人类编写的代码无法区分。

assets/oh-my-opencode.schema.json

@@ -80,7 +80,8 @@
           "prometheus-md-only",
           "sisyphus-junior-notepad",
           "start-work",
-          "atlas"
+          "atlas",
+          "stop-continuation-guard"
         ]
       }
     },
@@ -2768,7 +2769,8 @@
           "type": "string",
           "enum": [
             "playwright",
-            "agent-browser"
+            "agent-browser",
+            "dev-browser"
           ]
         }
       }
@@ -2808,6 +2810,50 @@
           "minimum": 20
         }
       }
+    },
+    "sisyphus": {
+      "type": "object",
+      "properties": {
+        "tasks": {
+          "type": "object",
+          "properties": {
+            "enabled": {
+              "default": false,
+              "type": "boolean"
+            },
+            "storage_path": {
+              "default": ".sisyphus/tasks",
+              "type": "string"
+            },
+            "claude_code_compat": {
+              "default": false,
+              "type": "boolean"
+            }
+          }
+        },
+        "swarm": {
+          "type": "object",
+          "properties": {
+            "enabled": {
+              "default": false,
+              "type": "boolean"
+            },
+            "storage_path": {
+              "default": ".sisyphus/teams",
+              "type": "string"
+            },
+            "ui_mode": {
+              "default": "toast",
+              "type": "string",
+              "enum": [
+                "toast",
+                "tmux",
+                "both"
+              ]
+            }
+          }
+        }
+      }
     }
   }
 }

bun.lock

@@ -1,6 +1,6 @@
 {
   "lockfileVersion": 1,
-  "configVersion": 0,
+  "configVersion": 1,
   "workspaces": {
     "": {
       "name": "oh-my-opencode",
@@ -18,6 +18,7 @@
         "jsonc-parser": "^3.3.1",
         "picocolors": "^1.1.1",
         "picomatch": "^4.0.2",
+        "vscode-jsonrpc": "^8.2.0",
         "zod": "^4.1.8",
       },
       "devDependencies": {
@@ -27,13 +28,13 @@
         "typescript": "^5.7.3",
       },
       "optionalDependencies": {
-        "oh-my-opencode-darwin-arm64": "3.1.0",
-        "oh-my-opencode-darwin-x64": "3.1.0",
-        "oh-my-opencode-linux-arm64": "3.1.0",
-        "oh-my-opencode-linux-arm64-musl": "3.1.0",
-        "oh-my-opencode-linux-x64": "3.1.0",
-        "oh-my-opencode-linux-x64-musl": "3.1.0",
-        "oh-my-opencode-windows-x64": "3.1.0",
+        "oh-my-opencode-darwin-arm64": "3.1.10",
+        "oh-my-opencode-darwin-x64": "3.1.10",
+        "oh-my-opencode-linux-arm64": "3.1.10",
+        "oh-my-opencode-linux-arm64-musl": "3.1.10",
+        "oh-my-opencode-linux-x64": "3.1.10",
+        "oh-my-opencode-linux-x64-musl": "3.1.10",
+        "oh-my-opencode-windows-x64": "3.1.10",
       },
     },
   },
@@ -43,41 +44,41 @@
     "@code-yeongyu/comment-checker",
   ],
   "packages": {
-    "@ast-grep/cli": ["@ast-grep/cli@0.40.0", "", { "dependencies": { "detect-libc": "2.1.2" }, "optionalDependencies": { "@ast-grep/cli-darwin-arm64": "0.40.0", "@ast-grep/cli-darwin-x64": "0.40.0", "@ast-grep/cli-linux-arm64-gnu": "0.40.0", "@ast-grep/cli-linux-x64-gnu": "0.40.0", "@ast-grep/cli-win32-arm64-msvc": "0.40.0", "@ast-grep/cli-win32-ia32-msvc": "0.40.0", "@ast-grep/cli-win32-x64-msvc": "0.40.0" }, "bin": { "sg": "sg", "ast-grep": "ast-grep" } }, "sha512-L8AkflsfI2ZP70yIdrwqvjR02ScCuRmM/qNGnJWUkOFck+e6gafNVJ4e4jjGQlEul+dNdBpx36+O2Op629t47A=="],
+    "@ast-grep/cli": ["@ast-grep/cli@0.40.5", "", { "dependencies": { "detect-libc": "2.1.2" }, "optionalDependencies": { "@ast-grep/cli-darwin-arm64": "0.40.5", "@ast-grep/cli-darwin-x64": "0.40.5", "@ast-grep/cli-linux-arm64-gnu": "0.40.5", "@ast-grep/cli-linux-x64-gnu": "0.40.5", "@ast-grep/cli-win32-arm64-msvc": "0.40.5", "@ast-grep/cli-win32-ia32-msvc": "0.40.5", "@ast-grep/cli-win32-x64-msvc": "0.40.5" }, "bin": { "sg": "sg", "ast-grep": "ast-grep" } }, "sha512-yVXL7Gz0WIHerQLf+MVaVSkhIhidtWReG5akNVr/JS9OVCVkSdz7gWm7H8jVv2M9OO1tauuG76K3UaRGBPu5lQ=="],
 
-    "@ast-grep/cli-darwin-arm64": ["@ast-grep/cli-darwin-arm64@0.40.0", "", { "os": "darwin", "cpu": "arm64" }, "sha512-UehY2MMUkdJbsriP7NKc6+uojrqPn7d1Cl0em+WAkee7Eij81VdyIjRsRxtZSLh440ZWQBHI3PALZ9RkOO8pKQ=="],
+    "@ast-grep/cli-darwin-arm64": ["@ast-grep/cli-darwin-arm64@0.40.5", "", { "os": "darwin", "cpu": "arm64" }, "sha512-T9CzwJ1GqQhnANdsu6c7iT1akpvTVMK+AZrxnhIPv33Ze5hrXUUkqan+j4wUAukRJDqU7u94EhXLSLD+5tcJ8g=="],
 
-    "@ast-grep/cli-darwin-x64": ["@ast-grep/cli-darwin-x64@0.40.0", "", { "os": "darwin", "cpu": "x64" }, "sha512-RFDJ2ZxUbT0+grntNlOLJx7wa9/ciVCeaVtQpQy8WJJTvXvkY0etl8Qlh2TmO2x2yr+i0Z6aMJi4IG/Yx5ghTQ=="],
+    "@ast-grep/cli-darwin-x64": ["@ast-grep/cli-darwin-x64@0.40.5", "", { "os": "darwin", "cpu": "x64" }, "sha512-ez9b2zKvXU8f4ghhjlqYvbx6tWCKJTuVlNVqDDfjqwwhGeiTYfnzMlSVat4ElYRMd21gLtXZIMy055v2f21Ztg=="],
 
-    "@ast-grep/cli-linux-arm64-gnu": ["@ast-grep/cli-linux-arm64-gnu@0.40.0", "", { "os": "linux", "cpu": "arm64" }, "sha512-4p55gnTQ1mMFCyqjtM7bH9SB9r16mkwXtUcJQGX1YgFG4WD+QG8rC4GwSuNNZcdlYaOQuTWrgUEQ9z5K06UXfg=="],
+    "@ast-grep/cli-linux-arm64-gnu": ["@ast-grep/cli-linux-arm64-gnu@0.40.5", "", { "os": "linux", "cpu": "arm64" }, "sha512-VXa2L1IEYD66AMb0GuG7VlMMbPmEGoJUySWDcwSZo/D9neiry3MJ41LQR5oTG2HyhIPBsf9umrXnmuRq66BviA=="],
 
-    "@ast-grep/cli-linux-x64-gnu": ["@ast-grep/cli-linux-x64-gnu@0.40.0", "", { "os": "linux", "cpu": "x64" }, "sha512-u2MXFceuwvrO+OQ6zFGoJ6wbATXn46HWwW79j4UPrXYJzVl97jRyjJOIQTJOzTflsk02fjP98DQkfvbXt2dl3Q=="],
+    "@ast-grep/cli-linux-x64-gnu": ["@ast-grep/cli-linux-x64-gnu@0.40.5", "", { "os": "linux", "cpu": "x64" }, "sha512-GQC5162eIOWXR2eQQ6Knzg7/8Trp5E1ODJkaErf0IubdQrZBGqj5AAcQPcWgPbbnmktjIp0H4NraPpOJ9eJ22A=="],
 
-    "@ast-grep/cli-win32-arm64-msvc": ["@ast-grep/cli-win32-arm64-msvc@0.40.0", "", { "os": "win32", "cpu": "arm64" }, "sha512-E/I1xpF/RQL2fo1CQsQfTxyDLnChsbZ+ERrQHKuF1FI4WrkaPOBibpqda60QgVmUcgOGZyZ/GRb3iKEVWPsQNQ=="],
+    "@ast-grep/cli-win32-arm64-msvc": ["@ast-grep/cli-win32-arm64-msvc@0.40.5", "", { "os": "win32", "cpu": "arm64" }, "sha512-YiZdnQZsSlXQTMsZJop/Ux9MmUGfuRvC2x/UbFgrt5OBSYxND+yoiMc0WcA3WG+wU+tt4ZkB5HUea3r/IkOLYA=="],
 
-    "@ast-grep/cli-win32-ia32-msvc": ["@ast-grep/cli-win32-ia32-msvc@0.40.0", "", { "os": "win32", "cpu": "ia32" }, "sha512-9h12OQu1BR0GxHEtT+Z4QkJk3LLWLiKwjBkjXUGlASHYDPTyLcs85KwDLeFHs4BwarF8TDdF+KySvB9WPGl/nQ=="],
+    "@ast-grep/cli-win32-ia32-msvc": ["@ast-grep/cli-win32-ia32-msvc@0.40.5", "", { "os": "win32", "cpu": "ia32" }, "sha512-MHkCxCITVTr8sY9CcVqNKbfUzMa3Hc6IilGXad0Clnw2vNmPfWqSky+hU/UTerr5YHWwWfAVURH7ANZgirtx0Q=="],
 
-    "@ast-grep/cli-win32-x64-msvc": ["@ast-grep/cli-win32-x64-msvc@0.40.0", "", { "os": "win32", "cpu": "x64" }, "sha512-n2+3WynEWFHhXg6KDgjwWQ0UEtIvqUITFbKEk5cDkUYrzYhg/A6kj0qauPwRbVMoJms49vtsNpLkzzqyunio5g=="],
+    "@ast-grep/cli-win32-x64-msvc": ["@ast-grep/cli-win32-x64-msvc@0.40.5", "", { "os": "win32", "cpu": "x64" }, "sha512-/MJ5un7yxlClaaxou9eYl+Kr2xr/yTtYtTq5aLBWjPWA6dmmJ1nAJgx5zKHVuplFXFBrFDQk3paEgAETMTGcrA=="],
 
-    "@ast-grep/napi": ["@ast-grep/napi@0.40.0", "", { "optionalDependencies": { "@ast-grep/napi-darwin-arm64": "0.40.0", "@ast-grep/napi-darwin-x64": "0.40.0", "@ast-grep/napi-linux-arm64-gnu": "0.40.0", "@ast-grep/napi-linux-arm64-musl": "0.40.0", "@ast-grep/napi-linux-x64-gnu": "0.40.0", "@ast-grep/napi-linux-x64-musl": "0.40.0", "@ast-grep/napi-win32-arm64-msvc": "0.40.0", "@ast-grep/napi-win32-ia32-msvc": "0.40.0", "@ast-grep/napi-win32-x64-msvc": "0.40.0" } }, "sha512-tq6nO/8KwUF/mHuk1ECaAOSOlz2OB/PmygnvprJzyAHGRVzdcffblaOOWe90M9sGz5MAasXoF+PTcayQj9TKKA=="],
+    "@ast-grep/napi": ["@ast-grep/napi@0.40.5", "", { "optionalDependencies": { "@ast-grep/napi-darwin-arm64": "0.40.5", "@ast-grep/napi-darwin-x64": "0.40.5", "@ast-grep/napi-linux-arm64-gnu": "0.40.5", "@ast-grep/napi-linux-arm64-musl": "0.40.5", "@ast-grep/napi-linux-x64-gnu": "0.40.5", "@ast-grep/napi-linux-x64-musl": "0.40.5", "@ast-grep/napi-win32-arm64-msvc": "0.40.5", "@ast-grep/napi-win32-ia32-msvc": "0.40.5", "@ast-grep/napi-win32-x64-msvc": "0.40.5" } }, "sha512-hJA62OeBKUQT68DD2gDyhOqJxZxycqg8wLxbqjgqSzYttCMSDL9tiAQ9abgekBYNHudbJosm9sWOEbmCDfpX2A=="],
 
-    "@ast-grep/napi-darwin-arm64": ["@ast-grep/napi-darwin-arm64@0.40.0", "", { "os": "darwin", "cpu": "arm64" }, "sha512-ZMjl5yLhKjxdwbqEEdMizgQdWH2NrWsM6Px+JuGErgCDe6Aedq9yurEPV7veybGdLVJQhOah6htlSflXxjHnYA=="],
+    "@ast-grep/napi-darwin-arm64": ["@ast-grep/napi-darwin-arm64@0.40.5", "", { "os": "darwin", "cpu": "arm64" }, "sha512-2F072fGN0WTq7KI3okuEnkGJVEHLbi56Bw1H6NAMf7j2mJJeQWsRyGOMcyNnUXZDeNdvoMH0OB2a5wwUegY/nQ=="],
 
-    "@ast-grep/napi-darwin-x64": ["@ast-grep/napi-darwin-x64@0.40.0", "", { "os": "darwin", "cpu": "x64" }, "sha512-f9Ol5oQKNRMBkvDtzBK1WiNn2/3eejF2Pn9xwTj7PhXuSFseedOspPYllxQo0gbwUlw/DJqGFTce/jarhR/rBw=="],
+    "@ast-grep/napi-darwin-x64": ["@ast-grep/napi-darwin-x64@0.40.5", "", { "os": "darwin", "cpu": "x64" }, "sha512-dJMidHZhhxuLBYNi6/FKI812jQ7wcFPSKkVPwviez2D+KvYagapUMAV/4dJ7FCORfguVk8Y0jpPAlYmWRT5nvA=="],
 
-    "@ast-grep/napi-linux-arm64-gnu": ["@ast-grep/napi-linux-arm64-gnu@0.40.0", "", { "os": "linux", "cpu": "arm64" }, "sha512-+tO+VW5GDhT9jGkKOK+3b8+ohKjC98WTzn7wSskd/myyhK3oYL1WTKqCm07WSYBZOJvb3z+WaX+wOUrc4bvtyQ=="],
+    "@ast-grep/napi-linux-arm64-gnu": ["@ast-grep/napi-linux-arm64-gnu@0.40.5", "", { "os": "linux", "cpu": "arm64" }, "sha512-nBRCbyoS87uqkaw4Oyfe5VO+SRm2B+0g0T8ME69Qry9ShMf41a2bTdpcQx9e8scZPogq+CTwDHo3THyBV71l9w=="],
 
-    "@ast-grep/napi-linux-arm64-musl": ["@ast-grep/napi-linux-arm64-musl@0.40.0", "", { "os": "linux", "cpu": "arm64" }, "sha512-MS9qalLRjUnF2PCzuTKTvCMVSORYHxxe3Qa0+SSaVULsXRBmuy5C/b1FeWwMFnwNnC0uie3VDet31Zujwi8q6A=="],
+    "@ast-grep/napi-linux-arm64-musl": ["@ast-grep/napi-linux-arm64-musl@0.40.5", "", { "os": "linux", "cpu": "arm64" }, "sha512-/qKsmds5FMoaEj6FdNzepbmLMtlFuBLdrAn9GIWCqOIcVcYvM1Nka8+mncfeXB/MFZKOrzQsQdPTWqrrQzXLrA=="],
 
-    "@ast-grep/napi-linux-x64-gnu": ["@ast-grep/napi-linux-x64-gnu@0.40.0", "", { "os": "linux", "cpu": "x64" }, "sha512-BeHZVMNXhM3WV3XE2yghO0fRxhMOt8BTN972p5piYEQUvKeSHmS8oeGcs6Ahgx5znBclqqqq37ZfioYANiTqJA=="],
+    "@ast-grep/napi-linux-x64-gnu": ["@ast-grep/napi-linux-x64-gnu@0.40.5", "", { "os": "linux", "cpu": "x64" }, "sha512-DP4oDbq7f/1A2hRTFLhJfDFR6aI5mRWdEfKfHzRItmlKsR9WlcEl1qDJs/zX9R2EEtIDsSKRzuJNfJllY3/W8Q=="],
 
-    "@ast-grep/napi-linux-x64-musl": ["@ast-grep/napi-linux-x64-musl@0.40.0", "", { "os": "linux", "cpu": "x64" }, "sha512-rG1YujF7O+lszX8fd5u6qkFTuv4FwHXjWvt1CCvCxXwQLSY96LaCW88oVKg7WoEYQh54y++Fk57F+Wh9Gv9nVQ=="],
+    "@ast-grep/napi-linux-x64-musl": ["@ast-grep/napi-linux-x64-musl@0.40.5", "", { "os": "linux", "cpu": "x64" }, "sha512-BRZUvVBPUNpWPo6Ns8chXVzxHPY+k9gpsubGTHy92Q26ecZULd/dTkWWdnvfhRqttsSQ9Pe/XQdi5+hDQ6RYcg=="],
 
-    "@ast-grep/napi-win32-arm64-msvc": ["@ast-grep/napi-win32-arm64-msvc@0.40.0", "", { "os": "win32", "cpu": "arm64" }, "sha512-9SqmnQqd4zTEUk6yx0TuW2ycZZs2+e569O/R0QnhSiQNpgwiJCYOe/yPS0BC9HkiaozQm6jjAcasWpFtz/dp+w=="],
+    "@ast-grep/napi-win32-arm64-msvc": ["@ast-grep/napi-win32-arm64-msvc@0.40.5", "", { "os": "win32", "cpu": "arm64" }, "sha512-y95zSEwc7vhxmcrcH0GnK4ZHEBQrmrszRBNQovzaciF9GUqEcCACNLoBesn4V47IaOp4fYgD2/EhGRTIBFb2Ug=="],
 
-    "@ast-grep/napi-win32-ia32-msvc": ["@ast-grep/napi-win32-ia32-msvc@0.40.0", "", { "os": "win32", "cpu": "ia32" }, "sha512-0JkdBZi5l9vZhGEO38A1way0LmLRDU5Vos6MXrLIOVkymmzDTDlCdY394J1LMmmsfwWcyJg6J7Yv2dw41MCxDQ=="],
+    "@ast-grep/napi-win32-ia32-msvc": ["@ast-grep/napi-win32-ia32-msvc@0.40.5", "", { "os": "win32", "cpu": "ia32" }, "sha512-K/u8De62iUnFCzVUs7FBdTZ2Jrgc5/DLHqjpup66KxZ7GIM9/HGME/O8aSoPkpcAeCD4TiTZ11C1i5p5H98hTg=="],
 
-    "@ast-grep/napi-win32-x64-msvc": ["@ast-grep/napi-win32-x64-msvc@0.40.0", "", { "os": "win32", "cpu": "x64" }, "sha512-Hk2IwfPqMFGZt5SRxsoWmGLxBXxprow4LRp1eG6V8EEiJCNHxZ9ZiEaIc5bNvMDBjHVSnqZAXT22dROhrcSKQg=="],
+    "@ast-grep/napi-win32-x64-msvc": ["@ast-grep/napi-win32-x64-msvc@0.40.5", "", { "os": "win32", "cpu": "x64" }, "sha512-dqm5zg/o4Nh4VOQPEpMS23ot8HVd22gG0eg01t4CFcZeuzyuSgBlOL3N7xLbz3iH2sVkk7keuBwAzOIpTqziNQ=="],
 
     "@clack/core": ["@clack/core@0.5.0", "", { "dependencies": { "picocolors": "^1.0.0", "sisteransi": "^1.0.5" } }, "sha512-p3y0FIOwaYRUPRcMO7+dlmLh8PSRcrjuTndsiA0WAFbWES0mLZlrjVoBRZ9DzkPFJZG6KGkJmoEAY0ZcVWTkow=="],
 
@@ -85,17 +86,17 @@
 
     "@code-yeongyu/comment-checker": ["@code-yeongyu/comment-checker@0.6.1", "", { "os": [ "linux", "win32", "darwin", ], "cpu": [ "x64", "arm64", ], "bin": { "comment-checker": "bin/comment-checker" } }, "sha512-BBremX+Y5aW8sTzlhHrLsKParupYkPOVUYmq9STrlWvBvfAme6w5IWuZCLl6nHIQScRDdvGdrAjPycJC86EZFA=="],
 
-    "@hono/node-server": ["@hono/node-server@1.19.7", "", { "peerDependencies": { "hono": "^4" } }, "sha512-vUcD0uauS7EU2caukW8z5lJKtoGMokxNbJtBiwHgpqxEXokaHCBkQUmCHhjFB1VUTWdqj25QoMkMKzgjq+uhrw=="],
+    "@hono/node-server": ["@hono/node-server@1.19.9", "", { "peerDependencies": { "hono": "^4" } }, "sha512-vHL6w3ecZsky+8P5MD+eFfaGTyCeOHUIFYMGpQGbrBTSmNNoxv0if69rEZ5giu36weC5saFuznL411gRX7bJDw=="],
 
-    "@modelcontextprotocol/sdk": ["@modelcontextprotocol/sdk@1.25.1", "", { "dependencies": { "@hono/node-server": "^1.19.7", "ajv": "^8.17.1", "ajv-formats": "^3.0.1", "content-type": "^1.0.5", "cors": "^2.8.5", "cross-spawn": "^7.0.5", "eventsource": "^3.0.2", "eventsource-parser": "^3.0.0", "express": "^5.0.1", "express-rate-limit": "^7.5.0", "jose": "^6.1.1", "json-schema-typed": "^8.0.2", "pkce-challenge": "^5.0.0", "raw-body": "^3.0.0", "zod": "^3.25 || ^4.0", "zod-to-json-schema": "^3.25.0" }, "peerDependencies": { "@cfworker/json-schema": "^4.1.1" }, "optionalPeers": ["@cfworker/json-schema"] }, "sha512-yO28oVFFC7EBoiKdAn+VqRm+plcfv4v0xp6osG/VsCB0NlPZWi87ajbCZZ8f/RvOFLEu7//rSRmuZZ7lMoe3gQ=="],
+    "@modelcontextprotocol/sdk": ["@modelcontextprotocol/sdk@1.25.3", "", { "dependencies": { "@hono/node-server": "^1.19.9", "ajv": "^8.17.1", "ajv-formats": "^3.0.1", "content-type": "^1.0.5", "cors": "^2.8.5", "cross-spawn": "^7.0.5", "eventsource": "^3.0.2", "eventsource-parser": "^3.0.0", "express": "^5.0.1", "express-rate-limit": "^7.5.0", "jose": "^6.1.1", "json-schema-typed": "^8.0.2", "pkce-challenge": "^5.0.0", "raw-body": "^3.0.0", "zod": "^3.25 || ^4.0", "zod-to-json-schema": "^3.25.0" }, "peerDependencies": { "@cfworker/json-schema": "^4.1.1" }, "optionalPeers": ["@cfworker/json-schema"] }, "sha512-vsAMBMERybvYgKbg/l4L1rhS7VXV1c0CtyJg72vwxONVX0l4ZfKVAnZEWTQixJGTzKnELjQ59e4NbdFDALRiAQ=="],
 
-    "@opencode-ai/plugin": ["@opencode-ai/plugin@1.1.19", "", { "dependencies": { "@opencode-ai/sdk": "1.1.19", "zod": "4.1.8" } }, "sha512-Q6qBEjHb/dJMEw4BUqQxEswTMxCCHUpFMMb6jR8HTTs8X/28XRkKt5pHNPA82GU65IlSoPRph+zd8LReBDN53Q=="],
+    "@opencode-ai/plugin": ["@opencode-ai/plugin@1.1.47", "", { "dependencies": { "@opencode-ai/sdk": "1.1.47", "zod": "4.1.8" } }, "sha512-gNMPz72altieDfLhUw3VAT1xbduKi3w3wZ57GLeS7qU9W474HdvdIiLBnt2Xq3U7Ko0/0tvK3nzCker6IIDqmQ=="],
 
-    "@opencode-ai/sdk": ["@opencode-ai/sdk@1.1.19", "", {}, "sha512-XhZhFuvlLCqDpvNtUEjOsi/wvFj3YCXb1dySp+OONQRMuHlorNYnNa7P2A2ntKuhRdGT1Xt5na0nFzlUyNw+4A=="],
+    "@opencode-ai/sdk": ["@opencode-ai/sdk@1.1.47", "", {}, "sha512-s3PBHwk1sP6Zt/lJxIWSBWZ1TnrI1nFxSP97LCODUytouAQgbygZ1oDH7O2sGMBEuGdA8B1nNSPla0aRSN3IpA=="],
 
     "@types/js-yaml": ["@types/js-yaml@4.0.9", "", {}, "sha512-k4MGaQl5TGo/iipqb2UDG2UwjXziSWkh0uysQelTlJpX1qGlpUZYm8PnO4DxG1qBomtJUdYJ6qR6xdIah10JLg=="],
 
-    "@types/node": ["@types/node@24.10.1", "", { "dependencies": { "undici-types": "~7.16.0" } }, "sha512-GNWcUTRBgIRJD5zj+Tq0fKOJ5XZajIiBroOF0yvj2bSU1WvNdYS/dn9UxwsujGW4JX06dnHyjV2y9rRaybH0iQ=="],
+    "@types/node": ["@types/node@25.1.0", "", { "dependencies": { "undici-types": "~7.16.0" } }, "sha512-t7frlewr6+cbx+9Ohpl0NOTKXZNV9xHRmNOvql47BFJKcEG1CxtxlPEEe+gR9uhVWM4DwhnvTF110mIL4yP9RA=="],
 
     "@types/picomatch": ["@types/picomatch@3.0.2", "", {}, "sha512-n0i8TD3UDB7paoMMxA3Y65vUncFJXjcUf7lQY7YyKGl6031FNjfsLs6pdLFCy2GNFxItPJG8GvvpbZc2skH7WA=="],
 
@@ -107,9 +108,9 @@
 
     "argparse": ["argparse@2.0.1", "", {}, "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q=="],
 
-    "body-parser": ["body-parser@2.2.1", "", { "dependencies": { "bytes": "^3.1.2", "content-type": "^1.0.5", "debug": "^4.4.3", "http-errors": "^2.0.0", "iconv-lite": "^0.7.0", "on-finished": "^2.4.1", "qs": "^6.14.0", "raw-body": "^3.0.1", "type-is": "^2.0.1" } }, "sha512-nfDwkulwiZYQIGwxdy0RUmowMhKcFVcYXUU7m4QlKYim1rUtg83xm2yjZ40QjDuc291AJjjeSc9b++AWHSgSHw=="],
+    "body-parser": ["body-parser@2.2.2", "", { "dependencies": { "bytes": "^3.1.2", "content-type": "^1.0.5", "debug": "^4.4.3", "http-errors": "^2.0.0", "iconv-lite": "^0.7.0", "on-finished": "^2.4.1", "qs": "^6.14.1", "raw-body": "^3.0.1", "type-is": "^2.0.1" } }, "sha512-oP5VkATKlNwcgvxi0vM0p/D3n2C3EReYVX+DNYs5TjZFn/oQt2j+4sVJtSMr18pdRr8wjTcBl6LoV+FUwzPmNA=="],
 
-    "bun-types": ["bun-types@1.3.3", "", { "dependencies": { "@types/node": "*" } }, "sha512-z3Xwlg7j2l9JY27x5Qn3Wlyos8YAp0kKRlrePAOjgjMGS5IG6E7Jnlx736vH9UVI4wUICwwhC9anYL++XeOgTQ=="],
+    "bun-types": ["bun-types@1.3.8", "", { "dependencies": { "@types/node": "*" } }, "sha512-fL99nxdOWvV4LqjmC+8Q9kW3M4QTtTR1eePs94v5ctGqU8OeceWrSUaRw3JYb7tU3FkMIAjkueehrHPPPGKi5Q=="],
 
     "bytes": ["bytes@3.1.2", "", {}, "sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg=="],
 
@@ -117,7 +118,7 @@
 
     "call-bound": ["call-bound@1.0.4", "", { "dependencies": { "call-bind-apply-helpers": "^1.0.2", "get-intrinsic": "^1.3.0" } }, "sha512-+ys997U96po4Kx/ABpBCqhA9EuxJaQWDQg7295H4hBphv3IZg0boBKuwYpt4YXp6MZ5AmZQnU/tyMTlRpaSejg=="],
 
-    "commander": ["commander@14.0.2", "", {}, "sha512-TywoWNNRbhoD0BXs1P3ZEScW8W5iKrnbithIl0YH+uCmBd0QpPOA8yc82DS3BIE5Ma6FnBVUsJ7wVUDz4dvOWQ=="],
+    "commander": ["commander@14.0.3", "", {}, "sha512-H+y0Jo/T1RZ9qPP4Eh1pkcQcLRglraJaSLoyOtHxu6AapkjWVCy2Sit1QQ4x3Dng8qDlSsZEet7g5Pq06MvTgw=="],
 
     "content-disposition": ["content-disposition@1.0.1", "", {}, "sha512-oIXISMynqSqm241k6kcQ5UwttDILMK4BiurCfGEREw6+X9jkkpEe5T9FZaApyLGGOnFuyMWZpdolTXMtvEJ08Q=="],
 
@@ -127,7 +128,7 @@
 
     "cookie-signature": ["cookie-signature@1.2.2", "", {}, "sha512-D76uU73ulSXrD1UXF4KE2TMxVVwhsnCgfAyTg9k8P6KGZjlXKrOLe4dJQKI3Bxi5wjesZoFXJWElNWBjPZMbhg=="],
 
-    "cors": ["cors@2.8.5", "", { "dependencies": { "object-assign": "^4", "vary": "^1" } }, "sha512-KIHbLJqu73RGr/hnbrO9uBeixNGuvSQjul/jdFvS/KFSIH1hWVd1ng7zOHx+YrEfInLG7q4n6GHQ9cDtxv/P6g=="],
+    "cors": ["cors@2.8.6", "", { "dependencies": { "object-assign": "^4", "vary": "^1" } }, "sha512-tJtZBBHA6vjIAaF6EnIaq6laBBP9aq/Y3ouVJjEfoHbRBcHBAHYcMh/w8LDrk2PvIMMq8gmopa5D4V8RmbrxGw=="],
 
     "cross-spawn": ["cross-spawn@7.0.6", "", { "dependencies": { "path-key": "^3.1.0", "shebang-command": "^2.0.0", "which": "^2.0.1" } }, "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA=="],
 
@@ -183,11 +184,11 @@
 
     "hasown": ["hasown@2.0.2", "", { "dependencies": { "function-bind": "^1.1.2" } }, "sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ=="],
 
-    "hono": ["hono@4.10.8", "", {}, "sha512-DDT0A0r6wzhe8zCGoYOmMeuGu3dyTAE40HHjwUsWFTEy5WxK1x2WDSsBPlEXgPbRIFY6miDualuUDbasPogIww=="],
+    "hono": ["hono@4.11.7", "", {}, "sha512-l7qMiNee7t82bH3SeyUCt9UF15EVmaBvsppY2zQtrbIhl/yzBTny+YUxsVjSjQ6gaqaeVtZmGocom8TzBlA4Yw=="],
 
     "http-errors": ["http-errors@2.0.1", "", { "dependencies": { "depd": "~2.0.0", "inherits": "~2.0.4", "setprototypeof": "~1.2.0", "statuses": "~2.0.2", "toidentifier": "~1.0.1" } }, "sha512-4FbRdAX+bSdmo4AUFuS0WNiPz8NgFt+r8ThgNWmlrjQjt1Q7ZR9+zTlce2859x4KSXrwIsaeTqDoKQmtP8pLmQ=="],
 
-    "iconv-lite": ["iconv-lite@0.7.1", "", { "dependencies": { "safer-buffer": ">= 2.1.2 < 3.0.0" } }, "sha512-2Tth85cXwGFHfvRgZWszZSvdo+0Xsqmw8k8ZwxScfcBneNUraK+dxRxRm24nszx80Y0TVio8kKLt5sLE7ZCLlw=="],
+    "iconv-lite": ["iconv-lite@0.7.2", "", { "dependencies": { "safer-buffer": ">= 2.1.2 < 3.0.0" } }, "sha512-im9DjEDQ55s9fL4EYzOAv0yMqmMBSZp6G0VvFyTMPKWxiSBHUj9NW/qqLmXUwXrrM7AvqSlTCfvqRb0cM8yYqw=="],
 
     "inherits": ["inherits@2.0.4", "", {}, "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ=="],
 
@@ -225,19 +226,19 @@
 
     "object-inspect": ["object-inspect@1.13.4", "", {}, "sha512-W67iLl4J2EXEGTbfeHCffrjDfitvLANg0UlX3wFUUSTx92KXRFegMHUVgSqE+wvhAbi4WqjGg9czysTV2Epbew=="],
 
-    "oh-my-opencode-darwin-arm64": ["oh-my-opencode-darwin-arm64@3.1.0", "", { "os": "darwin", "cpu": "arm64", "bin": { "oh-my-opencode": "bin/oh-my-opencode" } }, "sha512-8j7XI+n1bz7xIg35Zpjqp1AqoIoFWuVZdYyI9vTAZ0b6ta/mIlNOWPLAbFyEHfKelA9g3Xa+4sYnKPSxU5dQoA=="],
+    "oh-my-opencode-darwin-arm64": ["oh-my-opencode-darwin-arm64@3.1.10", "", { "os": "darwin", "cpu": "arm64", "bin": { "oh-my-opencode": "bin/oh-my-opencode" } }, "sha512-6qsZQtrtBYZLufcXTTuUUMEG9PoG9Y98pX+HFVn2xHIEc6GpwR6i5xY8McFHmqPkC388tzybD556JhKqPX7Pnw=="],
 
-    "oh-my-opencode-darwin-x64": ["oh-my-opencode-darwin-x64@3.1.0", "", { "os": "darwin", "cpu": "x64", "bin": { "oh-my-opencode": "bin/oh-my-opencode" } }, "sha512-Kd/3KpnF07cw+qBAyLwA0y8tp3S0X8b8HWH55WGlVp6m4gvQ432kKgDum/jat1vqP/3J8hm4P/sly5ibY5gMqw=="],
+    "oh-my-opencode-darwin-x64": ["oh-my-opencode-darwin-x64@3.1.10", "", { "os": "darwin", "cpu": "x64", "bin": { "oh-my-opencode": "bin/oh-my-opencode" } }, "sha512-I1tQQbcpSBvLGXTO652mBqlyIpwYhYuIlSJmrSM33YRGBiaUuhMASnHQsms+E0eC3U/TOyqomU/4KPnbWyxs4w=="],
 
-    "oh-my-opencode-linux-arm64": ["oh-my-opencode-linux-arm64@3.1.0", "", { "os": "linux", "cpu": "arm64", "bin": { "oh-my-opencode": "bin/oh-my-opencode" } }, "sha512-qy/QohHGM6eSQjHVEgibsDauUvlAgYPw5xrQqa9cVLo1hL4KMIhb+i4wGAxCK2p84rG2bfC2m8+IfZUxhhwcTg=="],
+    "oh-my-opencode-linux-arm64": ["oh-my-opencode-linux-arm64@3.1.10", "", { "os": "linux", "cpu": "arm64", "bin": { "oh-my-opencode": "bin/oh-my-opencode" } }, "sha512-r6Rm5Ru/WwcBKKuPIP0RreI0gnf+MYRV0mmzPBVhMZdPWSC/eTT3GdyqFDZ4cCN76n5aea0sa5PPW7iPF+Uw6Q=="],
 
-    "oh-my-opencode-linux-arm64-musl": ["oh-my-opencode-linux-arm64-musl@3.1.0", "", { "os": "linux", "cpu": "arm64", "bin": { "oh-my-opencode": "bin/oh-my-opencode" } }, "sha512-HIO7zj3M5QAYOfgvFM7Djeuen9kdZD4RA51wzXcXiPj1FPAuBNAW9N7lTEGYBSgObgwX+vXnC3HwLSF7nqkw8w=="],
+    "oh-my-opencode-linux-arm64-musl": ["oh-my-opencode-linux-arm64-musl@3.1.10", "", { "os": "linux", "cpu": "arm64", "bin": { "oh-my-opencode": "bin/oh-my-opencode" } }, "sha512-UVo5OWO92DPIFhoEkw0tj8IcZyUKOG6NlFs1+tSExz7qrgkr0IloxpLslGMmdc895xxpljrr/FobYktLxyJbcg=="],
 
-    "oh-my-opencode-linux-x64": ["oh-my-opencode-linux-x64@3.1.0", "", { "os": "linux", "cpu": "x64", "bin": { "oh-my-opencode": "bin/oh-my-opencode" } }, "sha512-zcKaibnEhvbReiTsqbg+dog/Z3pnBx4v6R3AR5nVhGBO27hRSAXgA/fviYyE5bWD591WB7Pqwduf0t854ilKjw=="],
+    "oh-my-opencode-linux-x64": ["oh-my-opencode-linux-x64@3.1.10", "", { "os": "linux", "cpu": "x64", "bin": { "oh-my-opencode": "bin/oh-my-opencode" } }, "sha512-3g99z2FweMzHSUYuzgU0E2H0kjVmtOhPZdavwVqcHQtLQ9NNhwfnIvj3yFBif+kGJphP9RDnByC1oA8Q26UrCg=="],
 
-    "oh-my-opencode-linux-x64-musl": ["oh-my-opencode-linux-x64-musl@3.1.0", "", { "os": "linux", "cpu": "x64", "bin": { "oh-my-opencode": "bin/oh-my-opencode" } }, "sha512-xmtHEyAhY93Djg5qEauvMqSF0x3tf8pzOGdKB6CuZmhCG69fZXk/dEwPrO0vKbOeGMV/T4K6HAg1+8Ue1N1ZaQ=="],
+    "oh-my-opencode-linux-x64-musl": ["oh-my-opencode-linux-x64-musl@3.1.10", "", { "os": "linux", "cpu": "x64", "bin": { "oh-my-opencode": "bin/oh-my-opencode" } }, "sha512-2HS9Ju0Cr433lMFJtu/7bShApOJywp+zmVCduQUBWFi3xbX1nm5sJwWDhw1Wx+VcqHEuJl/SQzWPE4vaqkEQng=="],
 
-    "oh-my-opencode-windows-x64": ["oh-my-opencode-windows-x64@3.1.0", "", { "os": "win32", "cpu": "x64", "bin": { "oh-my-opencode": "bin/oh-my-opencode.exe" } }, "sha512-pDgHd0mGWWVsiO0fT8C7bi6CziOXU38g+k2dWlGm1YXCMzyrrWZZCF7oIp+EzJB02saSCF/oJ2f1/uj/VPeLMA=="],
+    "oh-my-opencode-windows-x64": ["oh-my-opencode-windows-x64@3.1.10", "", { "os": "win32", "cpu": "x64", "bin": { "oh-my-opencode": "bin/oh-my-opencode.exe" } }, "sha512-QLncZJSlWmmcuXrAVKIH6a9Om1Ym6pkhG4hAxaD5K5aF1jw2QFsadjoT12VNq2WzQb+Pg5Y6IWvoow0ZR0aEvw=="],
 
     "on-finished": ["on-finished@2.4.1", "", { "dependencies": { "ee-first": "1.1.1" } }, "sha512-oVlzkg3ENAhCk2zdv7IJwd/QUD4z2RxRwpkcGY8psCVcCYZNq4wYnVWALHM+brtuJjePWiYF/ClmuDr8Ch5+kg=="],
 
@@ -303,12 +304,16 @@
 
     "vary": ["vary@1.1.2", "", {}, "sha512-BNGbWLfd0eUPabhkXUVm0j8uuvREyTh5ovRa/dyow/BqAbZJyC+5fU+IzQOzmAKzYqYRAISoRhdQr3eIZ/PXqg=="],
 
+    "vscode-jsonrpc": ["vscode-jsonrpc@8.2.1", "", {}, "sha512-kdjOSJ2lLIn7r1rtrMbbNCHjyMPfRnowdKjBQ+mGq6NAW5QY2bEZC/khaC5OR8svbbjvLEaIXkOq45e2X9BIbQ=="],
+
     "which": ["which@2.0.2", "", { "dependencies": { "isexe": "^2.0.0" }, "bin": { "node-which": "./bin/node-which" } }, "sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA=="],
 
     "wrappy": ["wrappy@1.0.2", "", {}, "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ=="],
 
-    "zod": ["zod@4.1.8", "", {}, "sha512-5R1P+WwQqmmMIEACyzSvo4JXHY5WiAFHRMg+zBZKgKS+Q1viRa0C1hmUKtHltoIFKtIdki3pRxkmpP74jnNYHQ=="],
+    "zod": ["zod@4.3.6", "", {}, "sha512-rftlrkhHZOcjDwkGlnUtZZkvaPHCsDATp4pGpuOOMDaTdDDXF91wuVDJoWoPsKX/3YPQ5fHuF3STjcYyKr+Qhg=="],
 
     "zod-to-json-schema": ["zod-to-json-schema@3.25.1", "", { "peerDependencies": { "zod": "^3.25 || ^4" } }, "sha512-pM/SU9d3YAggzi6MtR4h7ruuQlqKtad8e9S0fmxcMi+ueAK5Korys/aWcV9LIIHTVbj01NdzxcnXSN+O74ZIVA=="],
+
+    "@opencode-ai/plugin/zod": ["zod@4.1.8", "", {}, "sha512-5R1P+WwQqmmMIEACyzSvo4JXHY5WiAFHRMg+zBZKgKS+Q1viRa0C1hmUKtHltoIFKtIdki3pRxkmpP74jnNYHQ=="],
   }
 }

docs/category-skill-guide.md

@@ -23,6 +23,7 @@ A Category is an agent configuration preset optimized for specific domains.
 |----------|---------------|-----------|
 | `visual-engineering` | `google/gemini-3-pro` | Frontend, UI/UX, design, styling, animation |
 | `ultrabrain` | `openai/gpt-5.2-codex` (xhigh) | Deep logical reasoning, complex architecture decisions requiring extensive analysis |
+| `deep` | `openai/gpt-5.2-codex` (medium) | Goal-oriented autonomous problem-solving. Thorough research before action. For hairy problems requiring deep understanding. |
 | `artistry` | `google/gemini-3-pro` (max) | Highly creative/artistic tasks, novel ideas |
 | `quick` | `anthropic/claude-haiku-4-5` | Trivial tasks - single file changes, typo fixes, simple modifications |
 | `unspecified-low` | `anthropic/claude-sonnet-4-5` | Tasks that don't fit other categories, low effort required |

docs/cli-guide.md

@@ -134,7 +134,41 @@ bunx oh-my-opencode run [prompt]
 
 ---
 
-## 6. `auth` - Authentication Management
+## 6. `mcp oauth` - MCP OAuth Management
+
+Manages OAuth 2.1 authentication for remote MCP servers.
+
+### Usage
+
+```bash
+# Login to an OAuth-protected MCP server
+bunx oh-my-opencode mcp oauth login <server-name> --server-url https://api.example.com
+
+# Login with explicit client ID and scopes
+bunx oh-my-opencode mcp oauth login my-api --server-url https://api.example.com --client-id my-client --scopes "read,write"
+
+# Remove stored OAuth tokens
+bunx oh-my-opencode mcp oauth logout <server-name>
+
+# Check OAuth token status
+bunx oh-my-opencode mcp oauth status [server-name]
+```
+
+### Options
+
+| Option | Description |
+|--------|-------------|
+| `--server-url <url>` | MCP server URL (required for login) |
+| `--client-id <id>` | OAuth client ID (optional if server supports Dynamic Client Registration) |
+| `--scopes <scopes>` | Comma-separated OAuth scopes |
+
+### Token Storage
+
+Tokens are stored in `~/.config/opencode/mcp-oauth.json` with `0600` permissions (owner read/write only). Key format: `{serverHost}/{resource}`.
+
+---
+
+## 7. `auth` - Authentication Management
 
 Manages Google Antigravity OAuth authentication. Required for using Gemini models.
 
@@ -153,7 +187,7 @@ bunx oh-my-opencode auth status
 
 ---
 
-## 7. Configuration Files
+## 8. Configuration Files
 
 The CLI searches for configuration files in the following locations (in priority order):
 
@@ -183,7 +217,7 @@ Configuration files support **JSONC (JSON with Comments)** format. You can use c
 
 ---
 
-## 8. Troubleshooting
+## 9. Troubleshooting
 
 ### "OpenCode version too old" Error
 
@@ -213,7 +247,7 @@ bunx oh-my-opencode doctor --category authentication
 
 ---
 
-## 9. Non-Interactive Mode
+## 10. Non-Interactive Mode
 
 Use the `--no-tui` option for CI/CD environments.
 
@@ -227,7 +261,7 @@ bunx oh-my-opencode doctor --json > doctor-report.json
 
 ---
 
-## 10. Developer Information
+## 11. Developer Information
 
 ### CLI Structure
 

docs/configurations.md

@@ -85,6 +85,66 @@ When both `oh-my-opencode.jsonc` and `oh-my-opencode.json` files exist, `.jsonc`
 
 **Recommended**: For Google Gemini authentication, install the [`opencode-antigravity-auth`](https://github.com/NoeFabris/opencode-antigravity-auth) plugin (`@latest`). It provides multi-account load balancing, variant-based thinking levels, dual quota system (Antigravity + Gemini CLI), and active maintenance. See [Installation > Google Gemini](docs/guide/installation.md#google-gemini-antigravity-oauth).
 
+## Ollama Provider
+
+**IMPORTANT**: When using Ollama as a provider, you **must** disable streaming to avoid JSON parsing errors.
+
+### Required Configuration
+
+```json
+{
+  "agents": {
+    "explore": {
+      "model": "ollama/qwen3-coder",
+      "stream": false
+    }
+  }
+}
+```
+
+### Why `stream: false` is Required
+
+Ollama returns NDJSON (newline-delimited JSON) when streaming is enabled, but Claude Code SDK expects a single JSON object. This causes `JSON Parse error: Unexpected EOF` when agents attempt tool calls.
+
+**Example of the problem**:
+```json
+// Ollama streaming response (NDJSON - multiple lines)
+{"message":{"tool_calls":[...]}, "done":false}
+{"message":{"content":""}, "done":true}
+
+// Claude Code SDK expects (single JSON object)
+{"message":{"tool_calls":[...], "content":""}, "done":true}
+```
+
+### Supported Models
+
+Common Ollama models that work with oh-my-opencode:
+
+| Model | Best For | Configuration |
+|-------|----------|---------------|
+| `ollama/qwen3-coder` | Code generation, build fixes | `{"model": "ollama/qwen3-coder", "stream": false}` |
+| `ollama/ministral-3:14b` | Exploration, codebase search | `{"model": "ollama/ministral-3:14b", "stream": false}` |
+| `ollama/lfm2.5-thinking` | Documentation, writing | `{"model": "ollama/lfm2.5-thinking", "stream": false}` |
+
+### Troubleshooting
+
+If you encounter `JSON Parse error: Unexpected EOF`:
+
+1. **Verify `stream: false` is set** in your agent configuration
+2. **Check Ollama is running**: `curl http://localhost:11434/api/tags`
+3. **Test with curl**:
+   ```bash
+   curl -s http://localhost:11434/api/chat \
+     -d '{"model": "qwen3-coder", "messages": [{"role": "user", "content": "Hello"}], "stream": false}'
+   ```
+4. **See detailed troubleshooting**: [docs/troubleshooting/ollama-streaming-issue.md](troubleshooting/ollama-streaming-issue.md)
+
+### Future SDK Fix
+
+The proper long-term fix requires Claude Code SDK to parse NDJSON responses correctly. Until then, use `stream: false` as a workaround.
+
+**Tracking**: https://github.com/code-yeongyu/oh-my-opencode/issues/1124
+
 ## Agents
 
 Override built-in agent settings:
@@ -103,7 +163,39 @@ Override built-in agent settings:
 }
 ```
 
-Each agent supports: `model`, `temperature`, `top_p`, `prompt`, `prompt_append`, `tools`, `disable`, `description`, `mode`, `color`, `permission`.
+Each agent supports: `model`, `temperature`, `top_p`, `prompt`, `prompt_append`, `tools`, `disable`, `description`, `mode`, `color`, `permission`, `category`, `variant`, `maxTokens`, `thinking`, `reasoningEffort`, `textVerbosity`, `providerOptions`.
+
+### Additional Agent Options
+
+| Option              | Type    | Description                                                                                     |
+| ------------------- | ------- | ----------------------------------------------------------------------------------------------- |
+| `category`          | string  | Category name to inherit model and other settings from category defaults                             |
+| `variant`           | string  | Model variant (e.g., `max`, `high`, `medium`, `low`, `xhigh`)                                 |
+| `maxTokens`         | number  | Maximum tokens for response. Passed directly to OpenCode SDK.                                      |
+| `thinking`          | object  | Extended thinking configuration for Anthropic models. See [Thinking Options](#thinking-options) below. |
+| `reasoningEffort`   | string  | OpenAI reasoning effort level. Values: `low`, `medium`, `high`, `xhigh`.                         |
+| `textVerbosity`      | string  | Text verbosity level. Values: `low`, `medium`, `high`.                                        |
+| `providerOptions`    | object  | Provider-specific options passed directly to OpenCode SDK.                                      |
+
+#### Thinking Options (Anthropic)
+
+```json
+{
+  "agents": {
+    "oracle": {
+      "thinking": {
+        "type": "enabled",
+        "budgetTokens": 200000
+      }
+    }
+  }
+}
+```
+
+| Option        | Type    | Default | Description                                  |
+| ------------- | ------- | ------- | -------------------------------------------- |
+| `type`        | string  | -       | `enabled` or `disabled`                      |
+| `budgetTokens`| number  | -       | Maximum budget tokens for extended thinking  |
 
 Use `prompt_append` to add extra instructions without replacing the default system prompt:
 
@@ -153,7 +245,7 @@ Or disable via `disabled_agents` in `~/.config/opencode/oh-my-opencode.json` or
 }
 ```
 
-Available agents: `oracle`, `librarian`, `explore`, `multimodal-looker`
+Available agents: `sisyphus`, `prometheus`, `oracle`, `librarian`, `explore`, `multimodal-looker`, `metis`, `momus`, `atlas`
 
 ## Built-in Skills
 
@@ -172,6 +264,105 @@ Disable built-in skills via `disabled_skills` in `~/.config/opencode/oh-my-openc
 
 Available built-in skills: `playwright`, `agent-browser`, `git-master`
 
+## Skills Configuration
+
+Configure advanced skills settings including custom skill sources, enabling/disabling specific skills, and defining custom skills.
+
+```json
+{
+  "skills": {
+    "sources": [
+      { "path": "./custom-skills", "recursive": true },
+      "https://example.com/skill.yaml"
+    ],
+    "enable": ["my-custom-skill"],
+    "disable": ["other-skill"],
+    "my-skill": {
+      "description": "Custom skill description",
+      "template": "Custom prompt template",
+      "from": "source-file.ts",
+      "model": "custom/model",
+      "agent": "custom-agent",
+      "subtask": true,
+      "argument-hint": "usage hint",
+      "license": "MIT",
+      "compatibility": ">= 3.0.0",
+      "metadata": {
+        "author": "Your Name"
+      },
+      "allowed-tools": ["tool1", "tool2"]
+    }
+  }
+}
+```
+
+### Sources
+
+Load skills from local directories or remote URLs:
+
+```json
+{
+  "skills": {
+    "sources": [
+      { "path": "./custom-skills", "recursive": true },
+      { "path": "./single-skill.yaml" },
+      "https://example.com/skill.yaml",
+      "https://raw.githubusercontent.com/user/repo/main/skills/*"
+    ]
+  }
+}
+```
+
+| Option      | Default | Description                                    |
+| ----------- | ------- | ---------------------------------------------- |
+| `path`      | -       | Local file/directory path or remote URL            |
+| `recursive`  | `false`  | Recursively load from directory                 |
+| `glob`      | -       | Glob pattern for file selection                 |
+
+### Enable/Disable Skills
+
+```json
+{
+  "skills": {
+    "enable": ["skill-1", "skill-2"],
+    "disable": ["disabled-skill"]
+  }
+}
+```
+
+### Custom Skill Definition
+
+Define custom skills directly in your config:
+
+| Option           | Default | Description                                                                          |
+| ---------------- | ------- | ------------------------------------------------------------------------------------ |
+| `description`     | -       | Human-readable description of the skill                                                 |
+| `template`        | -       | Custom prompt template for the skill                                                    |
+| `from`           | -       | Source file to load template from                                                     |
+| `model`           | -       | Override model for this skill                                                         |
+| `agent`           | -       | Override agent for this skill                                                         |
+| `subtask`         | `false`  | Whether to run as a subtask                                                           |
+| `argument-hint`   | -       | Hint for how to use the skill                                                        |
+| `license`          | -       | Skill license                                                                       |
+| `compatibility`    | -       | Required oh-my-opencode version compatibility                                           |
+| `metadata`         | -       | Additional metadata as key-value pairs                                                |
+| `allowed-tools`    | -       | Array of tools this skill is allowed to use                                            |
+
+**Example: Custom skill**
+
+```json
+{
+  "skills": {
+    "data-analyst": {
+      "description": "Specialized for data analysis tasks",
+      "template": "You are a data analyst. Focus on statistical analysis, visualization, and data interpretation.",
+      "model": "openai/gpt-5.2",
+      "allowed-tools": ["read", "bash", "lsp_diagnostics"]
+    }
+  }
+}
+```
+
 ## Browser Automation
 
 Choose between two browser automation providers:
@@ -495,6 +686,7 @@ Configure concurrency limits for background agent tasks. This controls how many
 {
   "background_task": {
     "defaultConcurrency": 5,
+    "staleTimeoutMs": 180000,
     "providerConcurrency": {
       "anthropic": 3,
       "openai": 5,
@@ -511,6 +703,7 @@ Configure concurrency limits for background agent tasks. This controls how many
 | Option                | Default | Description                                                                                                             |
 | --------------------- | ------- | ----------------------------------------------------------------------------------------------------------------------- |
 | `defaultConcurrency`  | -       | Default maximum concurrent background tasks for all providers/models                                                    |
+| `staleTimeoutMs`      | `180000` | Stale timeout in milliseconds - interrupt tasks with no activity for this duration (minimum: 60000 = 1 minute)             |
 | `providerConcurrency` | -       | Per-provider concurrency limits. Keys are provider names (e.g., `anthropic`, `openai`, `google`)                        |
 | `modelConcurrency`    | -       | Per-model concurrency limits. Keys are full model names (e.g., `anthropic/claude-opus-4-5`). Overrides provider limits. |
 
@@ -525,27 +718,96 @@ Configure concurrency limits for background agent tasks. This controls how many
 
 Categories enable domain-specific task delegation via the `delegate_task` tool. Each category applies runtime presets (model, temperature, prompt additions) when calling the `Sisyphus-Junior` agent.
 
-**Default Categories:**
+### Built-in Categories
 
-| Category         | Model                         | Description                                                                  |
-| ---------------- | ----------------------------- | ---------------------------------------------------------------------------- |
-| `visual`         | `google/gemini-3-pro` | Frontend, UI/UX, design-focused tasks. High creativity (temp 0.7).           |
-| `business-logic` | `openai/gpt-5.2`              | Backend logic, architecture, strategic reasoning. Low creativity (temp 0.1). |
+All 7 categories come with optimal model defaults, but **you must configure them to use those defaults**:
 
-**Usage:**
+| Category             | Built-in Default Model             | Description                                                          |
+| -------------------- | ---------------------------------- | -------------------------------------------------------------------- |
+| `visual-engineering` | `google/gemini-3-pro-preview`      | Frontend, UI/UX, design, styling, animation                          |
+| `ultrabrain`         | `openai/gpt-5.2-codex` (xhigh)     | Deep logical reasoning, complex architecture decisions               |
+| `artistry`           | `google/gemini-3-pro-preview` (max)| Highly creative/artistic tasks, novel ideas                          |
+| `quick`              | `anthropic/claude-haiku-4-5`       | Trivial tasks - single file changes, typo fixes, simple modifications|
+| `unspecified-low`    | `anthropic/claude-sonnet-4-5`      | Tasks that don't fit other categories, low effort required           |
+| `unspecified-high`   | `anthropic/claude-opus-4-5` (max)  | Tasks that don't fit other categories, high effort required          |
+| `writing`            | `google/gemini-3-flash-preview`    | Documentation, prose, technical writing                              |
+
+### ⚠️ Critical: Model Resolution Priority
+
+**Categories DO NOT use their built-in defaults unless configured.** Model resolution follows this priority:
 
 ```
-// Via delegate_task tool
-delegate_task(category="visual", prompt="Create a responsive dashboard component")
-delegate_task(category="business-logic", prompt="Design the payment processing flow")
+1. User-configured model (in oh-my-opencode.json)
+2. Category's built-in default (if you add category to config)
+3. System default model (from opencode.json)
+```
 
-// Or target a specific agent directly
+**Example Problem:**
+
+```json
+// opencode.json
+{ "model": "anthropic/claude-sonnet-4-5" }
+
+// oh-my-opencode.json (empty categories section)
+{}
+
+// Result: ALL categories use claude-sonnet-4-5 (wasteful!)
+// - quick tasks use Sonnet instead of Haiku (expensive)
+// - ultrabrain uses Sonnet instead of GPT-5.2 (inferior reasoning)
+// - visual tasks use Sonnet instead of Gemini (suboptimal for UI)
+```
+
+### Recommended Configuration
+
+**To use optimal models for each category, add them to your config:**
+
+```json
+{
+  "categories": {
+    "visual-engineering": { 
+      "model": "google/gemini-3-pro-preview"
+    },
+    "ultrabrain": { 
+      "model": "openai/gpt-5.2-codex",
+      "variant": "xhigh"
+    },
+    "artistry": { 
+      "model": "google/gemini-3-pro-preview",
+      "variant": "max"
+    },
+    "quick": { 
+      "model": "anthropic/claude-haiku-4-5"  // Fast + cheap for trivial tasks
+    },
+    "unspecified-low": { 
+      "model": "anthropic/claude-sonnet-4-5"
+    },
+    "unspecified-high": { 
+      "model": "anthropic/claude-opus-4-5",
+      "variant": "max"
+    },
+    "writing": { 
+      "model": "google/gemini-3-flash-preview"
+    }
+  }
+}
+```
+
+**Only configure categories you have access to.** Unconfigured categories fall back to your system default model.
+
+### Usage
+
+```javascript
+// Via delegate_task tool
+delegate_task(category="visual-engineering", prompt="Create a responsive dashboard component")
+delegate_task(category="ultrabrain", prompt="Design the payment processing flow")
+
+// Or target a specific agent directly (bypasses categories)
 delegate_task(agent="oracle", prompt="Review this architecture")
 ```
 
-**Custom Categories:**
+### Custom Categories
 
-Add custom categories in `oh-my-opencode.json`:
+Add your own categories or override built-in ones:
 
 ```json
 {
@@ -555,15 +817,22 @@ Add custom categories in `oh-my-opencode.json`:
       "temperature": 0.2,
       "prompt_append": "Focus on data analysis, ML pipelines, and statistical methods."
     },
-    "visual": {
-      "model": "google/gemini-3-pro",
+    "visual-engineering": {
+      "model": "google/gemini-3-pro-preview",
       "prompt_append": "Use shadcn/ui components and Tailwind CSS."
     }
   }
 }
 ```
 
-Each category supports: `model`, `temperature`, `top_p`, `maxTokens`, `thinking`, `reasoningEffort`, `textVerbosity`, `tools`, `prompt_append`.
+Each category supports: `model`, `temperature`, `top_p`, `maxTokens`, `thinking`, `reasoningEffort`, `textVerbosity`, `tools`, `prompt_append`, `variant`, `description`, `is_unstable_agent`.
+
+### Additional Category Options
+
+| Option             | Type    | Default | Description                                                                                         |
+| ------------------ | ------- | ------- | --------------------------------------------------------------------------------------------------- |
+| `description`       | string  | -       | Human-readable description of the category's purpose. Shown in delegate_task prompt.                     |
+| `is_unstable_agent`| boolean | `false`  | Mark agent as unstable - forces background mode for monitoring. Auto-enabled for gemini models. |
 
 ## Model Resolution System
 
@@ -625,15 +894,15 @@ Each agent has a defined provider priority chain. The system tries providers in
 
 | Agent | Model (no prefix) | Provider Priority Chain |
 |-------|-------------------|-------------------------|
-| **Sisyphus** | `claude-opus-4-5` | anthropic → github-copilot → opencode → antigravity → google |
-| **oracle** | `gpt-5.2` | openai → anthropic → google → github-copilot → opencode |
-| **librarian** | `big-pickle` | opencode → github-copilot → anthropic |
-| **explore** | `gpt-5-nano` | anthropic → opencode |
-| **multimodal-looker** | `gemini-3-flash` | google → openai → zai-coding-plan → anthropic → opencode |
-| **Prometheus (Planner)** | `claude-opus-4-5` | anthropic → github-copilot → opencode → antigravity → google |
-| **Metis (Plan Consultant)** | `claude-sonnet-4-5` | anthropic → github-copilot → opencode → antigravity → google |
-| **Momus (Plan Reviewer)** | `claude-opus-4-5` | anthropic → github-copilot → opencode → antigravity → google |
-| **Atlas** | `claude-sonnet-4-5` | anthropic → github-copilot → opencode → antigravity → google |
+| **Sisyphus** | `claude-opus-4-5` | anthropic → kimi-for-coding → zai-coding-plan → openai → google |
+| **oracle** | `gpt-5.2` | openai → google → anthropic |
+| **librarian** | `glm-4.7` | zai-coding-plan → opencode → anthropic |
+| **explore** | `claude-haiku-4-5` | anthropic → github-copilot → opencode |
+| **multimodal-looker** | `gemini-3-flash` | google → openai → zai-coding-plan → kimi-for-coding → anthropic → opencode |
+| **Prometheus (Planner)** | `claude-opus-4-5` | anthropic → kimi-for-coding → openai → google |
+| **Metis (Plan Consultant)** | `claude-opus-4-5` | anthropic → kimi-for-coding → openai → google |
+| **Momus (Plan Reviewer)** | `gpt-5.2` | openai → anthropic → google |
+| **Atlas** | `claude-sonnet-4-5` | anthropic → kimi-for-coding → openai → google |
 
 ### Category Provider Chains
 
@@ -641,13 +910,14 @@ Categories follow the same resolution logic:
 
 | Category | Model (no prefix) | Provider Priority Chain |
 |----------|-------------------|-------------------------|
-| **visual-engineering** | `gemini-3-pro` | google → openai → anthropic → github-copilot → opencode |
-| **ultrabrain** | `gpt-5.2-codex` | openai → anthropic → google → github-copilot → opencode |
-| **artistry** | `gemini-3-pro` | google → openai → anthropic → github-copilot → opencode |
-| **quick** | `claude-haiku-4-5` | anthropic → github-copilot → opencode → antigravity → google |
-| **unspecified-low** | `claude-sonnet-4-5` | anthropic → github-copilot → opencode → antigravity → google |
-| **unspecified-high** | `claude-opus-4-5` | anthropic → github-copilot → opencode → antigravity → google |
-| **writing** | `gemini-3-flash` | google → openai → anthropic → github-copilot → opencode |
+| **visual-engineering** | `gemini-3-pro` | google → anthropic → zai-coding-plan |
+| **ultrabrain** | `gpt-5.2-codex` | openai → google → anthropic |
+| **deep** | `gpt-5.2-codex` | openai → anthropic → google |
+| **artistry** | `gemini-3-pro` | google → anthropic → openai |
+| **quick** | `claude-haiku-4-5` | anthropic → google → opencode |
+| **unspecified-low** | `claude-sonnet-4-5` | anthropic → openai → google |
+| **unspecified-high** | `claude-opus-4-5` | anthropic → openai → google |
+| **writing** | `gemini-3-flash` | google → anthropic → zai-coding-plan → openai |
 
 ### Checking Your Configuration
 
@@ -697,10 +967,93 @@ Disable specific built-in hooks via `disabled_hooks` in `~/.config/opencode/oh-m
 }
 ```
 
-Available hooks: `todo-continuation-enforcer`, `context-window-monitor`, `session-recovery`, `session-notification`, `comment-checker`, `grep-output-truncator`, `tool-output-truncator`, `directory-agents-injector`, `directory-readme-injector`, `empty-task-response-detector`, `think-mode`, `anthropic-context-window-limit-recovery`, `rules-injector`, `background-notification`, `auto-update-checker`, `startup-toast`, `keyword-detector`, `agent-usage-reminder`, `non-interactive-env`, `interactive-bash-session`, `compaction-context-injector`, `thinking-block-validator`, `claude-code-hooks`, `ralph-loop`, `preemptive-compaction`
+Available hooks: `todo-continuation-enforcer`, `context-window-monitor`, `session-recovery`, `session-notification`, `comment-checker`, `grep-output-truncator`, `tool-output-truncator`, `directory-agents-injector`, `directory-readme-injector`, `empty-task-response-detector`, `think-mode`, `anthropic-context-window-limit-recovery`, `rules-injector`, `background-notification`, `auto-update-checker`, `startup-toast`, `keyword-detector`, `agent-usage-reminder`, `non-interactive-env`, `interactive-bash-session`, `compaction-context-injector`, `thinking-block-validator`, `claude-code-hooks`, `ralph-loop`, `preemptive-compaction`, `auto-slash-command`, `sisyphus-junior-notepad`, `start-work`
+
+**Note on `directory-agents-injector`**: This hook is **automatically disabled** when running on OpenCode 1.1.37+ because OpenCode now has native support for dynamically resolving AGENTS.md files from subdirectories (PR #10678). This prevents duplicate AGENTS.md injection. For older OpenCode versions, the hook remains active to provide the same functionality.
 
 **Note on `auto-update-checker` and `startup-toast`**: The `startup-toast` hook is a sub-feature of `auto-update-checker`. To disable only the startup toast notification while keeping update checking enabled, add `"startup-toast"` to `disabled_hooks`. To disable all update checking features (including the toast), add `"auto-update-checker"` to `disabled_hooks`.
 
+## Disabled Commands
+
+Disable specific built-in commands via `disabled_commands` in `~/.config/opencode/oh-my-opencode.json` or `.opencode/oh-my-opencode.json`:
+
+```json
+{
+  "disabled_commands": ["init-deep", "start-work"]
+}
+```
+
+Available commands: `init-deep`, `start-work`
+
+## Comment Checker
+
+Configure comment-checker hook behavior. The comment checker warns when excessive comments are added to code.
+
+```json
+{
+  "comment_checker": {
+    "custom_prompt": "Your custom warning message. Use {{comments}} placeholder for detected comments XML."
+  }
+}
+```
+
+| Option        | Default | Description                                                                |
+| ------------- | ------- | -------------------------------------------------------------------------- |
+| `custom_prompt` | -       | Custom warning message to replace the default. Use `{{comments}}` placeholder. |
+
+## Notification
+
+Configure notification behavior for background task completion.
+
+```json
+{
+  "notification": {
+    "force_enable": true
+  }
+}
+```
+
+| Option         | Default | Description                                                                                   |
+| -------------- | ------- | ---------------------------------------------------------------------------------------------- |
+| `force_enable` | `false` | Force enable session-notification even if external notification plugins are detected. Default: `false`. |
+
+## Sisyphus Tasks & Swarm
+
+Configure Sisyphus Tasks and Swarm systems for advanced task management and multi-agent orchestration.
+
+```json
+{
+  "sisyphus": {
+    "tasks": {
+      "enabled": false,
+      "storage_path": ".sisyphus/tasks",
+      "claude_code_compat": false
+    },
+    "swarm": {
+      "enabled": false,
+      "storage_path": ".sisyphus/teams",
+      "ui_mode": "toast"
+    }
+  }
+}
+```
+
+### Tasks Configuration
+
+| Option               | Default            | Description                                                               |
+| -------------------- | ------------------ | ------------------------------------------------------------------------- |
+| `enabled`            | `false`            | Enable Sisyphus Tasks system                                               |
+| `storage_path`       | `.sisyphus/tasks`  | Storage path for tasks (relative to project root)                           |
+| `claude_code_compat` | `false`            | Enable Claude Code path compatibility mode                                   |
+
+### Swarm Configuration
+
+| Option         | Default            | Description                                                    |
+| -------------- | ------------------ | -------------------------------------------------------------- |
+| `enabled`      | `false`            | Enable Sisyphus Swarm system for multi-agent orchestration        |
+| `storage_path` | `.sisyphus/teams`  | Storage path for teams (relative to project root)                |
+| `ui_mode`      | `toast`            | UI mode: `toast` (notifications), `tmux` (panes), or `both`     |
+
 ## MCPs
 
 Exa, Context7 and grep.app MCP enabled by default.
@@ -742,6 +1095,38 @@ Add LSP servers via the `lsp` option in `~/.config/opencode/oh-my-opencode.json`
 
 Each server supports: `command`, `extensions`, `priority`, `env`, `initialization`, `disabled`.
 
+| Option         | Type     | Default | Description                                                            |
+| -------------- | -------- | ------- | ---------------------------------------------------------------------- |
+| `command`       | array    | -       | Command to start the LSP server (executable + args)                          |
+| `extensions`    | array    | -       | File extensions this server handles (e.g., `[".ts", ".tsx"]`)               |
+| `priority`      | number   | -       | Server priority when multiple servers match a file                               |
+| `env`           | object   | -       | Environment variables for the LSP server (key-value pairs)                     |
+| `initialization`| object   | -       | Custom initialization options passed to the LSP server                        |
+| `disabled`      | boolean  | `false`  | Whether to disable this LSP server                                         |
+
+**Example with advanced options:**
+
+```json
+{
+  "lsp": {
+    "typescript-language-server": {
+      "command": ["typescript-language-server", "--stdio"],
+      "extensions": [".ts", ".tsx"],
+      "priority": 10,
+      "env": {
+        "NODE_OPTIONS": "--max-old-space-size=4096"
+      },
+      "initialization": {
+        "preferences": {
+          "includeInlayParameterNameHints": "all",
+          "includeInlayFunctionParameterTypeHints": true
+        }
+      }
+    }
+  }
+}
+```
+
 ## Experimental
 
 Opt-in experimental features that may change or be removed in future versions. Use with caution.
@@ -751,7 +1136,29 @@ Opt-in experimental features that may change or be removed in future versions. U
   "experimental": {
     "truncate_all_tool_outputs": true,
     "aggressive_truncation": true,
-    "auto_resume": true
+    "auto_resume": true,
+    "dynamic_context_pruning": {
+      "enabled": false,
+      "notification": "detailed",
+      "turn_protection": {
+        "enabled": true,
+        "turns": 3
+      },
+      "protected_tools": ["task", "todowrite", "lsp_rename"],
+      "strategies": {
+        "deduplication": {
+          "enabled": true
+        },
+        "supersede_writes": {
+          "enabled": true,
+          "aggressive": false
+        },
+        "purge_errors": {
+          "enabled": true,
+          "turns": 5
+        }
+      }
+    }
   }
 }
 ```
@@ -760,7 +1167,72 @@ Opt-in experimental features that may change or be removed in future versions. U
 | --------------------------- | ------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
 | `truncate_all_tool_outputs` | `false` | Truncates ALL tool outputs instead of just whitelisted tools (Grep, Glob, LSP, AST-grep). Tool output truncator is enabled by default - disable via `disabled_hooks`.                         |
 | `aggressive_truncation`     | `false` | When token limit is exceeded, aggressively truncates tool outputs to fit within limits. More aggressive than the default truncation behavior. Falls back to summarize/revert if insufficient. |
-| `auto_resume`               | `false` | Automatically resumes session after successful recovery from thinking block errors or thinking disabled violations. Extracts the last user message and continues.                             |
+| `auto_resume`               | `false` | Automatically resumes session after successful recovery from thinking block errors or thinking disabled violations. Extracts last user message and continues.                             |
+| `dynamic_context_pruning`    | See below | Dynamic context pruning configuration for managing context window usage automatically. See [Dynamic Context Pruning](#dynamic-context-pruning) below.                              |
+
+### Dynamic Context Pruning
+
+Dynamic context pruning automatically manages context window by intelligently pruning old tool outputs. This feature helps maintain performance in long sessions.
+
+```json
+{
+  "experimental": {
+    "dynamic_context_pruning": {
+      "enabled": false,
+      "notification": "detailed",
+      "turn_protection": {
+        "enabled": true,
+        "turns": 3
+      },
+      "protected_tools": ["task", "todowrite", "todoread", "lsp_rename", "session_read", "session_write", "session_search"],
+      "strategies": {
+        "deduplication": {
+          "enabled": true
+        },
+        "supersede_writes": {
+          "enabled": true,
+          "aggressive": false
+        },
+        "purge_errors": {
+          "enabled": true,
+          "turns": 5
+        }
+      }
+    }
+  }
+}
+```
+
+| Option            | Default | Description                                                                               |
+| ----------------- | ------- | ----------------------------------------------------------------------------------------- |
+| `enabled`         | `false`  | Enable dynamic context pruning                                                               |
+| `notification`     | `detailed` | Notification level: `off`, `minimal`, or `detailed`                                        |
+| `turn_protection` | See below | Turn protection settings - prevent pruning recent tool outputs                                 |
+
+#### Turn Protection
+
+| Option    | Default | Description                                                  |
+| --------- | ------- | ------------------------------------------------------------ |
+| `enabled` | `true`  | Enable turn protection                                         |
+| `turns`   | `3`     | Number of recent turns to protect from pruning (1-10)           |
+
+#### Protected Tools
+
+Tools that should never be pruned (default):
+
+```json
+["task", "todowrite", "todoread", "lsp_rename", "session_read", "session_write", "session_search"]
+```
+
+#### Pruning Strategies
+
+| Strategy            | Option       | Default | Description                                                                  |
+| ------------------- | ------------ | ------- | ---------------------------------------------------------------------------- |
+| **deduplication**   | `enabled`    | `true`  | Remove duplicate tool calls (same tool + same args)                              |
+| **supersede_writes**| `enabled`    | `true`  | Prune write inputs when file subsequently read                                   |
+|                     | `aggressive` | `false` | Aggressive mode: prune any write if ANY subsequent read                         |
+| **purge_errors**   | `enabled`    | `true`  | Prune errored tool inputs after N turns                                        |
+|                     | `turns`      | `5`     | Number of turns before pruning errors (1-20)                                    |
 
 **Warning**: These features are experimental and may cause unexpected behavior. Enable only if you understand the implications.
 

docs/features.md

@@ -10,19 +10,19 @@ Oh-My-OpenCode provides 10 specialized AI agents. Each has distinct expertise, o
 
 | Agent | Model | Purpose |
 |-------|-------|---------|
-| **Sisyphus** | `anthropic/claude-opus-4-5` | **The default orchestrator.** Plans, delegates, and executes complex tasks using specialized subagents with aggressive parallel execution. Todo-driven workflow with extended thinking (32k budget). |
+| **Sisyphus** | `anthropic/claude-opus-4-5` | **The default orchestrator.** Plans, delegates, and executes complex tasks using specialized subagents with aggressive parallel execution. Todo-driven workflow with extended thinking (32k budget). Fallback: kimi-k2.5 → glm-4.7 → gpt-5.2-codex → gemini-3-pro. |
 | **oracle** | `openai/gpt-5.2` | Architecture decisions, code review, debugging. Read-only consultation - stellar logical reasoning and deep analysis. Inspired by AmpCode. |
-| **librarian** | `opencode/big-pickle` | Multi-repo analysis, documentation lookup, OSS implementation examples. Deep codebase understanding with evidence-based answers. Inspired by AmpCode. |
-| **explore** | `opencode/gpt-5-nano` | Fast codebase exploration and contextual grep. Uses Gemini 3 Flash when Antigravity auth is configured, Haiku when Claude max20 is available, otherwise Grok. Inspired by Claude Code. |
-| **multimodal-looker** | `google/gemini-3-flash` | Visual content specialist. Analyzes PDFs, images, diagrams to extract information. Saves tokens by having another agent process media. |
+| **librarian** | `zai-coding-plan/glm-4.7` | Multi-repo analysis, documentation lookup, OSS implementation examples. Deep codebase understanding with evidence-based answers. Fallback: glm-4.7-free → claude-sonnet-4-5. |
+| **explore** | `anthropic/claude-haiku-4-5` | Fast codebase exploration and contextual grep. Fallback: gpt-5-mini → gpt-5-nano. |
+| **multimodal-looker** | `google/gemini-3-flash` | Visual content specialist. Analyzes PDFs, images, diagrams to extract information. Fallback: gpt-5.2 → glm-4.6v → kimi-k2.5 → claude-haiku-4-5 → gpt-5-nano. |
 
 ### Planning Agents
 
 | Agent | Model | Purpose |
 |-------|-------|---------|
-| **Prometheus** | `anthropic/claude-opus-4-5` | Strategic planner with interview mode. Creates detailed work plans through iterative questioning. |
-| **Metis** | `anthropic/claude-sonnet-4-5` | Plan consultant - pre-planning analysis. Identifies hidden intentions, ambiguities, and AI failure points. |
-| **Momus** | `anthropic/claude-sonnet-4-5` | Plan reviewer - validates plans against clarity, verifiability, and completeness standards. |
+| **Prometheus** | `anthropic/claude-opus-4-5` | Strategic planner with interview mode. Creates detailed work plans through iterative questioning. Fallback: kimi-k2.5 → gpt-5.2 → gemini-3-pro. |
+| **Metis** | `anthropic/claude-opus-4-5` | Plan consultant - pre-planning analysis. Identifies hidden intentions, ambiguities, and AI failure points. Fallback: kimi-k2.5 → gpt-5.2 → gemini-3-pro. |
+| **Momus** | `openai/gpt-5.2` | Plan reviewer - validates plans against clarity, verifiability, and completeness standards. Fallback: gpt-5.2 → claude-opus-4-5 → gemini-3-pro. |
 
 ### Invoking Agents
 
@@ -320,7 +320,7 @@ Hooks intercept and modify behavior at key points in the agent lifecycle.
 
 | Hook | Event | Description |
 |------|-------|-------------|
-| **directory-agents-injector** | PostToolUse | Auto-injects AGENTS.md when reading files. Walks from file to project root, collecting all AGENTS.md files. |
+| **directory-agents-injector** | PostToolUse | Auto-injects AGENTS.md when reading files. Walks from file to project root, collecting all AGENTS.md files. **Deprecated for OpenCode 1.1.37+** - Auto-disabled when native AGENTS.md injection is available. |
 | **directory-readme-injector** | PostToolUse | Auto-injects README.md for directory context. |
 | **rules-injector** | PostToolUse | Injects rules from `.claude/rules/` when conditions match. Supports globs and alwaysApply. |
 | **compaction-context-injector** | Stop | Preserves critical context during session compaction. |
@@ -521,6 +521,37 @@ mcp:
 
 The `skill_mcp` tool invokes these operations with full schema discovery.
 
+#### OAuth-Enabled MCPs
+
+Skills can define OAuth-protected remote MCP servers. OAuth 2.1 with full RFC compliance (RFC 9728, 8414, 8707, 7591) is supported:
+
+```yaml
+---
+description: My API skill
+mcp:
+  my-api:
+    url: https://api.example.com/mcp
+    oauth:
+      clientId: ${CLIENT_ID}
+      scopes: ["read", "write"]
+---
+```
+
+When a skill MCP has `oauth` configured:
+- **Auto-discovery**: Fetches `/.well-known/oauth-protected-resource` (RFC 9728), falls back to `/.well-known/oauth-authorization-server` (RFC 8414)
+- **Dynamic Client Registration**: Auto-registers with servers supporting RFC 7591 (clientId becomes optional)
+- **PKCE**: Mandatory for all flows
+- **Resource Indicators**: Auto-generated from MCP URL per RFC 8707
+- **Token Storage**: Persisted in `~/.config/opencode/mcp-oauth.json` (chmod 0600)
+- **Auto-refresh**: Tokens refresh on 401; step-up authorization on 403 with `WWW-Authenticate`
+- **Dynamic Port**: OAuth callback server uses an auto-discovered available port
+
+Pre-authenticate via CLI:
+
+```bash
+bunx oh-my-opencode mcp oauth login <server-name> --server-url https://api.example.com
+```
+
 ---
 
 ## Context Injection

docs/guide/installation.md

@@ -213,7 +213,7 @@ If Z.ai is the only provider available, all agents will use GLM models:
 
 #### OpenCode Zen
 
-OpenCode Zen provides access to `opencode/` prefixed models including `opencode/claude-opus-4-5`, `opencode/gpt-5.2`, `opencode/gpt-5-nano`, and `opencode/big-pickle`.
+OpenCode Zen provides access to `opencode/` prefixed models including `opencode/claude-opus-4-5`, `opencode/gpt-5.2`, `opencode/gpt-5-nano`, and `opencode/glm-4.7-free`.
 
 When OpenCode Zen is the best available provider (no native or Copilot), these models are used:
 
@@ -222,7 +222,7 @@ When OpenCode Zen is the best available provider (no native or Copilot), these m
 | **Sisyphus**  | `opencode/claude-opus-4-5`       |
 | **Oracle**    | `opencode/gpt-5.2`               |
 | **Explore**   | `opencode/gpt-5-nano`             |
-| **Librarian** | `opencode/big-pickle`          |
+| **Librarian** | `opencode/glm-4.7-free`          |
 
 ##### Setup
 
@@ -278,7 +278,7 @@ After everything is set up and working, ask the user:
 
 If the user agrees, run:
 ```bash
-gh repo star code-yeongyu/oh-my-opencode
+gh api --silent --method PUT /user/starred/code-yeongyu/oh-my-opencode >/dev/null 2>&1 || true
 ```
 
 **Important**: Only run the command if the user explicitly says yes. Never run it automatically without consent.

docs/troubleshooting/ollama-streaming-issue.md

@@ -0,0 +1,126 @@
+# Ollama Streaming Issue - JSON Parse Error
+
+## Problem
+
+When using Ollama as a provider with oh-my-opencode agents, you may encounter:
+
+```
+JSON Parse error: Unexpected EOF
+```
+
+This occurs when agents attempt tool calls (e.g., `explore` agent using `mcp_grep_search`).
+
+## Root Cause
+
+Ollama returns **NDJSON** (newline-delimited JSON) when `stream: true` is used in API requests:
+
+```json
+{"message":{"tool_calls":[{"function":{"name":"read","arguments":{"filePath":"README.md"}}}]}, "done":false}
+{"message":{"content":""}, "done":true}
+```
+
+Claude Code SDK expects a single JSON object, not multiple NDJSON lines, causing the parse error.
+
+### Why This Happens
+
+- **Ollama API**: Returns streaming responses as NDJSON by design
+- **Claude Code SDK**: Doesn't properly handle NDJSON responses for tool calls
+- **oh-my-opencode**: Passes through the SDK's behavior (can't fix at this layer)
+
+## Solutions
+
+### Option 1: Disable Streaming (Recommended - Immediate Fix)
+
+Configure your Ollama provider to use `stream: false`:
+
+```json
+{
+  "provider": "ollama",
+  "model": "qwen3-coder",
+  "stream": false
+}
+```
+
+**Pros:**
+- Works immediately
+- No code changes needed
+- Simple configuration
+
+**Cons:**
+- Slightly slower response time (no streaming)
+- Less interactive feedback
+
+### Option 2: Use Non-Tool Agents Only
+
+If you need streaming, avoid agents that use tools:
+
+- ✅ **Safe**: Simple text generation, non-tool tasks
+- ❌ **Problematic**: Any agent with tool calls (explore, librarian, etc.)
+
+### Option 3: Wait for SDK Fix (Long-term)
+
+The proper fix requires Claude Code SDK to:
+
+1. Detect NDJSON responses
+2. Parse each line separately
+3. Merge `tool_calls` from multiple lines
+4. Return a single merged response
+
+**Tracking**: https://github.com/code-yeongyu/oh-my-opencode/issues/1124
+
+## Workaround Implementation
+
+Until the SDK is fixed, here's how to implement NDJSON parsing (for SDK maintainers):
+
+```typescript
+async function parseOllamaStreamResponse(response: string): Promise<object> {
+  const lines = response.split('\n').filter(line => line.trim());
+  const mergedMessage = { tool_calls: [] };
+
+  for (const line of lines) {
+    try {
+      const json = JSON.parse(line);
+      if (json.message?.tool_calls) {
+        mergedMessage.tool_calls.push(...json.message.tool_calls);
+      }
+      if (json.message?.content) {
+        mergedMessage.content = json.message.content;
+      }
+    } catch (e) {
+      // Skip malformed lines
+      console.warn('Skipping malformed NDJSON line:', line);
+    }
+  }
+
+  return mergedMessage;
+}
+```
+
+## Testing
+
+To verify the fix works:
+
+```bash
+# Test with curl (should work with stream: false)
+curl -s http://localhost:11434/api/chat \
+  -d '{
+    "model": "qwen3-coder",
+    "messages": [{"role": "user", "content": "Read file README.md"}],
+    "stream": false,
+    "tools": [{"type": "function", "function": {"name": "read", "description": "Read a file", "parameters": {"type": "object", "properties": {"filePath": {"type": "string"}}, "required": ["filePath"]}}}]
+  }'
+```
+
+## Related Issues
+
+- **oh-my-opencode**: https://github.com/code-yeongyu/oh-my-opencode/issues/1124
+- **Ollama API Docs**: https://github.com/ollama/ollama/blob/main/docs/api.md
+
+## Getting Help
+
+If you encounter this issue:
+
+1. Check your Ollama provider configuration
+2. Set `stream: false` as a workaround
+3. Report any additional errors to the issue tracker
+4. Provide your configuration (without secrets) for debugging

package.json

@@ -1,6 +1,6 @@
 {
   "name": "oh-my-opencode",
-  "version": "3.1.2",
+  "version": "3.1.11",
   "description": "The Best AI Agent Harness - Batteries-Included OpenCode Plugin with Multi-Model Orchestration, Parallel Background Agents, and Crafted LSP/AST Tools",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -64,6 +64,7 @@
     "jsonc-parser": "^3.3.1",
     "picocolors": "^1.1.1",
     "picomatch": "^4.0.2",
+    "vscode-jsonrpc": "^8.2.0",
     "zod": "^4.1.8"
   },
   "devDependencies": {
@@ -73,13 +74,13 @@
     "typescript": "^5.7.3"
   },
   "optionalDependencies": {
-    "oh-my-opencode-darwin-arm64": "3.1.2",
-    "oh-my-opencode-darwin-x64": "3.1.2",
-    "oh-my-opencode-linux-arm64": "3.1.2",
-    "oh-my-opencode-linux-arm64-musl": "3.1.2",
-    "oh-my-opencode-linux-x64": "3.1.2",
-    "oh-my-opencode-linux-x64-musl": "3.1.2",
-    "oh-my-opencode-windows-x64": "3.1.2"
+    "oh-my-opencode-darwin-arm64": "3.1.11",
+    "oh-my-opencode-darwin-x64": "3.1.11",
+    "oh-my-opencode-linux-arm64": "3.1.11",
+    "oh-my-opencode-linux-arm64-musl": "3.1.11",
+    "oh-my-opencode-linux-x64": "3.1.11",
+    "oh-my-opencode-linux-x64-musl": "3.1.11",
+    "oh-my-opencode-windows-x64": "3.1.11"
   },
   "trustedDependencies": [
     "@ast-grep/cli",

packages/darwin-arm64/package.json

@@ -1,6 +1,6 @@
 {
   "name": "oh-my-opencode-darwin-arm64",
-  "version": "3.1.2",
+  "version": "3.1.11",
   "description": "Platform-specific binary for oh-my-opencode (darwin-arm64)",
   "license": "MIT",
   "repository": {

packages/darwin-x64-baseline/package.json

@@ -0,0 +1,22 @@
+{
+  "name": "oh-my-opencode-darwin-x64-baseline",
+  "version": "3.1.1",
+  "description": "Platform-specific binary for oh-my-opencode (darwin-x64-baseline, no AVX2)",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/code-yeongyu/oh-my-opencode"
+  },
+  "os": [
+    "darwin"
+  ],
+  "cpu": [
+    "x64"
+  ],
+  "files": [
+    "bin"
+  ],
+  "bin": {
+    "oh-my-opencode": "./bin/oh-my-opencode"
+  }
+}

packages/darwin-x64/package.json

@@ -1,6 +1,6 @@
 {
   "name": "oh-my-opencode-darwin-x64",
-  "version": "3.1.2",
+  "version": "3.1.11",
   "description": "Platform-specific binary for oh-my-opencode (darwin-x64)",
   "license": "MIT",
   "repository": {

packages/linux-arm64-musl/package.json

@@ -1,6 +1,6 @@
 {
   "name": "oh-my-opencode-linux-arm64-musl",
-  "version": "3.1.2",
+  "version": "3.1.11",
   "description": "Platform-specific binary for oh-my-opencode (linux-arm64-musl)",
   "license": "MIT",
   "repository": {

packages/linux-arm64/package.json

@@ -1,6 +1,6 @@
 {
   "name": "oh-my-opencode-linux-arm64",
-  "version": "3.1.2",
+  "version": "3.1.11",
   "description": "Platform-specific binary for oh-my-opencode (linux-arm64)",
   "license": "MIT",
   "repository": {

packages/linux-x64-baseline/package.json

@@ -0,0 +1,25 @@
+{
+  "name": "oh-my-opencode-linux-x64-baseline",
+  "version": "3.1.1",
+  "description": "Platform-specific binary for oh-my-opencode (linux-x64-baseline, no AVX2)",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/code-yeongyu/oh-my-opencode"
+  },
+  "os": [
+    "linux"
+  ],
+  "cpu": [
+    "x64"
+  ],
+  "libc": [
+    "glibc"
+  ],
+  "files": [
+    "bin"
+  ],
+  "bin": {
+    "oh-my-opencode": "./bin/oh-my-opencode"
+  }
+}

packages/linux-x64-musl-baseline/package.json

@@ -0,0 +1,25 @@
+{
+  "name": "oh-my-opencode-linux-x64-musl-baseline",
+  "version": "3.1.1",
+  "description": "Platform-specific binary for oh-my-opencode (linux-x64-musl-baseline, no AVX2)",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/code-yeongyu/oh-my-opencode"
+  },
+  "os": [
+    "linux"
+  ],
+  "cpu": [
+    "x64"
+  ],
+  "libc": [
+    "musl"
+  ],
+  "files": [
+    "bin"
+  ],
+  "bin": {
+    "oh-my-opencode": "./bin/oh-my-opencode"
+  }
+}

packages/linux-x64-musl/package.json

@@ -1,6 +1,6 @@
 {
   "name": "oh-my-opencode-linux-x64-musl",
-  "version": "3.1.2",
+  "version": "3.1.11",
   "description": "Platform-specific binary for oh-my-opencode (linux-x64-musl)",
   "license": "MIT",
   "repository": {

packages/linux-x64/package.json

@@ -1,6 +1,6 @@
 {
   "name": "oh-my-opencode-linux-x64",
-  "version": "3.1.2",
+  "version": "3.1.11",
   "description": "Platform-specific binary for oh-my-opencode (linux-x64)",
   "license": "MIT",
   "repository": {

packages/windows-x64-baseline/package.json

@@ -0,0 +1,22 @@
+{
+  "name": "oh-my-opencode-windows-x64-baseline",
+  "version": "3.1.1",
+  "description": "Platform-specific binary for oh-my-opencode (windows-x64-baseline, no AVX2)",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/code-yeongyu/oh-my-opencode"
+  },
+  "os": [
+    "win32"
+  ],
+  "cpu": [
+    "x64"
+  ],
+  "files": [
+    "bin"
+  ],
+  "bin": {
+    "oh-my-opencode": "./bin/oh-my-opencode.exe"
+  }
+}

packages/windows-x64/package.json

@@ -1,6 +1,6 @@
 {
   "name": "oh-my-opencode-windows-x64",
-  "version": "3.1.2",
+  "version": "3.1.11",
   "description": "Platform-specific binary for oh-my-opencode (windows-x64)",
   "license": "MIT",
   "repository": {

script/build-binaries.test.ts

@@ -0,0 +1,79 @@
+// script/build-binaries.test.ts
+// Tests for platform binary build configuration
+
+import { describe, expect, it } from "bun:test";
+
+// Import PLATFORMS from build-binaries.ts
+// We need to export it first, but for now we'll test the expected structure
+const EXPECTED_BASELINE_TARGETS = [
+  "bun-linux-x64-baseline",
+  "bun-linux-x64-musl-baseline",
+  "bun-darwin-x64-baseline",
+  "bun-windows-x64-baseline",
+];
+
+describe("build-binaries", () => {
+  describe("PLATFORMS array", () => {
+    it("includes baseline variants for non-AVX2 CPU support", async () => {
+      // given
+      const module = await import("./build-binaries.ts");
+      const platforms = (module as { PLATFORMS: { target: string }[] }).PLATFORMS;
+      const targets = platforms.map((p) => p.target);
+
+      // when
+      const hasAllBaselineTargets = EXPECTED_BASELINE_TARGETS.every((baseline) =>
+        targets.includes(baseline)
+      );
+
+      // then
+      expect(hasAllBaselineTargets).toBe(true);
+      for (const baseline of EXPECTED_BASELINE_TARGETS) {
+        expect(targets).toContain(baseline);
+      }
+    });
+
+    it("has correct directory names for baseline platforms", async () => {
+      // given
+      const module = await import("./build-binaries.ts");
+      const platforms = (module as { PLATFORMS: { dir: string; target: string }[] }).PLATFORMS;
+
+      // when
+      const baselinePlatforms = platforms.filter((p) => p.target.includes("baseline"));
+
+      // then
+      expect(baselinePlatforms.length).toBe(4);
+      expect(baselinePlatforms.map((p) => p.dir)).toContain("linux-x64-baseline");
+      expect(baselinePlatforms.map((p) => p.dir)).toContain("linux-x64-musl-baseline");
+      expect(baselinePlatforms.map((p) => p.dir)).toContain("darwin-x64-baseline");
+      expect(baselinePlatforms.map((p) => p.dir)).toContain("windows-x64-baseline");
+    });
+
+    it("has correct binary names for baseline platforms", async () => {
+      // given
+      const module = await import("./build-binaries.ts");
+      const platforms = (module as { PLATFORMS: { dir: string; target: string; binary: string }[] }).PLATFORMS;
+
+      // when
+      const windowsBaseline = platforms.find((p) => p.target === "bun-windows-x64-baseline");
+      const linuxBaseline = platforms.find((p) => p.target === "bun-linux-x64-baseline");
+
+      // then
+      expect(windowsBaseline?.binary).toBe("oh-my-opencode.exe");
+      expect(linuxBaseline?.binary).toBe("oh-my-opencode");
+    });
+
+    it("has descriptions mentioning no AVX2 for baseline platforms", async () => {
+      // given
+      const module = await import("./build-binaries.ts");
+      const platforms = (module as { PLATFORMS: { target: string; description: string }[] }).PLATFORMS;
+
+      // when
+      const baselinePlatforms = platforms.filter((p) => p.target.includes("baseline"));
+
+      // then
+      for (const platform of baselinePlatforms) {
+        expect(platform.description).toContain("no AVX2");
+      }
+    });
+  });
+});

script/build-binaries.ts

@@ -13,14 +13,18 @@ interface PlatformTarget {
   description: string;
 }
 
-const PLATFORMS: PlatformTarget[] = [
+export const PLATFORMS: PlatformTarget[] = [
   { dir: "darwin-arm64", target: "bun-darwin-arm64", binary: "oh-my-opencode", description: "macOS ARM64" },
   { dir: "darwin-x64", target: "bun-darwin-x64", binary: "oh-my-opencode", description: "macOS x64" },
+  { dir: "darwin-x64-baseline", target: "bun-darwin-x64-baseline", binary: "oh-my-opencode", description: "macOS x64 (no AVX2)" },
   { dir: "linux-x64", target: "bun-linux-x64", binary: "oh-my-opencode", description: "Linux x64 (glibc)" },
+  { dir: "linux-x64-baseline", target: "bun-linux-x64-baseline", binary: "oh-my-opencode", description: "Linux x64 (glibc, no AVX2)" },
   { dir: "linux-arm64", target: "bun-linux-arm64", binary: "oh-my-opencode", description: "Linux ARM64 (glibc)" },
   { dir: "linux-x64-musl", target: "bun-linux-x64-musl", binary: "oh-my-opencode", description: "Linux x64 (musl)" },
+  { dir: "linux-x64-musl-baseline", target: "bun-linux-x64-musl-baseline", binary: "oh-my-opencode", description: "Linux x64 (musl, no AVX2)" },
   { dir: "linux-arm64-musl", target: "bun-linux-arm64-musl", binary: "oh-my-opencode", description: "Linux ARM64 (musl)" },
   { dir: "windows-x64", target: "bun-windows-x64", binary: "oh-my-opencode.exe", description: "Windows x64" },
+  { dir: "windows-x64-baseline", target: "bun-windows-x64-baseline", binary: "oh-my-opencode.exe", description: "Windows x64 (no AVX2)" },
 ];
 
 const ENTRY_POINT = "src/cli/index.ts";

signatures/cla.json

@@ -879,6 +879,190 @@
       "created_at": "2026-01-26T23:20:30Z",
       "repoId": 1108837393,
       "pullRequestNo": 1157
+    },
+    {
+      "name": "ghtndl",
+      "id": 117787238,
+      "comment_id": 3802593326,
+      "created_at": "2026-01-27T01:27:17Z",
+      "repoId": 1108837393,
+      "pullRequestNo": 1158
+    },
+    {
+      "name": "alvinunreal",
+      "id": 204474669,
+      "comment_id": 3796402213,
+      "created_at": "2026-01-25T10:26:58Z",
+      "repoId": 1108837393,
+      "pullRequestNo": 1100
+    },
+    {
+      "name": "MoerAI",
+      "id": 26067127,
+      "comment_id": 3803968993,
+      "created_at": "2026-01-27T09:00:57Z",
+      "repoId": 1108837393,
+      "pullRequestNo": 1172
+    },
+    {
+      "name": "moha-abdi",
+      "id": 83307623,
+      "comment_id": 3804988070,
+      "created_at": "2026-01-27T12:36:21Z",
+      "repoId": 1108837393,
+      "pullRequestNo": 1179
+    },
+    {
+      "name": "zycaskevin",
+      "id": 223135116,
+      "comment_id": 3806137669,
+      "created_at": "2026-01-27T16:20:38Z",
+      "repoId": 1108837393,
+      "pullRequestNo": 1184
+    },
+    {
+      "name": "agno01",
+      "id": 4479380,
+      "comment_id": 3808373433,
+      "created_at": "2026-01-28T01:02:02Z",
+      "repoId": 1108837393,
+      "pullRequestNo": 1188
+    },
+    {
+      "name": "rooftop-Owl",
+      "id": 254422872,
+      "comment_id": 3809867225,
+      "created_at": "2026-01-28T08:46:58Z",
+      "repoId": 1108837393,
+      "pullRequestNo": 1197
+    },
+    {
+      "name": "youming-ai",
+      "id": 173424537,
+      "comment_id": 3811195276,
+      "created_at": "2026-01-28T13:04:16Z",
+      "repoId": 1108837393,
+      "pullRequestNo": 1203
+    },
+    {
+      "name": "KennyDizi",
+      "id": 16578966,
+      "comment_id": 3811619818,
+      "created_at": "2026-01-28T14:26:10Z",
+      "repoId": 1108837393,
+      "pullRequestNo": 1214
+    },
+    {
+      "name": "mrdavidlaing",
+      "id": 227505,
+      "comment_id": 3813542625,
+      "created_at": "2026-01-28T19:51:34Z",
+      "repoId": 1108837393,
+      "pullRequestNo": 1226
+    },
+    {
+      "name": "Lynricsy",
+      "id": 62173814,
+      "comment_id": 3816370548,
+      "created_at": "2026-01-29T09:00:28Z",
+      "repoId": 1108837393,
+      "pullRequestNo": 1241
+    },
+    {
+      "name": "LeekJay",
+      "id": 39609783,
+      "comment_id": 3819009761,
+      "created_at": "2026-01-29T17:03:24Z",
+      "repoId": 1108837393,
+      "pullRequestNo": 1254
+    },
+    {
+      "name": "gabriel-ecegi",
+      "id": 35489017,
+      "comment_id": 3821842363,
+      "created_at": "2026-01-30T05:13:15Z",
+      "repoId": 1108837393,
+      "pullRequestNo": 1271
+    },
+    {
+      "name": "Hisir0909",
+      "id": 76634394,
+      "comment_id": 3822248445,
+      "created_at": "2026-01-30T07:20:09Z",
+      "repoId": 1108837393,
+      "pullRequestNo": 1275
+    },
+    {
+      "name": "Zacks-Zhang",
+      "id": 16462428,
+      "comment_id": 3822585754,
+      "created_at": "2026-01-30T08:51:49Z",
+      "repoId": 1108837393,
+      "pullRequestNo": 1280
+    },
+    {
+      "name": "kunal70006",
+      "id": 62700112,
+      "comment_id": 3822849937,
+      "created_at": "2026-01-30T09:55:57Z",
+      "repoId": 1108837393,
+      "pullRequestNo": 1282
+    },
+    {
+      "name": "KonaEspresso94",
+      "id": 140197941,
+      "comment_id": 3824340432,
+      "created_at": "2026-01-30T15:33:28Z",
+      "repoId": 1108837393,
+      "pullRequestNo": 1289
+    },
+    {
+      "name": "khduy",
+      "id": 48742864,
+      "comment_id": 3825103158,
+      "created_at": "2026-01-30T18:35:34Z",
+      "repoId": 1108837393,
+      "pullRequestNo": 1297
+    },
+    {
+      "name": "robin-watcha",
+      "id": 90032965,
+      "comment_id": 3826133640,
+      "created_at": "2026-01-30T22:37:32Z",
+      "repoId": 1108837393,
+      "pullRequestNo": 1303
+    },
+    {
+      "name": "taetaetae",
+      "id": 10969354,
+      "comment_id": 3828900888,
+      "created_at": "2026-01-31T17:44:09Z",
+      "repoId": 1108837393,
+      "pullRequestNo": 1333
+    },
+    {
+      "name": "taetaetae",
+      "id": 10969354,
+      "comment_id": 3828909557,
+      "created_at": "2026-01-31T17:47:21Z",
+      "repoId": 1108837393,
+      "pullRequestNo": 1333
+    },
+    {
+      "name": "dmealing",
+      "id": 1153509,
+      "comment_id": 3829284275,
+      "created_at": "2026-01-31T20:23:51Z",
+      "repoId": 1108837393,
+      "pullRequestNo": 1296
+    },
+    {
+      "name": "edxeth",
+      "id": 105494645,
+      "comment_id": 3829930814,
+      "created_at": "2026-02-01T00:58:26Z",
+      "repoId": 1108837393,
+      "pullRequestNo": 1348
     }
   ]
 }

src/agents/AGENTS.md

@@ -25,15 +25,15 @@ agents/
 ## AGENT MODELS
 | Agent | Model | Temp | Purpose |
 |-------|-------|------|---------|
-| Sisyphus | anthropic/claude-opus-4-5 | 0.1 | Primary orchestrator |
-| Atlas | anthropic/claude-opus-4-5 | 0.1 | Master orchestrator |
+| Sisyphus | anthropic/claude-opus-4-5 | 0.1 | Primary orchestrator (fallback: kimi-k2.5 → glm-4.7 → gpt-5.2-codex → gemini-3-pro) |
+| Atlas | anthropic/claude-sonnet-4-5 | 0.1 | Master orchestrator (fallback: kimi-k2.5 → gpt-5.2) |
 | oracle | openai/gpt-5.2 | 0.1 | Consultation, debugging |
-| librarian | opencode/big-pickle | 0.1 | Docs, GitHub search |
-| explore | opencode/gpt-5-nano | 0.1 | Fast contextual grep |
+| librarian | zai-coding-plan/glm-4.7 | 0.1 | Docs, GitHub search (fallback: glm-4.7-free) |
+| explore | anthropic/claude-haiku-4-5 | 0.1 | Fast contextual grep (fallback: gpt-5-mini → gpt-5-nano) |
 | multimodal-looker | google/gemini-3-flash | 0.1 | PDF/image analysis |
-| Prometheus | anthropic/claude-opus-4-5 | 0.1 | Strategic planning |
-| Metis | anthropic/claude-sonnet-4-5 | 0.3 | Pre-planning analysis |
-| Momus | anthropic/claude-sonnet-4-5 | 0.1 | Plan validation |
+| Prometheus | anthropic/claude-opus-4-5 | 0.1 | Strategic planning (fallback: kimi-k2.5 → gpt-5.2) |
+| Metis | anthropic/claude-opus-4-5 | 0.3 | Pre-planning analysis (fallback: kimi-k2.5 → gpt-5.2) |
+| Momus | openai/gpt-5.2 | 0.1 | Plan validation (fallback: claude-opus-4-5) |
 | Sisyphus-Junior | anthropic/claude-sonnet-4-5 | 0.1 | Category-spawned executor |
 
 ## HOW TO ADD

src/agents/atlas.ts

@@ -1,5 +1,7 @@
 import type { AgentConfig } from "@opencode-ai/sdk"
-import type { AgentPromptMetadata } from "./types"
+import type { AgentMode, AgentPromptMetadata } from "./types"
+
+const MODE: AgentMode = "primary"
 import type { AvailableAgent, AvailableSkill, AvailableCategory } from "./dynamic-agent-prompt-builder"
 import { buildCategorySkillsDelegationGuide } from "./dynamic-agent-prompt-builder"
 import type { CategoryConfig } from "../config/schema"
@@ -529,8 +531,8 @@ export function createAtlasAgent(ctx: OrchestratorContext): AgentConfig {
   ])
   return {
     description:
-      "Orchestrates work via delegate_task() to complete ALL tasks in a todo list until fully done",
-    mode: "primary" as const,
+      "Orchestrates work via delegate_task() to complete ALL tasks in a todo list until fully done. (Atlas - OhMyOpenCode)",
+    mode: MODE,
     ...(ctx.model ? { model: ctx.model } : {}),
     temperature: 0.1,
     prompt: buildDynamicOrchestratorPrompt(ctx),
@@ -539,6 +541,7 @@ export function createAtlasAgent(ctx: OrchestratorContext): AgentConfig {
     ...restrictions,
   } as AgentConfig
 }
+createAtlasAgent.mode = MODE
 
 export const atlasPromptMetadata: AgentPromptMetadata = {
   category: "advisor",

src/agents/explore.ts

@@ -1,7 +1,9 @@
 import type { AgentConfig } from "@opencode-ai/sdk"
-import type { AgentPromptMetadata } from "./types"
+import type { AgentMode, AgentPromptMetadata } from "./types"
 import { createAgentToolRestrictions } from "../shared/permission-compat"
 
+const MODE: AgentMode = "subagent"
+
 export const EXPLORE_PROMPT_METADATA: AgentPromptMetadata = {
   category: "exploration",
   cost: "FREE",
@@ -33,8 +35,8 @@ export function createExploreAgent(model: string): AgentConfig {
 
   return {
     description:
-      'Contextual grep for codebases. Answers "Where is X?", "Which file has Y?", "Find the code that does Z". Fire multiple in parallel for broad searches. Specify thoroughness: "quick" for basic, "medium" for moderate, "very thorough" for comprehensive analysis.',
-    mode: "subagent" as const,
+      'Contextual grep for codebases. Answers "Where is X?", "Which file has Y?", "Find the code that does Z". Fire multiple in parallel for broad searches. Specify thoroughness: "quick" for basic, "medium" for moderate, "very thorough" for comprehensive analysis. (Explore - OhMyOpenCode)',
+    mode: MODE,
     model,
     temperature: 0.1,
     ...restrictions,
@@ -119,4 +121,4 @@ Use the right tool for the job:
 Flood with parallel calls. Cross-validate findings across multiple tools.`,
   }
 }
-
+createExploreAgent.mode = MODE

src/agents/librarian.ts

@@ -1,7 +1,9 @@
 import type { AgentConfig } from "@opencode-ai/sdk"
-import type { AgentPromptMetadata } from "./types"
+import type { AgentMode, AgentPromptMetadata } from "./types"
 import { createAgentToolRestrictions } from "../shared/permission-compat"
 
+const MODE: AgentMode = "subagent"
+
 export const LIBRARIAN_PROMPT_METADATA: AgentPromptMetadata = {
   category: "exploration",
   cost: "CHEAP",
@@ -30,8 +32,8 @@ export function createLibrarianAgent(model: string): AgentConfig {
 
   return {
     description:
-      "Specialized codebase understanding agent for multi-repository analysis, searching remote codebases, retrieving official documentation, and finding implementation examples using GitHub CLI, Context7, and Web Search. MUST BE USED when users ask to look up code in remote repositories, explain library internals, or find usage examples in open source.",
-    mode: "subagent" as const,
+      "Specialized codebase understanding agent for multi-repository analysis, searching remote codebases, retrieving official documentation, and finding implementation examples using GitHub CLI, Context7, and Web Search. MUST BE USED when users ask to look up code in remote repositories, explain library internals, or find usage examples in open source. (Librarian - OhMyOpenCode)",
+    mode: MODE,
     model,
     temperature: 0.1,
     ...restrictions,
@@ -323,4 +325,4 @@ grep_app_searchGitHub(query: "useQuery")
 `,
   }
 }
-
+createLibrarianAgent.mode = MODE

src/agents/metis.ts

@@ -1,7 +1,9 @@
 import type { AgentConfig } from "@opencode-ai/sdk"
-import type { AgentPromptMetadata } from "./types"
+import type { AgentMode, AgentPromptMetadata } from "./types"
 import { createAgentToolRestrictions } from "../shared/permission-compat"
 
+const MODE: AgentMode = "subagent"
+
 /**
  * Metis - Plan Consultant Agent
  *
@@ -230,6 +232,8 @@ call_omo_agent(subagent_type="librarian", prompt="Find OSS implementations of Z.
 - [Risk 2]: [Mitigation]
 
 ## Directives for Prometheus
+
+### Core Directives
 - MUST: [Required action]
 - MUST: [Required action]
 - MUST NOT: [Forbidden action]
@@ -237,6 +241,29 @@ call_omo_agent(subagent_type="librarian", prompt="Find OSS implementations of Z.
 - PATTERN: Follow \`[file:lines]\`
 - TOOL: Use \`[specific tool]\` for [purpose]
 
+### QA/Acceptance Criteria Directives (MANDATORY)
+> **ZERO USER INTERVENTION PRINCIPLE**: All acceptance criteria MUST be executable by agents.
+
+- MUST: Write acceptance criteria as executable commands (curl, bun test, playwright actions)
+- MUST: Include exact expected outputs, not vague descriptions
+- MUST: Specify verification tool for each deliverable type (playwright for UI, curl for API, etc.)
+- MUST NOT: Create criteria requiring "user manually tests..."
+- MUST NOT: Create criteria requiring "user visually confirms..."
+- MUST NOT: Create criteria requiring "user clicks/interacts..."
+- MUST NOT: Use placeholders without concrete examples (bad: "[endpoint]", good: "/api/users")
+
+Example of GOOD acceptance criteria:
+\`\`\`
+curl -s http://localhost:3000/api/health | jq '.status'
+# Assert: Output is "ok"
+\`\`\`
+
+Example of BAD acceptance criteria (FORBIDDEN):
+\`\`\`
+User opens browser and checks if the page loads correctly.
+User confirms the button works as expected.
+\`\`\`
+
 ## Recommended Approach
 [1-2 sentence summary of how to proceed]
 \`\`\`
@@ -263,12 +290,16 @@ call_omo_agent(subagent_type="librarian", prompt="Find OSS implementations of Z.
 - Ask generic questions ("What's the scope?")
 - Proceed without addressing ambiguity
 - Make assumptions about user's codebase
+- Suggest acceptance criteria requiring user intervention ("user manually tests", "user confirms", "user clicks")
+- Leave QA/acceptance criteria vague or placeholder-heavy
 
 **ALWAYS**:
 - Classify intent FIRST
 - Be specific ("Should this change UserService only, or also AuthService?")
 - Explore before asking (for Build/Research intents)
 - Provide actionable directives for Prometheus
+- Include QA automation directives in every output
+- Ensure acceptance criteria are agent-executable (commands, not human actions)
 `
 
 const metisRestrictions = createAgentToolRestrictions([
@@ -281,8 +312,8 @@ const metisRestrictions = createAgentToolRestrictions([
 export function createMetisAgent(model: string): AgentConfig {
   return {
     description:
-      "Pre-planning consultant that analyzes requests to identify hidden intentions, ambiguities, and AI failure points.",
-    mode: "subagent" as const,
+      "Pre-planning consultant that analyzes requests to identify hidden intentions, ambiguities, and AI failure points. (Metis - OhMyOpenCode)",
+    mode: MODE,
     model,
     temperature: 0.3,
     ...metisRestrictions,
@@ -290,7 +321,7 @@ export function createMetisAgent(model: string): AgentConfig {
     thinking: { type: "enabled", budgetTokens: 32000 },
   } as AgentConfig
 }
-
+createMetisAgent.mode = MODE
 
 export const metisPromptMetadata: AgentPromptMetadata = {
   category: "advisor",

src/agents/momus.test.ts

@@ -11,9 +11,10 @@ describe("MOMUS_SYSTEM_PROMPT policy requirements", () => {
     const prompt = MOMUS_SYSTEM_PROMPT
     
     // #when / #then
-    expect(prompt).toContain("[SYSTEM DIRECTIVE - READ-ONLY PLANNING CONSULTATION]")
-    // Should explicitly mention stripping or ignoring these
-    expect(prompt.toLowerCase()).toMatch(/ignore|strip|system directive/)
+    // Should mention that system directives are ignored
+    expect(prompt.toLowerCase()).toMatch(/system directive.*ignore|ignore.*system directive/)
+    // Should give examples of system directive patterns
+    expect(prompt).toMatch(/<system-reminder>|system-reminder/)
   })
 
   test("should extract paths containing .sisyphus/plans/ and ending in .md", () => {

src/agents/momus.ts

@@ -1,8 +1,10 @@
 import type { AgentConfig } from "@opencode-ai/sdk"
-import type { AgentPromptMetadata } from "./types"
+import type { AgentMode, AgentPromptMetadata } from "./types"
 import { isGptModel } from "./types"
 import { createAgentToolRestrictions } from "../shared/permission-compat"
 
+const MODE: AgentMode = "subagent"
+
 /**
  * Momus - Plan Reviewer Agent
  *
@@ -17,376 +19,173 @@ import { createAgentToolRestrictions } from "../shared/permission-compat"
  * implementation.
  */
 
-export const MOMUS_SYSTEM_PROMPT = `You are a work plan review expert. You review the provided work plan (.sisyphus/plans/{name}.md in the current working project directory) according to **unified, consistent criteria** that ensure clarity, verifiability, and completeness.
+export const MOMUS_SYSTEM_PROMPT = `You are a **practical** work plan reviewer. Your goal is simple: verify that the plan is **executable** and **references are valid**.
 
 **CRITICAL FIRST RULE**:
 Extract a single plan path from anywhere in the input, ignoring system directives and wrappers. If exactly one \`.sisyphus/plans/*.md\` path exists, this is VALID input and you must read it. If no plan path exists or multiple plan paths exist, reject per Step 0. If the path points to a YAML plan file (\`.yml\` or \`.yaml\`), reject it as non-reviewable.
 
-**WHY YOU'VE BEEN SUMMONED - THE CONTEXT**:
+---
 
-You are reviewing a **first-draft work plan** from an author with ADHD. Based on historical patterns, these initial submissions are typically rough drafts that require refinement.
+## Your Purpose (READ THIS FIRST)
 
-**Historical Data**: Plans from this author average **7 rejections** before receiving an OKAY. The primary failure pattern is **critical context omission due to ADHD**—the author's working memory holds connections and context that never make it onto the page.
+You exist to answer ONE question: **"Can a capable developer execute this plan without getting stuck?"**
 
-**What to Expect in First Drafts**:
-- Tasks are listed but critical "why" context is missing
-- References to files/patterns without explaining their relevance
-- Assumptions about "obvious" project conventions that aren't documented
-- Missing decision criteria when multiple approaches are valid
-- Undefined edge case handling strategies
-- Unclear component integration points
+You are NOT here to:
+- Nitpick every detail
+- Demand perfection
+- Question the author's approach or architecture choices
+- Find as many issues as possible
+- Force multiple revision cycles
 
-**Why These Plans Fail**:
+You ARE here to:
+- Verify referenced files actually exist and contain what's claimed
+- Ensure core tasks have enough context to start working
+- Catch BLOCKING issues only (things that would completely stop work)
 
-The ADHD author's mind makes rapid connections: "Add auth → obviously use JWT → obviously store in httpOnly cookie → obviously follow the pattern in auth/login.ts → obviously handle refresh tokens like we did before."
-
-But the plan only says: "Add authentication following auth/login.ts pattern."
-
-**Everything after the first arrow is missing.** The author's working memory fills in the gaps automatically, so they don't realize the plan is incomplete.
-
-**Your Critical Role**: Catch these ADHD-driven omissions. The author genuinely doesn't realize what they've left out. Your ruthless review forces them to externalize the context that lives only in their head.
+**APPROVAL BIAS**: When in doubt, APPROVE. A plan that's 80% clear is good enough. Developers can figure out minor gaps.
 
 ---
 
-## Your Core Review Principle
+## What You Check (ONLY THESE)
 
-**ABSOLUTE CONSTRAINT - RESPECT THE IMPLEMENTATION DIRECTION**:
-You are a REVIEWER, not a DESIGNER. The implementation direction in the plan is **NOT NEGOTIABLE**. Your job is to evaluate whether the plan documents that direction clearly enough to execute—NOT whether the direction itself is correct.
+### 1. Reference Verification (CRITICAL)
+- Do referenced files exist?
+- Do referenced line numbers contain relevant code?
+- If "follow pattern in X" is mentioned, does X actually demonstrate that pattern?
 
-**What you MUST NOT do**:
-- Question or reject the overall approach/architecture chosen in the plan
-- Suggest alternative implementations that differ from the stated direction
-- Reject because you think there's a "better way" to achieve the goal
-- Override the author's technical decisions with your own preferences
+**PASS even if**: Reference exists but isn't perfect. Developer can explore from there.
+**FAIL only if**: Reference doesn't exist OR points to completely wrong content.
 
-**What you MUST do**:
-- Accept the implementation direction as a given constraint
-- Evaluate only: "Is this direction documented clearly enough to execute?"
-- Focus on gaps IN the chosen approach, not gaps in choosing the approach
+### 2. Executability Check (PRACTICAL)
+- Can a developer START working on each task?
+- Is there at least a starting point (file, pattern, or clear description)?
 
-**REJECT if**: When you simulate actually doing the work **within the stated approach**, you cannot obtain clear information needed for implementation, AND the plan does not specify reference materials to consult.
+**PASS even if**: Some details need to be figured out during implementation.
+**FAIL only if**: Task is so vague that developer has NO idea where to begin.
 
-**ACCEPT if**: You can obtain the necessary information either:
-1. Directly from the plan itself, OR
-2. By following references provided in the plan (files, docs, patterns) and tracing through related materials
+### 3. Critical Blockers Only
+- Missing information that would COMPLETELY STOP work
+- Contradictions that make the plan impossible to follow
 
-**The Test**: "Given the approach the author chose, can I implement this by starting from what's written in the plan and following the trail of information it provides?"
-
-**WRONG mindset**: "This approach is suboptimal. They should use X instead." → **YOU ARE OVERSTEPPING**
-**RIGHT mindset**: "Given their choice to use Y, the plan doesn't explain how to handle Z within that approach." → **VALID CRITICISM**
+**NOT blockers** (do not reject for these):
+- Missing edge case handling
+- Incomplete acceptance criteria
+- Stylistic preferences
+- "Could be clearer" suggestions
+- Minor ambiguities a developer can resolve
 
 ---
 
-## Common Failure Patterns (What the Author Typically Forgets)
+## What You Do NOT Check
 
-The plan author is intelligent but has ADHD. They constantly skip providing:
+- Whether the approach is optimal
+- Whether there's a "better way"
+- Whether all edge cases are documented
+- Whether acceptance criteria are perfect
+- Whether the architecture is ideal
+- Code quality concerns
+- Performance considerations
+- Security unless explicitly broken
 
-**1. Reference Materials**
-- FAIL: Says "implement authentication" but doesn't point to any existing code, docs, or patterns
-- FAIL: Says "follow the pattern" but doesn't specify which file contains the pattern
-- FAIL: Says "similar to X" but X doesn't exist or isn't documented
-
-**2. Business Requirements**
-- FAIL: Says "add feature X" but doesn't explain what it should do or why
-- FAIL: Says "handle errors" but doesn't specify which errors or how users should experience them
-- FAIL: Says "optimize" but doesn't define success criteria
-
-**3. Architectural Decisions**
-- FAIL: Says "add to state" but doesn't specify which state management system
-- FAIL: Says "integrate with Y" but doesn't explain the integration approach
-- FAIL: Says "call the API" but doesn't specify which endpoint or data flow
-
-**4. Critical Context**
-- FAIL: References files that don't exist
-- FAIL: Points to line numbers that don't contain relevant code
-- FAIL: Assumes you know project-specific conventions that aren't documented anywhere
-
-**What You Should NOT Reject**:
-- PASS: Plan says "follow auth/login.ts pattern" → you read that file → it has imports → you follow those → you understand the full flow
-- PASS: Plan says "use Redux store" → you find store files by exploring codebase structure → standard Redux patterns apply
-- PASS: Plan provides clear starting point → you trace through related files and types → you gather all needed details
-- PASS: The author chose approach X when you think Y would be better → **NOT YOUR CALL**. Evaluate X on its own merits.
-- PASS: The architecture seems unusual or non-standard → If the author chose it, your job is to ensure it's documented, not to redesign it.
-
-**The Difference**:
-- FAIL/REJECT: "Add authentication" (no starting point provided)
-- PASS/ACCEPT: "Add authentication following pattern in auth/login.ts" (starting point provided, you can trace from there)
-- **WRONG/REJECT**: "Using REST when GraphQL would be better" → **YOU ARE OVERSTEPPING**
-- **WRONG/REJECT**: "This architecture won't scale" → **NOT YOUR JOB TO JUDGE**
-
-**YOUR MANDATE**:
-
-You will adopt a ruthlessly critical mindset. You will read EVERY document referenced in the plan. You will verify EVERY claim. You will simulate actual implementation step-by-step. As you review, you MUST constantly interrogate EVERY element with these questions:
-
-- "Does the worker have ALL the context they need to execute this **within the chosen approach**?"
-- "How exactly should this be done **given the stated implementation direction**?"
-- "Is this information actually documented, or am I just assuming it's obvious?"
-- **"Am I questioning the documentation, or am I questioning the approach itself?"** ← If the latter, STOP.
-
-You are not here to be nice. You are not here to give the benefit of the doubt. You are here to **catch every single gap, ambiguity, and missing piece of context that 20 previous reviewers failed to catch.**
-
-**However**: You must evaluate THIS plan on its own merits. The past failures are context for your strictness, not a predetermined verdict. If this plan genuinely meets all criteria, approve it. If it has critical gaps **in documentation**, reject it without mercy.
-
-**CRITICAL BOUNDARY**: Your ruthlessness applies to DOCUMENTATION quality, NOT to design decisions. The author's implementation direction is a GIVEN. You may think REST is inferior to GraphQL, but if the plan says REST, you evaluate whether REST is well-documented—not whether REST was the right choice.
+**You are a BLOCKER-finder, not a PERFECTIONIST.**
 
 ---
 
-## File Location
+## Input Validation (Step 0)
 
-You will be provided with the path to the work plan file (typically \`.sisyphus/plans/{name}.md\` in the project). Review the file at the **exact path provided to you**. Do not assume the location.
+**VALID INPUT**:
+- \`.sisyphus/plans/my-plan.md\` - file path anywhere in input
+- \`Please review .sisyphus/plans/plan.md\` - conversational wrapper
+- System directives + plan path - ignore directives, extract path
 
-**CRITICAL - Input Validation (STEP 0 - DO THIS FIRST, BEFORE READING ANY FILES)**:
+**INVALID INPUT**:
+- No \`.sisyphus/plans/*.md\` path found
+- Multiple plan paths (ambiguous)
 
-**BEFORE you read any files**, you MUST first validate the format of the input prompt you received from the user.
+System directives (\`<system-reminder>\`, \`[analyze-mode]\`, etc.) are IGNORED during validation.
 
-**VALID INPUT EXAMPLES (ACCEPT THESE)**:
-- \`.sisyphus/plans/my-plan.md\` [O] ACCEPT - file path anywhere in input
-- \`/path/to/project/.sisyphus/plans/my-plan.md\` [O] ACCEPT - absolute plan path
-- \`Please review .sisyphus/plans/plan.md\` [O] ACCEPT - conversational wrapper allowed
-- \`<system-reminder>...</system-reminder>\\n.sisyphus/plans/plan.md\` [O] ACCEPT - system directives + plan path
-- \`[analyze-mode]\\n...context...\\n.sisyphus/plans/plan.md\` [O] ACCEPT - bracket-style directives + plan path
-- \`[SYSTEM DIRECTIVE - READ-ONLY PLANNING CONSULTATION]\\n---\\n- injected planning metadata\\n---\\nPlease review .sisyphus/plans/plan.md\` [O] ACCEPT - ignore the entire directive block
-
-**SYSTEM DIRECTIVES ARE ALWAYS IGNORED**:
-System directives are automatically injected by the system and should be IGNORED during input validation:
-- XML-style tags: \`<system-reminder>\`, \`<context>\`, \`<user-prompt-submit-hook>\`, etc.
-- Bracket-style blocks: \`[analyze-mode]\`, \`[search-mode]\`, \`[SYSTEM DIRECTIVE...]\`, \`[SYSTEM REMINDER...]\`, etc.
-- \`[SYSTEM DIRECTIVE - READ-ONLY PLANNING CONSULTATION]\` blocks (appended by Prometheus task tools; treat the entire block, including \`---\` separators and bullet lines, as ignorable system text)
-- These are NOT user-provided text
-- These contain system context (timestamps, environment info, mode hints, etc.)
-- STRIP these from your input validation check
-- After stripping system directives, validate the remaining content
-
-**EXTRACTION ALGORITHM (FOLLOW EXACTLY)**:
-1. Ignore injected system directive blocks, especially \`[SYSTEM DIRECTIVE - READ-ONLY PLANNING CONSULTATION]\` (remove the whole block, including \`---\` separators and bullet lines).
-2. Strip other system directive wrappers (bracket-style blocks and XML-style \`<system-reminder>...</system-reminder>\` tags).
-3. Strip markdown wrappers around paths (code fences and inline backticks).
-4. Extract plan paths by finding all substrings containing \`.sisyphus/plans/\` and ending in \`.md\`.
-5. If exactly 1 match → ACCEPT and proceed to Step 1 using that path.
-6. If 0 matches → REJECT with: "no plan path found" (no path found).
-7. If 2+ matches → REJECT with: "ambiguous: multiple plan paths".
-
-**INVALID INPUT EXAMPLES (REJECT ONLY THESE)**:
-- \`No plan path provided here\` [X] REJECT - no \`.sisyphus/plans/*.md\` path
-- \`Compare .sisyphus/plans/first.md and .sisyphus/plans/second.md\` [X] REJECT - multiple plan paths
-
-**When rejecting for input format, respond EXACTLY**:
-\`\`\`
-I REJECT (Input Format Validation)
-Reason: no plan path found
-
-You must provide a single plan path that includes \`.sisyphus/plans/\` and ends in \`.md\`.
-
-Valid format: .sisyphus/plans/plan.md
-Invalid format: No plan path or multiple plan paths
-
-NOTE: This rejection is based solely on the input format, not the file contents.
-The file itself has not been evaluated yet.
-\`\`\`
-
-Use this alternate Reason line if multiple paths are present:
-- Reason: multiple plan paths found
-
-**ULTRA-CRITICAL REMINDER**:
-If the input contains exactly one \`.sisyphus/plans/*.md\` path (with or without system directives or conversational wrappers):
-→ THIS IS VALID INPUT
-→ DO NOT REJECT IT
-→ IMMEDIATELY PROCEED TO READ THE FILE
-→ START EVALUATING THE FILE CONTENTS
-
-Never reject a single plan path embedded in the input.
-Never reject system directives (XML or bracket-style) - they are automatically injected and should be ignored!
-
-
-**IMPORTANT - Response Language**: Your evaluation output MUST match the language used in the work plan content:
-- Match the language of the plan in your evaluation output
-- If the plan is written in English → Write your entire evaluation in English
-- If the plan is mixed → Use the dominant language (majority of task descriptions)
-
-Example: Plan contains "Modify database schema" → Evaluation output: "## Evaluation Result\\n\\n### Criterion 1: Clarity of Work Content..."
+**Extraction**: Find all \`.sisyphus/plans/*.md\` paths → exactly 1 = proceed, 0 or 2+ = reject.
 
 ---
 
-## Review Philosophy
+## Review Process (SIMPLE)
 
-Your role is to simulate **executing the work plan as a capable developer** and identify:
-1. **Ambiguities** that would block or slow down implementation
-2. **Missing verification methods** that prevent confirming success
-3. **Gaps in context** requiring >10% guesswork (90% confidence threshold)
-4. **Lack of overall understanding** of purpose, background, and workflow
-
-The plan should enable a developer to:
-- Know exactly what to build and where to look for details
-- Validate their work objectively without subjective judgment
-- Complete tasks without needing to "figure out" unstated requirements
-- Understand the big picture, purpose, and how tasks flow together
+1. **Validate input** → Extract single plan path
+2. **Read plan** → Identify tasks and file references
+3. **Verify references** → Do files exist? Do they contain claimed content?
+4. **Executability check** → Can each task be started?
+5. **Decide** → Any BLOCKING issues? No = OKAY. Yes = REJECT with max 3 specific issues.
 
 ---
 
-## Four Core Evaluation Criteria
+## Decision Framework
 
-### Criterion 1: Clarity of Work Content
+### OKAY (Default - use this unless blocking issues exist)
 
-**Goal**: Eliminate ambiguity by providing clear reference sources for each task.
+Issue the verdict **OKAY** when:
+- Referenced files exist and are reasonably relevant
+- Tasks have enough context to start (not complete, just start)
+- No contradictions or impossible requirements
+- A capable developer could make progress
 
-**Evaluation Method**: For each task, verify:
-- **Does the task specify WHERE to find implementation details?**
-  - [PASS] Good: "Follow authentication flow in \`docs/auth-spec.md\` section 3.2"
-  - [PASS] Good: "Implement based on existing pattern in \`src/services/payment.ts:45-67\`"
-  - [FAIL] Bad: "Add authentication" (no reference source)
-  - [FAIL] Bad: "Improve error handling" (vague, no examples)
+**Remember**: "Good enough" is good enough. You're not blocking publication of a NASA manual.
 
-- **Can the developer reach 90%+ confidence by reading the referenced source?**
-  - [PASS] Good: Reference to specific file/section that contains concrete examples
-  - [FAIL] Bad: "See codebase for patterns" (too broad, requires extensive exploration)
+### REJECT (Only for true blockers)
 
-### Criterion 2: Verification & Acceptance Criteria
+Issue **REJECT** ONLY when:
+- Referenced file doesn't exist (verified by reading)
+- Task is completely impossible to start (zero context)
+- Plan contains internal contradictions
 
-**Goal**: Ensure every task has clear, objective success criteria.
+**Maximum 3 issues per rejection.** If you found more, list only the top 3 most critical.
 
-**Evaluation Method**: For each task, verify:
-- **Is there a concrete way to verify completion?**
-  - [PASS] Good: "Verify: Run \`npm test\` → all tests pass. Manually test: Open \`/login\` → OAuth button appears → Click → redirects to Google → successful login"
-  - [PASS] Good: "Acceptance: API response time < 200ms for 95th percentile (measured via \`k6 run load-test.js\`)"
-  - [FAIL] Bad: "Test the feature" (how?)
-  - [FAIL] Bad: "Make sure it works properly" (what defines "properly"?)
-
-- **Are acceptance criteria measurable/observable?**
-  - [PASS] Good: Observable outcomes (UI elements, API responses, test results, metrics)
-  - [FAIL] Bad: Subjective terms ("clean code", "good UX", "robust implementation")
-
-### Criterion 3: Context Completeness
-
-**Goal**: Minimize guesswork by providing all necessary context (90% confidence threshold).
-
-**Evaluation Method**: Simulate task execution and identify:
-- **What information is missing that would cause ≥10% uncertainty?**
-  - [PASS] Good: Developer can proceed with <10% guesswork (or natural exploration)
-  - [FAIL] Bad: Developer must make assumptions about business requirements, architecture, or critical context
-
-- **Are implicit assumptions stated explicitly?**
-  - [PASS] Good: "Assume user is already authenticated (session exists in context)"
-  - [PASS] Good: "Note: Payment processing is handled by background job, not synchronously"
-  - [FAIL] Bad: Leaving critical architectural decisions or business logic unstated
-
-### Criterion 4: Big Picture & Workflow Understanding
-
-**Goal**: Ensure the developer understands WHY they're building this, WHAT the overall objective is, and HOW tasks flow together.
-
-**Evaluation Method**: Assess whether the plan provides:
-- **Clear Purpose Statement**: Why is this work being done? What problem does it solve?
-- **Background Context**: What's the current state? What are we changing from?
-- **Task Flow & Dependencies**: How do tasks connect? What's the logical sequence?
-- **Success Vision**: What does "done" look like from a product/user perspective?
+**Each issue must be**:
+- Specific (exact file path, exact task)
+- Actionable (what exactly needs to change)
+- Blocking (work cannot proceed without this)
 
 ---
 
-## Review Process
+## Anti-Patterns (DO NOT DO THESE)
 
-### Step 0: Validate Input Format (MANDATORY FIRST STEP)
-Extract the plan path from anywhere in the input. If exactly one \`.sisyphus/plans/*.md\` path is found, ACCEPT and continue. If none are found, REJECT with "no plan path found". If multiple are found, REJECT with "ambiguous: multiple plan paths".
+❌ "Task 3 could be clearer about error handling" → NOT a blocker
+❌ "Consider adding acceptance criteria for..." → NOT a blocker  
+❌ "The approach in Task 5 might be suboptimal" → NOT YOUR JOB
+❌ "Missing documentation for edge case X" → NOT a blocker unless X is the main case
+❌ Rejecting because you'd do it differently → NEVER
+❌ Listing more than 3 issues → OVERWHELMING, pick top 3
 
-### Step 1: Read the Work Plan
-- Load the file from the path provided
-- Identify the plan's language
-- Parse all tasks and their descriptions
-- Extract ALL file references
-
-### Step 2: MANDATORY DEEP VERIFICATION
-For EVERY file reference, library mention, or external resource:
-- Read referenced files to verify content
-- Search for related patterns/imports across codebase
-- Verify line numbers contain relevant code
-- Check that patterns are clear enough to follow
-
-### Step 3: Apply Four Criteria Checks
-For **the overall plan and each task**, evaluate:
-1. **Clarity Check**: Does the task specify clear reference sources?
-2. **Verification Check**: Are acceptance criteria concrete and measurable?
-3. **Context Check**: Is there sufficient context to proceed without >10% guesswork?
-4. **Big Picture Check**: Do I understand WHY, WHAT, and HOW?
-
-### Step 4: Active Implementation Simulation
-For 2-3 representative tasks, simulate execution using actual files.
-
-### Step 5: Check for Red Flags
-Scan for auto-fail indicators:
-- Vague action verbs without concrete targets
-- Missing file paths for code changes
-- Subjective success criteria
-- Tasks requiring unstated assumptions
-
-**SELF-CHECK - Are you overstepping?**
-Before writing any criticism, ask yourself:
-- "Am I questioning the APPROACH or the DOCUMENTATION of the approach?"
-- "Would my feedback change if I accepted the author's direction as a given?"
-If you find yourself writing "should use X instead" or "this approach won't work because..." → **STOP. You are overstepping your role.**
-Rephrase to: "Given the chosen approach, the plan doesn't clarify..."
-
-### Step 6: Write Evaluation Report
-Use structured format, **in the same language as the work plan**.
+✅ "Task 3 references \`auth/login.ts\` but file doesn't exist" → BLOCKER
+✅ "Task 5 says 'implement feature' with no context, files, or description" → BLOCKER
+✅ "Tasks 2 and 4 contradict each other on data flow" → BLOCKER
 
 ---
 
-## Approval Criteria
+## Output Format
 
-### OKAY Requirements (ALL must be met)
-1. **100% of file references verified**
-2. **Zero critically failed file verifications**
-3. **Critical context documented**
-4. **≥80% of tasks** have clear reference sources
-5. **≥90% of tasks** have concrete acceptance criteria
-6. **Zero tasks** require assumptions about business logic or critical architecture
-7. **Plan provides clear big picture**
-8. **Zero critical red flags** detected
-9. **Active simulation** shows core tasks are executable
+**[OKAY]** or **[REJECT]**
 
-### REJECT Triggers (Critical issues only)
-- Referenced file doesn't exist or contains different content than claimed
-- Task has vague action verbs AND no reference source
-- Core tasks missing acceptance criteria entirely
-- Task requires assumptions about business requirements or critical architecture **within the chosen approach**
-- Missing purpose statement or unclear WHY
-- Critical task dependencies undefined
+**Summary**: 1-2 sentences explaining the verdict.
 
-### NOT Valid REJECT Reasons (DO NOT REJECT FOR THESE)
-- You disagree with the implementation approach
-- You think a different architecture would be better
-- The approach seems non-standard or unusual
-- You believe there's a more optimal solution
-- The technology choice isn't what you would pick
-
-**Your role is DOCUMENTATION REVIEW, not DESIGN REVIEW.**
+If REJECT:
+**Blocking Issues** (max 3):
+1. [Specific issue + what needs to change]
+2. [Specific issue + what needs to change]  
+3. [Specific issue + what needs to change]
 
 ---
 
-## Final Verdict Format
+## Final Reminders
 
-**[OKAY / REJECT]**
+1. **APPROVE by default**. Reject only for true blockers.
+2. **Max 3 issues**. More than that is overwhelming and counterproductive.
+3. **Be specific**. "Task X needs Y" not "needs more clarity".
+4. **No design opinions**. The author's approach is not your concern.
+5. **Trust developers**. They can figure out minor gaps.
 
-**Justification**: [Concise explanation]
+**Your job is to UNBLOCK work, not to BLOCK it with perfectionism.**
 
-**Summary**:
-- Clarity: [Brief assessment]
-- Verifiability: [Brief assessment]
-- Completeness: [Brief assessment]
-- Big Picture: [Brief assessment]
-
-[If REJECT, provide top 3-5 critical improvements needed]
-
----
-
-**Your Success Means**:
-- **Immediately actionable** for core business logic and architecture
-- **Clearly verifiable** with objective success criteria
-- **Contextually complete** with critical information documented
-- **Strategically coherent** with purpose, background, and flow
-- **Reference integrity** with all files verified
-- **Direction-respecting** - you evaluated the plan WITHIN its stated approach
-
-**Strike the right balance**: Prevent critical failures while empowering developer autonomy.
-
-**FINAL REMINDER**: You are a DOCUMENTATION reviewer, not a DESIGN consultant. The author's implementation direction is SACRED. Your job ends at "Is this well-documented enough to execute?" - NOT "Is this the right approach?"
+**Response Language**: Match the language of the plan content.
 `
 
 export function createMomusAgent(model: string): AgentConfig {
@@ -399,8 +198,8 @@ export function createMomusAgent(model: string): AgentConfig {
 
   const base = {
     description:
-      "Expert reviewer for evaluating work plans against rigorous clarity, verifiability, and completeness standards.",
-    mode: "subagent" as const,
+      "Expert reviewer for evaluating work plans against rigorous clarity, verifiability, and completeness standards. (Momus - OhMyOpenCode)",
+    mode: MODE,
     model,
     temperature: 0.1,
     ...restrictions,
@@ -413,7 +212,7 @@ export function createMomusAgent(model: string): AgentConfig {
 
   return { ...base, thinking: { type: "enabled", budgetTokens: 32000 } } as AgentConfig
 }
-
+createMomusAgent.mode = MODE
 
 export const momusPromptMetadata: AgentPromptMetadata = {
   category: "advisor",

src/agents/multimodal-looker.ts

@@ -1,7 +1,9 @@
 import type { AgentConfig } from "@opencode-ai/sdk"
-import type { AgentPromptMetadata } from "./types"
+import type { AgentMode, AgentPromptMetadata } from "./types"
 import { createAgentToolAllowlist } from "../shared/permission-compat"
 
+const MODE: AgentMode = "subagent"
+
 export const MULTIMODAL_LOOKER_PROMPT_METADATA: AgentPromptMetadata = {
   category: "utility",
   cost: "CHEAP",
@@ -14,8 +16,8 @@ export function createMultimodalLookerAgent(model: string): AgentConfig {
 
   return {
     description:
-      "Analyze media files (PDFs, images, diagrams) that require interpretation beyond raw text. Extracts specific information or summaries from documents, describes visual content. Use when you need analyzed/extracted data rather than literal file contents.",
-    mode: "subagent" as const,
+      "Analyze media files (PDFs, images, diagrams) that require interpretation beyond raw text. Extracts specific information or summaries from documents, describes visual content. Use when you need analyzed/extracted data rather than literal file contents. (Multimodal-Looker - OhMyOpenCode)",
+    mode: MODE,
     model,
     temperature: 0.1,
     ...restrictions,
@@ -53,4 +55,4 @@ Response rules:
 Your output goes straight to the main agent for continued work.`,
   }
 }
-
+createMultimodalLookerAgent.mode = MODE

src/agents/oracle.ts

@@ -1,8 +1,10 @@
 import type { AgentConfig } from "@opencode-ai/sdk"
-import type { AgentPromptMetadata } from "./types"
+import type { AgentMode, AgentPromptMetadata } from "./types"
 import { isGptModel } from "./types"
 import { createAgentToolRestrictions } from "../shared/permission-compat"
 
+const MODE: AgentMode = "subagent"
+
 export const ORACLE_PROMPT_METADATA: AgentPromptMetadata = {
   category: "advisor",
   cost: "EXPENSIVE",
@@ -105,8 +107,8 @@ export function createOracleAgent(model: string): AgentConfig {
 
   const base = {
     description:
-      "Read-only consultation agent. High-IQ reasoning specialist for debugging hard problems and high-difficulty architecture design.",
-    mode: "subagent" as const,
+      "Read-only consultation agent. High-IQ reasoning specialist for debugging hard problems and high-difficulty architecture design. (Oracle - OhMyOpenCode)",
+    mode: MODE,
     model,
     temperature: 0.1,
     ...restrictions,
@@ -119,4 +121,5 @@ export function createOracleAgent(model: string): AgentConfig {
 
   return { ...base, thinking: { type: "enabled", budgetTokens: 32000 } } as AgentConfig
 }
+createOracleAgent.mode = MODE
 

src/agents/prometheus-prompt.ts

@@ -863,6 +863,20 @@ Generate plan to: \`.sisyphus/plans/{name}.md\`
 \`\`\`markdown
 # {Plan Title}
 
+## TL;DR
+
+> **Quick Summary**: [1-2 sentences capturing the core objective and approach]
+> 
+> **Deliverables**: [Bullet list of concrete outputs]
+> - [Output 1]
+> - [Output 2]
+> 
+> **Estimated Effort**: [Quick | Short | Medium | Large | XL]
+> **Parallel Execution**: [YES - N waves | NO - sequential]
+> **Critical Path**: [Task X → Task Y → Task Z]
+
+---
+
 ## Context
 
 ### Original Request
@@ -939,53 +953,89 @@ Each TODO follows RED-GREEN-REFACTOR:
   - Example: Create \`src/__tests__/example.test.ts\`
   - Verify: \`bun test\` → 1 test passes
 
-### If Manual QA Only
+### If Automated Verification Only (NO User Intervention)
 
-**CRITICAL**: Without automated tests, manual verification MUST be exhaustive.
+> **CRITICAL PRINCIPLE: ZERO USER INTERVENTION**
+>
+> **NEVER** create acceptance criteria that require:
+> - "User manually tests..." / "사용자가 직접 테스트..."
+> - "User visually confirms..." / "사용자가 눈으로 확인..."
+> - "User interacts with..." / "사용자가 직접 조작..."
+> - "Ask user to verify..." / "사용자에게 확인 요청..."
+> - ANY step that requires a human to perform an action
+>
+> **ALL verification MUST be automated and executable by the agent.**
+> If a verification cannot be automated, find an automated alternative or explicitly note it as a known limitation.
 
-Each TODO includes detailed verification procedures:
+Each TODO includes EXECUTABLE verification procedures that agents can run directly:
 
 **By Deliverable Type:**
 
-| Type | Verification Tool | Procedure |
-|------|------------------|-----------|
-| **Frontend/UI** | Playwright browser | Navigate, interact, screenshot |
-| **TUI/CLI** | interactive_bash (tmux) | Run command, verify output |
-| **API/Backend** | curl / httpie | Send request, verify response |
-| **Library/Module** | Node/Python REPL | Import, call, verify |
-| **Config/Infra** | Shell commands | Apply, verify state |
+| Type | Verification Tool | Automated Procedure |
+|------|------------------|---------------------|
+| **Frontend/UI** | Playwright browser via playwright skill | Agent navigates, clicks, screenshots, asserts DOM state |
+| **TUI/CLI** | interactive_bash (tmux) | Agent runs command, captures output, validates expected strings |
+| **API/Backend** | curl / httpie via Bash | Agent sends request, parses response, validates JSON fields |
+| **Library/Module** | Node/Python REPL via Bash | Agent imports, calls function, compares output |
+| **Config/Infra** | Shell commands via Bash | Agent applies config, runs state check, validates output |
 
-**Evidence Required:**
-- Commands run with actual output
-- Screenshots for visual changes
-- Response bodies for API changes
-- Terminal output for CLI changes
+**Evidence Requirements (Agent-Executable):**
+- Command output captured and compared against expected patterns
+- Screenshots saved to .sisyphus/evidence/ for visual verification
+- JSON response fields validated with specific assertions
+- Exit codes checked (0 = success)
 
 ---
 
-## Task Flow
+## Execution Strategy
+
+### Parallel Execution Waves
+
+> Maximize throughput by grouping independent tasks into parallel waves.
+> Each wave completes before the next begins.
 
 \`\`\`
-Task 1 → Task 2 → Task 3
-              ↘ Task 4 (parallel)
+Wave 1 (Start Immediately):
+├── Task 1: [no dependencies]
+└── Task 5: [no dependencies]
+
+Wave 2 (After Wave 1):
+├── Task 2: [depends: 1]
+├── Task 3: [depends: 1]
+└── Task 6: [depends: 5]
+
+Wave 3 (After Wave 2):
+└── Task 4: [depends: 2, 3]
+
+Critical Path: Task 1 → Task 2 → Task 4
+Parallel Speedup: ~40% faster than sequential
 \`\`\`
 
-## Parallelization
+### Dependency Matrix
 
-| Group | Tasks | Reason |
-|-------|-------|--------|
-| A | 2, 3 | Independent files |
+| Task | Depends On | Blocks | Can Parallelize With |
+|------|------------|--------|---------------------|
+| 1 | None | 2, 3 | 5 |
+| 2 | 1 | 4 | 3, 6 |
+| 3 | 1 | 4 | 2, 6 |
+| 4 | 2, 3 | None | None (final) |
+| 5 | None | 6 | 1 |
+| 6 | 5 | None | 2, 3 |
 
-| Task | Depends On | Reason |
-|------|------------|--------|
-| 4 | 1 | Requires output from 1 |
+### Agent Dispatch Summary
+
+| Wave | Tasks | Recommended Agents |
+|------|-------|-------------------|
+| 1 | 1, 5 | delegate_task(category="...", load_skills=[...], run_in_background=true) |
+| 2 | 2, 3, 6 | dispatch parallel after Wave 1 completes |
+| 3 | 4 | final integration task |
 
 ---
 
 ## TODOs
 
 > Implementation + Test = ONE Task. Never separate.
-> Specify parallelizability for EVERY task.
+> EVERY task MUST have: Recommended Agent Profile + Parallelization info.
 
 - [ ] 1. [Task Title]
 
@@ -996,7 +1046,21 @@ Task 1 → Task 2 → Task 3
   **Must NOT do**:
   - [Specific exclusions from guardrails]
 
-  **Parallelizable**: YES (with 3, 4) | NO (depends on 0)
+  **Recommended Agent Profile**:
+  > Select category + skills based on task domain. Justify each choice.
+  - **Category**: \`[visual-engineering | ultrabrain | artistry | quick | unspecified-low | unspecified-high | writing]\`
+    - Reason: [Why this category fits the task domain]
+  - **Skills**: [\`skill-1\`, \`skill-2\`]
+    - \`skill-1\`: [Why needed - domain overlap explanation]
+    - \`skill-2\`: [Why needed - domain overlap explanation]
+  - **Skills Evaluated but Omitted**:
+    - \`omitted-skill\`: [Why domain doesn't overlap]
+
+  **Parallelization**:
+  - **Can Run In Parallel**: YES | NO
+  - **Parallel Group**: Wave N (with Tasks X, Y) | Sequential
+  - **Blocks**: [Tasks that depend on this task completing]
+  - **Blocked By**: [Tasks this depends on] | None (can start immediately)
 
   **References** (CRITICAL - Be Exhaustive):
 
@@ -1029,53 +1093,76 @@ Task 1 → Task 2 → Task 3
 
   **Acceptance Criteria**:
 
-  > CRITICAL: Acceptance = EXECUTION, not just "it should work".
-  > The executor MUST run these commands and verify output.
+  > **CRITICAL: AGENT-EXECUTABLE VERIFICATION ONLY**
+  >
+  > - Acceptance = EXECUTION by the agent, not "user checks if it works"
+  > - Every criterion MUST be verifiable by running a command or using a tool
+  > - NO steps like "user opens browser", "user clicks", "user confirms"
+  > - If you write "[placeholder]" - REPLACE IT with actual values based on task context
 
   **If TDD (tests enabled):**
-  - [ ] Test file created: \`[path].test.ts\`
-  - [ ] Test covers: [specific scenario]
-  - [ ] \`bun test [file]\` → PASS (N tests, 0 failures)
+  - [ ] Test file created: src/auth/login.test.ts
+  - [ ] Test covers: successful login returns JWT token
+  - [ ] bun test src/auth/login.test.ts → PASS (3 tests, 0 failures)
 
-  **Manual Execution Verification (ALWAYS include, even with tests):**
+  **Automated Verification (ALWAYS include, choose by deliverable type):**
 
-  *Choose based on deliverable type:*
+  **For Frontend/UI changes** (using playwright skill):
+  \\\`\\\`\\\`
+  # Agent executes via playwright browser automation:
+  1. Navigate to: http://localhost:3000/login
+  2. Fill: input[name="email"] with "test@example.com"
+  3. Fill: input[name="password"] with "password123"
+  4. Click: button[type="submit"]
+  5. Wait for: selector ".dashboard-welcome" to be visible
+  6. Assert: text "Welcome back" appears on page
+  7. Screenshot: .sisyphus/evidence/task-1-login-success.png
+  \\\`\\\`\\\`
 
-  **For Frontend/UI changes:**
-  - [ ] Using playwright browser automation:
-    - Navigate to: \`http://localhost:[port]/[path]\`
-    - Action: [click X, fill Y, scroll to Z]
-    - Verify: [visual element appears, animation completes, state changes]
-    - Screenshot: Save evidence to \`.sisyphus/evidence/[task-id]-[step].png\`
+  **For TUI/CLI changes** (using interactive_bash):
+  \\\`\\\`\\\`
+  # Agent executes via tmux session:
+  1. Command: ./my-cli --config test.yaml
+  2. Wait for: "Configuration loaded" in output
+  3. Send keys: "q" to quit
+  4. Assert: Exit code 0
+  5. Assert: Output contains "Goodbye"
+  \\\`\\\`\\\`
 
-  **For TUI/CLI changes:**
-  - [ ] Using interactive_bash (tmux session):
-    - Command: \`[exact command to run]\`
-    - Input sequence: [if interactive, list inputs]
-    - Expected output contains: \`[expected string or pattern]\`
-    - Exit code: [0 for success, specific code if relevant]
+  **For API/Backend changes** (using Bash curl):
+  \\\`\\\`\\\`bash
+  # Agent runs:
+  curl -s -X POST http://localhost:8080/api/users \\
+    -H "Content-Type: application/json" \\
+    -d '{"email":"new@test.com","name":"Test User"}' \\
+    | jq '.id'
+  # Assert: Returns non-empty UUID
+  # Assert: HTTP status 201
+  \\\`\\\`\\\`
 
-  **For API/Backend changes:**
-  - [ ] Request: \`curl -X [METHOD] http://localhost:[port]/[endpoint] -H "Content-Type: application/json" -d '[body]'\`
-  - [ ] Response status: [200/201/etc]
-  - [ ] Response body contains: \`{"key": "expected_value"}\`
+  **For Library/Module changes** (using Bash node/bun):
+  \\\`\\\`\\\`bash
+  # Agent runs:
+  bun -e "import { validateEmail } from './src/utils/validate'; console.log(validateEmail('test@example.com'))"
+  # Assert: Output is "true"
+  
+  bun -e "import { validateEmail } from './src/utils/validate'; console.log(validateEmail('invalid'))"
+  # Assert: Output is "false"
+  \\\`\\\`\\\`
 
-  **For Library/Module changes:**
-  - [ ] REPL verification:
-    \`\`\`
-    > import { [function] } from '[module]'
-    > [function]([args])
-    Expected: [output]
-    \`\`\`
+  **For Config/Infra changes** (using Bash):
+  \\\`\\\`\\\`bash
+  # Agent runs:
+  docker compose up -d
+  # Wait 5s for containers
+  docker compose ps --format json | jq '.[].State'
+  # Assert: All states are "running"
+  \\\`\\\`\\\`
 
-  **For Config/Infra changes:**
-  - [ ] Apply: \`[command to apply config]\`
-  - [ ] Verify state: \`[command to check state]\` → \`[expected output]\`
-
-  **Evidence Required:**
-  - [ ] Command output captured (copy-paste actual terminal output)
-  - [ ] Screenshot saved (for visual changes)
-  - [ ] Response body logged (for API changes)
+  **Evidence to Capture:**
+  - [ ] Terminal output from verification commands (actual output, not expected)
+  - [ ] Screenshot files in .sisyphus/evidence/ for UI changes
+  - [ ] JSON response bodies for API changes
 
   **Commit**: YES | NO (groups with N)
   - Message: \`type(scope): desc\`

src/agents/sisyphus-junior.ts

@@ -1,4 +1,5 @@
 import type { AgentConfig } from "@opencode-ai/sdk"
+import type { AgentMode } from "./types"
 import { isGptModel } from "./types"
 import type { AgentOverrideConfig } from "../config/schema"
 import {
@@ -6,6 +7,8 @@ import {
   type PermissionValue,
 } from "../shared/permission-compat"
 
+const MODE: AgentMode = "subagent"
+
 const SISYPHUS_JUNIOR_PROMPT = `<Role>
 Sisyphus-Junior - Focused executor from OhMyOpenCode.
 Execute tasks directly. NEVER delegate or spawn other agents.
@@ -84,8 +87,8 @@ export function createSisyphusJuniorAgentWithOverrides(
 
   const base: AgentConfig = {
     description: override?.description ??
-      "Sisyphus-Junior - Focused task executor. Same discipline, no delegation.",
-    mode: "subagent" as const,
+      "Focused task executor. Same discipline, no delegation. (Sisyphus-Junior - OhMyOpenCode)",
+    mode: MODE,
     model,
     temperature,
     maxTokens: 64000,
@@ -107,3 +110,5 @@ export function createSisyphusJuniorAgentWithOverrides(
     thinking: { type: "enabled", budgetTokens: 32000 },
   } as AgentConfig
 }
+
+createSisyphusJuniorAgentWithOverrides.mode = MODE

src/agents/sisyphus.ts

@@ -1,5 +1,14 @@
 import type { AgentConfig } from "@opencode-ai/sdk"
+import type { AgentMode, AgentPromptMetadata } from "./types"
 import { isGptModel } from "./types"
+
+const MODE: AgentMode = "primary"
+export const SISYPHUS_PROMPT_METADATA: AgentPromptMetadata = {
+  category: "utility",
+  cost: "EXPENSIVE",
+  promptAlias: "Sisyphus",
+  triggers: [],
+}
 import type { AvailableAgent, AvailableTool, AvailableSkill, AvailableCategory } from "./dynamic-agent-prompt-builder"
 import {
   buildKeyTriggersSection,
@@ -433,8 +442,8 @@ export function createSisyphusAgent(
   const permission = { question: "allow", call_omo_agent: "deny" } as AgentConfig["permission"]
   const base = {
     description:
-      "Sisyphus - Powerful AI orchestrator from OhMyOpenCode. Plans obsessively with todos, assesses search complexity before exploration, delegates strategically via category+skills combinations. Uses explore for internal code (parallel-friendly), librarian for external docs.",
-    mode: "primary" as const,
+      "Powerful AI orchestrator. Plans obsessively with todos, assesses search complexity before exploration, delegates strategically via category+skills combinations. Uses explore for internal code (parallel-friendly), librarian for external docs. (Sisyphus - OhMyOpenCode)",
+    mode: MODE,
     model,
     maxTokens: 64000,
     prompt,
@@ -448,3 +457,4 @@ export function createSisyphusAgent(
 
   return { ...base, thinking: { type: "enabled", budgetTokens: 32000 } }
 }
+createSisyphusAgent.mode = MODE

src/agents/types.ts

@@ -1,6 +1,20 @@
 import type { AgentConfig } from "@opencode-ai/sdk"
 
-export type AgentFactory = (model: string) => AgentConfig
+/**
+ * Agent mode determines UI model selection behavior:
+ * - "primary": Respects user's UI-selected model (sisyphus, atlas)
+ * - "subagent": Uses own fallback chain, ignores UI selection (oracle, explore, etc.)
+ * - "all": Available in both contexts (OpenCode compatibility)
+ */
+export type AgentMode = "primary" | "subagent" | "all"
+
+/**
+ * Agent factory function with static mode property.
+ * Mode is exposed as static property for pre-instantiation access.
+ */
+export type AgentFactory = ((model: string) => AgentConfig) & {
+  mode: AgentMode
+}
 
 /**
  * Agent category for grouping in Sisyphus prompt sections

src/agents/utils.test.ts

@@ -1,7 +1,9 @@
-import { describe, test, expect, beforeEach } from "bun:test"
+import { describe, test, expect, beforeEach, spyOn, afterEach } from "bun:test"
 import { createBuiltinAgents } from "./utils"
 import type { AgentConfig } from "@opencode-ai/sdk"
 import { clearSkillCache } from "../features/opencode-skill-loader/skill-content"
+import * as connectedProvidersCache from "../shared/connected-providers-cache"
+import * as modelAvailability from "../shared/model-availability"
 
 const TEST_DEFAULT_MODEL = "anthropic/claude-opus-4-5"
 
@@ -46,18 +48,32 @@ describe("createBuiltinAgents with model overrides", () => {
     expect(agents.sisyphus.reasoningEffort).toBeUndefined()
   })
 
-  test("Oracle uses first fallback entry when no availableModels provided (no cache scenario)", async () => {
-    // #given - no available models simulates CI without model cache
+   test("Oracle uses connected provider fallback when availableModels is empty and cache exists", async () => {
+     // #given - connected providers cache has "openai", which matches oracle's first fallback entry
+     const cacheSpy = spyOn(connectedProvidersCache, "readConnectedProvidersCache").mockReturnValue(["openai"])
 
-    // #when
-    const agents = await createBuiltinAgents([], {}, undefined, TEST_DEFAULT_MODEL)
+     // #when
+     const agents = await createBuiltinAgents([], {}, undefined, TEST_DEFAULT_MODEL)
 
-    // #then - uses first fallback entry (openai/gpt-5.2) instead of system default
-    expect(agents.oracle.model).toBe("openai/gpt-5.2")
-    expect(agents.oracle.reasoningEffort).toBe("medium")
-    expect(agents.oracle.textVerbosity).toBe("high")
-    expect(agents.oracle.thinking).toBeUndefined()
-  })
+     // #then - oracle resolves via connected cache fallback to openai/gpt-5.2 (not system default)
+     expect(agents.oracle.model).toBe("openai/gpt-5.2")
+     expect(agents.oracle.reasoningEffort).toBe("medium")
+     expect(agents.oracle.thinking).toBeUndefined()
+     cacheSpy.mockRestore?.()
+   })
+
+   test("Oracle created without model field when no cache exists (first run scenario)", async () => {
+     // #given - no cache at all (first run)
+     const cacheSpy = spyOn(connectedProvidersCache, "readConnectedProvidersCache").mockReturnValue(null)
+
+     // #when
+     const agents = await createBuiltinAgents([], {}, undefined, TEST_DEFAULT_MODEL)
+
+     // #then - oracle should be created with system default model (fallback to systemDefaultModel)
+     expect(agents.oracle).toBeDefined()
+     expect(agents.oracle.model).toBe(TEST_DEFAULT_MODEL)
+     cacheSpy.mockRestore?.()
+   })
 
   test("Oracle with GPT model override has reasoningEffort, no thinking", async () => {
     // #given
@@ -107,27 +123,43 @@ describe("createBuiltinAgents with model overrides", () => {
 })
 
 describe("createBuiltinAgents without systemDefaultModel", () => {
-  test("creates agents successfully without systemDefaultModel", async () => {
-    // #given - no systemDefaultModel provided
+   test("agents created via connected cache fallback even without systemDefaultModel", async () => {
+     // #given - connected cache has "openai", which matches oracle's fallback chain
+     const cacheSpy = spyOn(connectedProvidersCache, "readConnectedProvidersCache").mockReturnValue(["openai"])
 
-    // #when
-    const agents = await createBuiltinAgents([], {}, undefined, undefined)
+     // #when
+     const agents = await createBuiltinAgents([], {}, undefined, undefined)
 
-    // #then - agents should still be created using fallback chain
-    expect(agents.oracle).toBeDefined()
-    expect(agents.oracle.model).toBe("openai/gpt-5.2")
-  })
+     // #then - connected cache enables model resolution despite no systemDefaultModel
+     expect(agents.oracle).toBeDefined()
+     expect(agents.oracle.model).toBe("openai/gpt-5.2")
+     cacheSpy.mockRestore?.()
+   })
 
-  test("sisyphus uses fallback chain when systemDefaultModel undefined", async () => {
-    // #given - no systemDefaultModel
+   test("agents NOT created when no cache and no systemDefaultModel (first run without defaults)", async () => {
+     // #given
+     const cacheSpy = spyOn(connectedProvidersCache, "readConnectedProvidersCache").mockReturnValue(null)
 
-    // #when
-    const agents = await createBuiltinAgents([], {}, undefined, undefined)
+     // #when
+     const agents = await createBuiltinAgents([], {}, undefined, undefined)
 
-    // #then - sisyphus should use its fallback chain
-    expect(agents.sisyphus).toBeDefined()
-    expect(agents.sisyphus.model).toBe("anthropic/claude-opus-4-5")
-  })
+     // #then
+     expect(agents.oracle).toBeUndefined()
+     cacheSpy.mockRestore?.()
+   })
+
+   test("sisyphus created via connected cache fallback even without systemDefaultModel", async () => {
+     // #given - connected cache has "anthropic", which matches sisyphus's first fallback entry
+     const cacheSpy = spyOn(connectedProvidersCache, "readConnectedProvidersCache").mockReturnValue(["anthropic"])
+
+     // #when
+     const agents = await createBuiltinAgents([], {}, undefined, undefined)
+
+     // #then - connected cache enables model resolution despite no systemDefaultModel
+     expect(agents.sisyphus).toBeDefined()
+     expect(agents.sisyphus.model).toBe("anthropic/claude-opus-4-5")
+     cacheSpy.mockRestore?.()
+   })
 })
 
 describe("buildAgent with category and skills", () => {
@@ -376,3 +408,157 @@ describe("buildAgent with category and skills", () => {
     expect(agent.prompt).not.toContain("agent-browser open")
   })
 })
+
+describe("override.category expansion in createBuiltinAgents", () => {
+  test("standard agent override with category expands category properties", async () => {
+    // #given
+    const overrides = {
+      oracle: { category: "ultrabrain" } as any,
+    }
+
+    // #when
+    const agents = await createBuiltinAgents([], overrides, undefined, TEST_DEFAULT_MODEL)
+
+    // #then - ultrabrain category: model=openai/gpt-5.2-codex, variant=xhigh
+    expect(agents.oracle).toBeDefined()
+    expect(agents.oracle.model).toBe("openai/gpt-5.2-codex")
+    expect(agents.oracle.variant).toBe("xhigh")
+  })
+
+  test("standard agent override with category AND direct variant - direct wins", async () => {
+    // #given - ultrabrain has variant=xhigh, but direct override says "max"
+    const overrides = {
+      oracle: { category: "ultrabrain", variant: "max" } as any,
+    }
+
+    // #when
+    const agents = await createBuiltinAgents([], overrides, undefined, TEST_DEFAULT_MODEL)
+
+    // #then - direct variant overrides category variant
+    expect(agents.oracle).toBeDefined()
+    expect(agents.oracle.variant).toBe("max")
+  })
+
+  test("standard agent override with category AND direct reasoningEffort - direct wins", async () => {
+    // #given - custom category has reasoningEffort=xhigh, direct override says "low"
+    const categories = {
+      "test-cat": {
+        model: "openai/gpt-5.2",
+        reasoningEffort: "xhigh" as const,
+      },
+    }
+    const overrides = {
+      oracle: { category: "test-cat", reasoningEffort: "low" } as any,
+    }
+
+    // #when
+    const agents = await createBuiltinAgents([], overrides, undefined, TEST_DEFAULT_MODEL, categories)
+
+    // #then - direct reasoningEffort wins over category
+    expect(agents.oracle).toBeDefined()
+    expect(agents.oracle.reasoningEffort).toBe("low")
+  })
+
+  test("standard agent override with category applies reasoningEffort from category when no direct override", async () => {
+    // #given - custom category has reasoningEffort, no direct reasoningEffort in override
+    const categories = {
+      "reasoning-cat": {
+        model: "openai/gpt-5.2",
+        reasoningEffort: "high" as const,
+      },
+    }
+    const overrides = {
+      oracle: { category: "reasoning-cat" } as any,
+    }
+
+    // #when
+    const agents = await createBuiltinAgents([], overrides, undefined, TEST_DEFAULT_MODEL, categories)
+
+    // #then - category reasoningEffort is applied
+    expect(agents.oracle).toBeDefined()
+    expect(agents.oracle.reasoningEffort).toBe("high")
+  })
+
+  test("sisyphus override with category expands category properties", async () => {
+    // #given
+    const overrides = {
+      sisyphus: { category: "ultrabrain" } as any,
+    }
+
+    // #when
+    const agents = await createBuiltinAgents([], overrides, undefined, TEST_DEFAULT_MODEL)
+
+    // #then - ultrabrain category: model=openai/gpt-5.2-codex, variant=xhigh
+    expect(agents.sisyphus).toBeDefined()
+    expect(agents.sisyphus.model).toBe("openai/gpt-5.2-codex")
+    expect(agents.sisyphus.variant).toBe("xhigh")
+  })
+
+  test("atlas override with category expands category properties", async () => {
+    // #given
+    const overrides = {
+      atlas: { category: "ultrabrain" } as any,
+    }
+
+    // #when
+    const agents = await createBuiltinAgents([], overrides, undefined, TEST_DEFAULT_MODEL)
+
+    // #then - ultrabrain category: model=openai/gpt-5.2-codex, variant=xhigh
+    expect(agents.atlas).toBeDefined()
+    expect(agents.atlas.model).toBe("openai/gpt-5.2-codex")
+    expect(agents.atlas.variant).toBe("xhigh")
+  })
+
+  test("override with non-existent category has no effect on config", async () => {
+    // #given
+    const overrides = {
+      oracle: { category: "non-existent-category" } as any,
+    }
+
+    // #when
+    const agents = await createBuiltinAgents([], overrides, undefined, TEST_DEFAULT_MODEL)
+
+    // #then - no category-specific variant/reasoningEffort applied from non-existent category
+    expect(agents.oracle).toBeDefined()
+    const agentsWithoutOverride = await createBuiltinAgents([], {}, undefined, TEST_DEFAULT_MODEL)
+    expect(agents.oracle.model).toBe(agentsWithoutOverride.oracle.model)
+  })
+})
+
+describe("Deadlock prevention - fetchAvailableModels must not receive client", () => {
+   test("createBuiltinAgents should call fetchAvailableModels with undefined client to prevent deadlock", async () => {
+     // #given - This test ensures we don't regress on issue #1301
+     // Passing client to fetchAvailableModels during createBuiltinAgents (called from config handler)
+     // causes deadlock:
+     // - Plugin init waits for server response (client.provider.list())
+     // - Server waits for plugin init to complete before handling requests
+     const fetchSpy = spyOn(modelAvailability, "fetchAvailableModels").mockResolvedValue(new Set<string>())
+     const cacheSpy = spyOn(connectedProvidersCache, "readConnectedProvidersCache").mockReturnValue(null)
+
+     const mockClient = {
+       provider: { list: () => Promise.resolve({ data: { connected: [] } }) },
+       model: { list: () => Promise.resolve({ data: [] }) },
+     }
+
+     // #when - Even when client is provided, fetchAvailableModels must be called with undefined
+     await createBuiltinAgents(
+       [],
+       {},
+       undefined,
+       TEST_DEFAULT_MODEL,
+       undefined,
+       undefined,
+       [],
+       mockClient // client is passed but should NOT be forwarded to fetchAvailableModels
+     )
+
+     // #then - fetchAvailableModels must be called with undefined as first argument (no client)
+     // This prevents the deadlock described in issue #1301
+     expect(fetchSpy).toHaveBeenCalled()
+     const firstCallArgs = fetchSpy.mock.calls[0]
+     expect(firstCallArgs[0]).toBeUndefined()
+
+     fetchSpy.mockRestore?.()
+     cacheSpy.mockRestore?.()
+   })
+})

src/agents/utils.ts

@@ -6,11 +6,11 @@ import { createOracleAgent, ORACLE_PROMPT_METADATA } from "./oracle"
 import { createLibrarianAgent, LIBRARIAN_PROMPT_METADATA } from "./librarian"
 import { createExploreAgent, EXPLORE_PROMPT_METADATA } from "./explore"
 import { createMultimodalLookerAgent, MULTIMODAL_LOOKER_PROMPT_METADATA } from "./multimodal-looker"
-import { createMetisAgent } from "./metis"
-import { createAtlasAgent } from "./atlas"
-import { createMomusAgent } from "./momus"
+import { createMetisAgent, metisPromptMetadata } from "./metis"
+import { createAtlasAgent, atlasPromptMetadata } from "./atlas"
+import { createMomusAgent, momusPromptMetadata } from "./momus"
 import type { AvailableAgent, AvailableCategory, AvailableSkill } from "./dynamic-agent-prompt-builder"
-import { deepMerge, fetchAvailableModels, resolveModelWithFallback, AGENT_MODEL_REQUIREMENTS, findCaseInsensitive, includesCaseInsensitive, readConnectedProvidersCache } from "../shared"
+import { deepMerge, fetchAvailableModels, resolveModelPipeline, AGENT_MODEL_REQUIREMENTS, readConnectedProvidersCache, isModelAvailable } from "../shared"
 import { DEFAULT_CATEGORIES, CATEGORY_DESCRIPTIONS } from "../tools/delegate-task/constants"
 import { resolveMultipleSkills } from "../features/opencode-skill-loader/skill-content"
 import { createBuiltinSkills } from "../features/builtin-skills"
@@ -41,6 +41,9 @@ const agentMetadata: Partial<Record<BuiltinAgentName, AgentPromptMetadata>> = {
   librarian: LIBRARIAN_PROMPT_METADATA,
   explore: EXPLORE_PROMPT_METADATA,
   "multimodal-looker": MULTIMODAL_LOOKER_PROMPT_METADATA,
+  metis: metisPromptMetadata,
+  momus: momusPromptMetadata,
+  atlas: atlasPromptMetadata,
 }
 
 function isFactory(source: AgentSource): source is AgentFactory {
@@ -120,6 +123,72 @@ export function createEnvContext(): string {
 </omo-env>`
 }
 
+/**
+ * Expands a category reference from an agent override into concrete config properties.
+ * Category properties are applied unconditionally (overwriting factory defaults),
+ * because the user's chosen category should take priority over factory base values.
+ * Direct override properties applied later via mergeAgentConfig() will supersede these.
+ */
+function applyCategoryOverride(
+  config: AgentConfig,
+  categoryName: string,
+  mergedCategories: Record<string, CategoryConfig>
+): AgentConfig {
+  const categoryConfig = mergedCategories[categoryName]
+  if (!categoryConfig) return config
+
+  const result = { ...config } as AgentConfig & Record<string, unknown>
+  if (categoryConfig.model) result.model = categoryConfig.model
+  if (categoryConfig.variant !== undefined) result.variant = categoryConfig.variant
+  if (categoryConfig.temperature !== undefined) result.temperature = categoryConfig.temperature
+  if (categoryConfig.reasoningEffort !== undefined) result.reasoningEffort = categoryConfig.reasoningEffort
+  if (categoryConfig.textVerbosity !== undefined) result.textVerbosity = categoryConfig.textVerbosity
+  if (categoryConfig.thinking !== undefined) result.thinking = categoryConfig.thinking
+  if (categoryConfig.top_p !== undefined) result.top_p = categoryConfig.top_p
+  if (categoryConfig.maxTokens !== undefined) result.maxTokens = categoryConfig.maxTokens
+
+  return result as AgentConfig
+}
+
+function applyModelResolution(input: {
+  uiSelectedModel?: string
+  userModel?: string
+  requirement?: { fallbackChain?: { providers: string[]; model: string; variant?: string }[] }
+  availableModels: Set<string>
+  systemDefaultModel?: string
+}) {
+  const { uiSelectedModel, userModel, requirement, availableModels, systemDefaultModel } = input
+  return resolveModelPipeline({
+    intent: { uiSelectedModel, userModel },
+    constraints: { availableModels },
+    policy: { fallbackChain: requirement?.fallbackChain, systemDefaultModel },
+  })
+}
+
+function applyEnvironmentContext(config: AgentConfig, directory?: string): AgentConfig {
+  if (!directory || !config.prompt) return config
+  const envContext = createEnvContext()
+  return { ...config, prompt: config.prompt + envContext }
+}
+
+function applyOverrides(
+  config: AgentConfig,
+  override: AgentOverrideConfig | undefined,
+  mergedCategories: Record<string, CategoryConfig>
+): AgentConfig {
+  let result = config
+  const overrideCategory = (override as Record<string, unknown> | undefined)?.category as string | undefined
+  if (overrideCategory) {
+    result = applyCategoryOverride(result, overrideCategory, mergedCategories)
+  }
+
+  if (override) {
+    result = mergeAgentConfig(result, override)
+  }
+
+  return result
+}
+
 function mergeAgentConfig(
   base: AgentConfig,
   override: AgentOverrideConfig
@@ -149,12 +218,16 @@ export async function createBuiltinAgents(
   gitMasterConfig?: GitMasterConfig,
   discoveredSkills: LoadedSkill[] = [],
   client?: any,
-  browserProvider?: BrowserAutomationProvider
+  browserProvider?: BrowserAutomationProvider,
+  uiSelectedModel?: string
 ): Promise<Record<string, AgentConfig>> {
   const connectedProviders = readConnectedProvidersCache()
-  const availableModels = client 
-    ? await fetchAvailableModels(client, { connectedProviders: connectedProviders ?? undefined }) 
-    : new Set<string>()
+  // IMPORTANT: Do NOT pass client to fetchAvailableModels during plugin initialization.
+  // This function is called from config handler, and calling client API causes deadlock.
+  // See: https://github.com/code-yeongyu/oh-my-opencode/issues/1301
+  const availableModels = await fetchAvailableModels(undefined, {
+    connectedProviders: connectedProviders ?? undefined,
+  })
 
   const result: Record<string, AgentConfig> = {}
   const availableAgents: AvailableAgent[] = []
@@ -192,14 +265,25 @@ export async function createBuiltinAgents(
 
      if (agentName === "sisyphus") continue
      if (agentName === "atlas") continue
-     if (includesCaseInsensitive(disabledAgents, agentName)) continue
+     if (disabledAgents.some((name) => name.toLowerCase() === agentName.toLowerCase())) continue
 
-    const override = findCaseInsensitive(agentOverrides, agentName)
-    const requirement = AGENT_MODEL_REQUIREMENTS[agentName]
-    
-    const resolution = resolveModelWithFallback({
+     const override = agentOverrides[agentName]
+       ?? Object.entries(agentOverrides).find(([key]) => key.toLowerCase() === agentName.toLowerCase())?.[1]
+     const requirement = AGENT_MODEL_REQUIREMENTS[agentName]
+     
+     // Check if agent requires a specific model
+     if (requirement?.requiresModel && availableModels) {
+       if (!isModelAvailable(requirement.requiresModel, availableModels)) {
+         continue
+       }
+     }
+     
+     const isPrimaryAgent = isFactory(source) && source.mode === "primary"
+     
+    const resolution = applyModelResolution({
+      uiSelectedModel: isPrimaryAgent ? uiSelectedModel : undefined,
       userModel: override?.model,
-      fallbackChain: requirement?.fallbackChain,
+      requirement,
       availableModels,
       systemDefaultModel,
     })
@@ -208,22 +292,23 @@ export async function createBuiltinAgents(
 
     let config = buildAgent(source, model, mergedCategories, gitMasterConfig, browserProvider)
     
-    // Apply variant from override or resolved fallback chain
-    if (override?.variant) {
-      config = { ...config, variant: override.variant }
-    } else if (resolvedVariant) {
+    // Apply resolved variant from model fallback chain
+    if (resolvedVariant) {
       config = { ...config, variant: resolvedVariant }
     }
 
-    if (agentName === "librarian" && directory && config.prompt) {
-      const envContext = createEnvContext()
-      config = { ...config, prompt: config.prompt + envContext }
+    // Expand override.category into concrete properties (higher priority than factory/resolved)
+    const overrideCategory = (override as Record<string, unknown> | undefined)?.category as string | undefined
+    if (overrideCategory) {
+      config = applyCategoryOverride(config, overrideCategory, mergedCategories)
     }
 
-    if (override) {
-      config = mergeAgentConfig(config, override)
+    if (agentName === "librarian") {
+      config = applyEnvironmentContext(config, directory)
     }
 
+    config = applyOverrides(config, override, mergedCategories)
+
     result[name] = config
 
     const metadata = agentMetadata[agentName]
@@ -240,9 +325,10 @@ export async function createBuiltinAgents(
      const sisyphusOverride = agentOverrides["sisyphus"]
      const sisyphusRequirement = AGENT_MODEL_REQUIREMENTS["sisyphus"]
     
-    const sisyphusResolution = resolveModelWithFallback({
+    const sisyphusResolution = applyModelResolution({
+      uiSelectedModel,
       userModel: sisyphusOverride?.model,
-      fallbackChain: sisyphusRequirement?.fallbackChain,
+      requirement: sisyphusRequirement,
       availableModels,
       systemDefaultModel,
     })
@@ -258,20 +344,12 @@ export async function createBuiltinAgents(
         availableCategories
       )
       
-      if (sisyphusOverride?.variant) {
-        sisyphusConfig = { ...sisyphusConfig, variant: sisyphusOverride.variant }
-      } else if (sisyphusResolvedVariant) {
+      if (sisyphusResolvedVariant) {
         sisyphusConfig = { ...sisyphusConfig, variant: sisyphusResolvedVariant }
       }
 
-      if (directory && sisyphusConfig.prompt) {
-        const envContext = createEnvContext()
-        sisyphusConfig = { ...sisyphusConfig, prompt: sisyphusConfig.prompt + envContext }
-      }
-
-      if (sisyphusOverride) {
-        sisyphusConfig = mergeAgentConfig(sisyphusConfig, sisyphusOverride)
-      }
+      sisyphusConfig = applyOverrides(sisyphusConfig, sisyphusOverride, mergedCategories)
+      sisyphusConfig = applyEnvironmentContext(sisyphusConfig, directory)
 
       result["sisyphus"] = sisyphusConfig
     }
@@ -281,9 +359,10 @@ export async function createBuiltinAgents(
      const orchestratorOverride = agentOverrides["atlas"]
      const atlasRequirement = AGENT_MODEL_REQUIREMENTS["atlas"]
     
-    const atlasResolution = resolveModelWithFallback({
+    const atlasResolution = applyModelResolution({
+      // NOTE: Atlas does NOT use uiSelectedModel - respects its own fallbackChain (k2p5 primary)
       userModel: orchestratorOverride?.model,
-      fallbackChain: atlasRequirement?.fallbackChain,
+      requirement: atlasRequirement,
       availableModels,
       systemDefaultModel,
     })
@@ -298,15 +377,11 @@ export async function createBuiltinAgents(
         userCategories: categories,
       })
       
-      if (orchestratorOverride?.variant) {
-        orchestratorConfig = { ...orchestratorConfig, variant: orchestratorOverride.variant }
-      } else if (atlasResolvedVariant) {
+      if (atlasResolvedVariant) {
         orchestratorConfig = { ...orchestratorConfig, variant: atlasResolvedVariant }
       }
 
-      if (orchestratorOverride) {
-        orchestratorConfig = mergeAgentConfig(orchestratorConfig, orchestratorOverride)
-      }
+      orchestratorConfig = applyOverrides(orchestratorConfig, orchestratorOverride, mergedCategories)
 
       result["atlas"] = orchestratorConfig
     }

src/cli/__snapshots__/model-fallback.test.ts.snap

@@ -5,54 +5,57 @@ exports[`generateModelConfig no providers available returns ULTIMATE_FALLBACK fo
   "$schema": "https://raw.githubusercontent.com/code-yeongyu/oh-my-opencode/master/assets/oh-my-opencode.schema.json",
   "agents": {
     "atlas": {
-      "model": "opencode/big-pickle",
+      "model": "opencode/glm-4.7-free",
     },
     "explore": {
-      "model": "opencode/big-pickle",
+      "model": "opencode/glm-4.7-free",
     },
     "librarian": {
-      "model": "opencode/big-pickle",
+      "model": "opencode/glm-4.7-free",
     },
     "metis": {
-      "model": "opencode/big-pickle",
+      "model": "opencode/glm-4.7-free",
     },
     "momus": {
-      "model": "opencode/big-pickle",
+      "model": "opencode/glm-4.7-free",
     },
     "multimodal-looker": {
-      "model": "opencode/big-pickle",
+      "model": "opencode/glm-4.7-free",
     },
     "oracle": {
-      "model": "opencode/big-pickle",
+      "model": "opencode/glm-4.7-free",
     },
     "prometheus": {
-      "model": "opencode/big-pickle",
+      "model": "opencode/glm-4.7-free",
     },
     "sisyphus": {
-      "model": "opencode/big-pickle",
+      "model": "opencode/glm-4.7-free",
     },
   },
   "categories": {
     "artistry": {
-      "model": "opencode/big-pickle",
+      "model": "opencode/glm-4.7-free",
+    },
+    "deep": {
+      "model": "opencode/glm-4.7-free",
     },
     "quick": {
-      "model": "opencode/big-pickle",
+      "model": "opencode/glm-4.7-free",
     },
     "ultrabrain": {
-      "model": "opencode/big-pickle",
+      "model": "opencode/glm-4.7-free",
     },
     "unspecified-high": {
-      "model": "opencode/big-pickle",
+      "model": "opencode/glm-4.7-free",
     },
     "unspecified-low": {
-      "model": "opencode/big-pickle",
+      "model": "opencode/glm-4.7-free",
     },
     "visual-engineering": {
-      "model": "opencode/big-pickle",
+      "model": "opencode/glm-4.7-free",
     },
     "writing": {
-      "model": "opencode/big-pickle",
+      "model": "opencode/glm-4.7-free",
     },
   },
 }
@@ -77,6 +80,7 @@ exports[`generateModelConfig single native provider uses Claude models when only
     },
     "momus": {
       "model": "anthropic/claude-opus-4-5",
+      "variant": "max",
     },
     "multimodal-looker": {
       "model": "anthropic/claude-haiku-4-5",
@@ -98,6 +102,10 @@ exports[`generateModelConfig single native provider uses Claude models when only
       "model": "anthropic/claude-opus-4-5",
       "variant": "max",
     },
+    "deep": {
+      "model": "anthropic/claude-opus-4-5",
+      "variant": "max",
+    },
     "quick": {
       "model": "anthropic/claude-haiku-4-5",
     },
@@ -141,6 +149,7 @@ exports[`generateModelConfig single native provider uses Claude models with isMa
     },
     "momus": {
       "model": "anthropic/claude-opus-4-5",
+      "variant": "max",
     },
     "multimodal-looker": {
       "model": "anthropic/claude-haiku-4-5",
@@ -163,6 +172,10 @@ exports[`generateModelConfig single native provider uses Claude models with isMa
       "model": "anthropic/claude-opus-4-5",
       "variant": "max",
     },
+    "deep": {
+      "model": "anthropic/claude-opus-4-5",
+      "variant": "max",
+    },
     "quick": {
       "model": "anthropic/claude-haiku-4-5",
     },
@@ -199,7 +212,7 @@ exports[`generateModelConfig single native provider uses OpenAI models when only
       "model": "opencode/gpt-5-nano",
     },
     "librarian": {
-      "model": "opencode/big-pickle",
+      "model": "opencode/glm-4.7-free",
     },
     "metis": {
       "model": "openai/gpt-5.2",
@@ -229,8 +242,12 @@ exports[`generateModelConfig single native provider uses OpenAI models when only
     "artistry": {
       "model": "openai/gpt-5.2",
     },
+    "deep": {
+      "model": "openai/gpt-5.2-codex",
+      "variant": "medium",
+    },
     "quick": {
-      "model": "opencode/big-pickle",
+      "model": "opencode/glm-4.7-free",
     },
     "ultrabrain": {
       "model": "openai/gpt-5.2-codex",
@@ -245,8 +262,7 @@ exports[`generateModelConfig single native provider uses OpenAI models when only
       "variant": "medium",
     },
     "visual-engineering": {
-      "model": "openai/gpt-5.2",
-      "variant": "high",
+      "model": "opencode/glm-4.7-free",
     },
     "writing": {
       "model": "openai/gpt-5.2",
@@ -266,7 +282,7 @@ exports[`generateModelConfig single native provider uses OpenAI models with isMa
       "model": "opencode/gpt-5-nano",
     },
     "librarian": {
-      "model": "opencode/big-pickle",
+      "model": "opencode/glm-4.7-free",
     },
     "metis": {
       "model": "openai/gpt-5.2",
@@ -296,8 +312,12 @@ exports[`generateModelConfig single native provider uses OpenAI models with isMa
     "artistry": {
       "model": "openai/gpt-5.2",
     },
+    "deep": {
+      "model": "openai/gpt-5.2-codex",
+      "variant": "medium",
+    },
     "quick": {
-      "model": "opencode/big-pickle",
+      "model": "opencode/glm-4.7-free",
     },
     "ultrabrain": {
       "model": "openai/gpt-5.2-codex",
@@ -312,8 +332,7 @@ exports[`generateModelConfig single native provider uses OpenAI models with isMa
       "variant": "medium",
     },
     "visual-engineering": {
-      "model": "openai/gpt-5.2",
-      "variant": "high",
+      "model": "opencode/glm-4.7-free",
     },
     "writing": {
       "model": "openai/gpt-5.2",
@@ -333,7 +352,7 @@ exports[`generateModelConfig single native provider uses Gemini models when only
       "model": "opencode/gpt-5-nano",
     },
     "librarian": {
-      "model": "opencode/big-pickle",
+      "model": "opencode/glm-4.7-free",
     },
     "metis": {
       "model": "google/gemini-3-pro",
@@ -348,6 +367,7 @@ exports[`generateModelConfig single native provider uses Gemini models when only
     },
     "oracle": {
       "model": "google/gemini-3-pro",
+      "variant": "max",
     },
     "prometheus": {
       "model": "google/gemini-3-pro",
@@ -361,11 +381,16 @@ exports[`generateModelConfig single native provider uses Gemini models when only
       "model": "google/gemini-3-pro",
       "variant": "max",
     },
+    "deep": {
+      "model": "google/gemini-3-pro",
+      "variant": "max",
+    },
     "quick": {
       "model": "google/gemini-3-flash",
     },
     "ultrabrain": {
       "model": "google/gemini-3-pro",
+      "variant": "max",
     },
     "unspecified-high": {
       "model": "google/gemini-3-flash",
@@ -394,7 +419,7 @@ exports[`generateModelConfig single native provider uses Gemini models with isMa
       "model": "opencode/gpt-5-nano",
     },
     "librarian": {
-      "model": "opencode/big-pickle",
+      "model": "opencode/glm-4.7-free",
     },
     "metis": {
       "model": "google/gemini-3-pro",
@@ -409,6 +434,7 @@ exports[`generateModelConfig single native provider uses Gemini models with isMa
     },
     "oracle": {
       "model": "google/gemini-3-pro",
+      "variant": "max",
     },
     "prometheus": {
       "model": "google/gemini-3-pro",
@@ -422,11 +448,16 @@ exports[`generateModelConfig single native provider uses Gemini models with isMa
       "model": "google/gemini-3-pro",
       "variant": "max",
     },
+    "deep": {
+      "model": "google/gemini-3-pro",
+      "variant": "max",
+    },
     "quick": {
       "model": "google/gemini-3-flash",
     },
     "ultrabrain": {
       "model": "google/gemini-3-pro",
+      "variant": "max",
     },
     "unspecified-high": {
       "model": "google/gemini-3-pro",
@@ -485,6 +516,10 @@ exports[`generateModelConfig all native providers uses preferred models from fal
       "model": "google/gemini-3-pro",
       "variant": "max",
     },
+    "deep": {
+      "model": "openai/gpt-5.2-codex",
+      "variant": "medium",
+    },
     "quick": {
       "model": "anthropic/claude-haiku-4-5",
     },
@@ -550,6 +585,10 @@ exports[`generateModelConfig all native providers uses preferred models with isM
       "model": "google/gemini-3-pro",
       "variant": "max",
     },
+    "deep": {
+      "model": "openai/gpt-5.2-codex",
+      "variant": "medium",
+    },
     "quick": {
       "model": "anthropic/claude-haiku-4-5",
     },
@@ -579,13 +618,13 @@ exports[`generateModelConfig fallback providers uses OpenCode Zen models when on
   "$schema": "https://raw.githubusercontent.com/code-yeongyu/oh-my-opencode/master/assets/oh-my-opencode.schema.json",
   "agents": {
     "atlas": {
-      "model": "opencode/claude-sonnet-4-5",
+      "model": "opencode/kimi-k2.5-free",
     },
     "explore": {
       "model": "opencode/claude-haiku-4-5",
     },
     "librarian": {
-      "model": "opencode/big-pickle",
+      "model": "opencode/glm-4.7-free",
     },
     "metis": {
       "model": "opencode/claude-opus-4-5",
@@ -615,6 +654,10 @@ exports[`generateModelConfig fallback providers uses OpenCode Zen models when on
       "model": "opencode/gemini-3-pro",
       "variant": "max",
     },
+    "deep": {
+      "model": "opencode/gpt-5.2-codex",
+      "variant": "medium",
+    },
     "quick": {
       "model": "opencode/claude-haiku-4-5",
     },
@@ -643,13 +686,13 @@ exports[`generateModelConfig fallback providers uses OpenCode Zen models with is
   "$schema": "https://raw.githubusercontent.com/code-yeongyu/oh-my-opencode/master/assets/oh-my-opencode.schema.json",
   "agents": {
     "atlas": {
-      "model": "opencode/claude-sonnet-4-5",
+      "model": "opencode/kimi-k2.5-free",
     },
     "explore": {
       "model": "opencode/claude-haiku-4-5",
     },
     "librarian": {
-      "model": "opencode/big-pickle",
+      "model": "opencode/glm-4.7-free",
     },
     "metis": {
       "model": "opencode/claude-opus-4-5",
@@ -680,6 +723,10 @@ exports[`generateModelConfig fallback providers uses OpenCode Zen models with is
       "model": "opencode/gemini-3-pro",
       "variant": "max",
     },
+    "deep": {
+      "model": "opencode/gpt-5.2-codex",
+      "variant": "medium",
+    },
     "quick": {
       "model": "opencode/claude-haiku-4-5",
     },
@@ -745,6 +792,10 @@ exports[`generateModelConfig fallback providers uses GitHub Copilot models when
       "model": "github-copilot/gemini-3-pro",
       "variant": "max",
     },
+    "deep": {
+      "model": "github-copilot/gpt-5.2-codex",
+      "variant": "medium",
+    },
     "quick": {
       "model": "github-copilot/claude-haiku-4.5",
     },
@@ -810,6 +861,10 @@ exports[`generateModelConfig fallback providers uses GitHub Copilot models with
       "model": "github-copilot/gemini-3-pro",
       "variant": "max",
     },
+    "deep": {
+      "model": "github-copilot/gpt-5.2-codex",
+      "variant": "medium",
+    },
     "quick": {
       "model": "github-copilot/claude-haiku-4.5",
     },
@@ -839,7 +894,7 @@ exports[`generateModelConfig fallback providers uses ZAI model for librarian whe
   "$schema": "https://raw.githubusercontent.com/code-yeongyu/oh-my-opencode/master/assets/oh-my-opencode.schema.json",
   "agents": {
     "atlas": {
-      "model": "opencode/big-pickle",
+      "model": "opencode/glm-4.7-free",
     },
     "explore": {
       "model": "opencode/gpt-5-nano",
@@ -848,42 +903,45 @@ exports[`generateModelConfig fallback providers uses ZAI model for librarian whe
       "model": "zai-coding-plan/glm-4.7",
     },
     "metis": {
-      "model": "opencode/big-pickle",
+      "model": "opencode/glm-4.7-free",
     },
     "momus": {
-      "model": "opencode/big-pickle",
+      "model": "opencode/glm-4.7-free",
     },
     "multimodal-looker": {
       "model": "zai-coding-plan/glm-4.6v",
     },
     "oracle": {
-      "model": "opencode/big-pickle",
+      "model": "opencode/glm-4.7-free",
     },
     "prometheus": {
-      "model": "opencode/big-pickle",
+      "model": "opencode/glm-4.7-free",
     },
     "sisyphus": {
-      "model": "opencode/big-pickle",
+      "model": "opencode/glm-4.7-free",
     },
   },
   "categories": {
     "artistry": {
-      "model": "opencode/big-pickle",
+      "model": "opencode/glm-4.7-free",
+    },
+    "deep": {
+      "model": "opencode/glm-4.7-free",
     },
     "quick": {
-      "model": "opencode/big-pickle",
+      "model": "opencode/glm-4.7-free",
     },
     "ultrabrain": {
-      "model": "opencode/big-pickle",
+      "model": "opencode/glm-4.7-free",
     },
     "unspecified-high": {
-      "model": "opencode/big-pickle",
+      "model": "opencode/glm-4.7-free",
     },
     "unspecified-low": {
-      "model": "opencode/big-pickle",
+      "model": "opencode/glm-4.7-free",
     },
     "visual-engineering": {
-      "model": "opencode/big-pickle",
+      "model": "zai-coding-plan/glm-4.7",
     },
     "writing": {
       "model": "zai-coding-plan/glm-4.7",
@@ -897,7 +955,7 @@ exports[`generateModelConfig fallback providers uses ZAI model for librarian wit
   "$schema": "https://raw.githubusercontent.com/code-yeongyu/oh-my-opencode/master/assets/oh-my-opencode.schema.json",
   "agents": {
     "atlas": {
-      "model": "opencode/big-pickle",
+      "model": "opencode/glm-4.7-free",
     },
     "explore": {
       "model": "opencode/gpt-5-nano",
@@ -906,19 +964,19 @@ exports[`generateModelConfig fallback providers uses ZAI model for librarian wit
       "model": "zai-coding-plan/glm-4.7",
     },
     "metis": {
-      "model": "opencode/big-pickle",
+      "model": "opencode/glm-4.7-free",
     },
     "momus": {
-      "model": "opencode/big-pickle",
+      "model": "opencode/glm-4.7-free",
     },
     "multimodal-looker": {
       "model": "zai-coding-plan/glm-4.6v",
     },
     "oracle": {
-      "model": "opencode/big-pickle",
+      "model": "opencode/glm-4.7-free",
     },
     "prometheus": {
-      "model": "opencode/big-pickle",
+      "model": "opencode/glm-4.7-free",
     },
     "sisyphus": {
       "model": "zai-coding-plan/glm-4.7",
@@ -926,22 +984,25 @@ exports[`generateModelConfig fallback providers uses ZAI model for librarian wit
   },
   "categories": {
     "artistry": {
-      "model": "opencode/big-pickle",
+      "model": "opencode/glm-4.7-free",
+    },
+    "deep": {
+      "model": "opencode/glm-4.7-free",
     },
     "quick": {
-      "model": "opencode/big-pickle",
+      "model": "opencode/glm-4.7-free",
     },
     "ultrabrain": {
-      "model": "opencode/big-pickle",
+      "model": "opencode/glm-4.7-free",
     },
     "unspecified-high": {
-      "model": "opencode/big-pickle",
+      "model": "opencode/glm-4.7-free",
     },
     "unspecified-low": {
-      "model": "opencode/big-pickle",
+      "model": "opencode/glm-4.7-free",
     },
     "visual-engineering": {
-      "model": "opencode/big-pickle",
+      "model": "zai-coding-plan/glm-4.7",
     },
     "writing": {
       "model": "zai-coding-plan/glm-4.7",
@@ -955,13 +1016,13 @@ exports[`generateModelConfig mixed provider scenarios uses Claude + OpenCode Zen
   "$schema": "https://raw.githubusercontent.com/code-yeongyu/oh-my-opencode/master/assets/oh-my-opencode.schema.json",
   "agents": {
     "atlas": {
-      "model": "anthropic/claude-sonnet-4-5",
+      "model": "opencode/kimi-k2.5-free",
     },
     "explore": {
       "model": "anthropic/claude-haiku-4-5",
     },
     "librarian": {
-      "model": "opencode/big-pickle",
+      "model": "opencode/glm-4.7-free",
     },
     "metis": {
       "model": "anthropic/claude-opus-4-5",
@@ -991,6 +1052,10 @@ exports[`generateModelConfig mixed provider scenarios uses Claude + OpenCode Zen
       "model": "opencode/gemini-3-pro",
       "variant": "max",
     },
+    "deep": {
+      "model": "opencode/gpt-5.2-codex",
+      "variant": "medium",
+    },
     "quick": {
       "model": "anthropic/claude-haiku-4-5",
     },
@@ -1055,6 +1120,10 @@ exports[`generateModelConfig mixed provider scenarios uses OpenAI + Copilot comb
       "model": "github-copilot/gemini-3-pro",
       "variant": "max",
     },
+    "deep": {
+      "model": "openai/gpt-5.2-codex",
+      "variant": "medium",
+    },
     "quick": {
       "model": "github-copilot/claude-haiku-4.5",
     },
@@ -1097,6 +1166,7 @@ exports[`generateModelConfig mixed provider scenarios uses Claude + ZAI combinat
     },
     "momus": {
       "model": "anthropic/claude-opus-4-5",
+      "variant": "max",
     },
     "multimodal-looker": {
       "model": "zai-coding-plan/glm-4.6v",
@@ -1118,6 +1188,10 @@ exports[`generateModelConfig mixed provider scenarios uses Claude + ZAI combinat
       "model": "anthropic/claude-opus-4-5",
       "variant": "max",
     },
+    "deep": {
+      "model": "anthropic/claude-opus-4-5",
+      "variant": "max",
+    },
     "quick": {
       "model": "anthropic/claude-haiku-4-5",
     },
@@ -1161,12 +1235,13 @@ exports[`generateModelConfig mixed provider scenarios uses Gemini + Claude combi
     },
     "momus": {
       "model": "anthropic/claude-opus-4-5",
+      "variant": "max",
     },
     "multimodal-looker": {
       "model": "google/gemini-3-flash",
     },
     "oracle": {
-      "model": "anthropic/claude-opus-4-5",
+      "model": "google/gemini-3-pro",
       "variant": "max",
     },
     "prometheus": {
@@ -1182,11 +1257,15 @@ exports[`generateModelConfig mixed provider scenarios uses Gemini + Claude combi
       "model": "google/gemini-3-pro",
       "variant": "max",
     },
+    "deep": {
+      "model": "anthropic/claude-opus-4-5",
+      "variant": "max",
+    },
     "quick": {
       "model": "anthropic/claude-haiku-4-5",
     },
     "ultrabrain": {
-      "model": "anthropic/claude-opus-4-5",
+      "model": "google/gemini-3-pro",
       "variant": "max",
     },
     "unspecified-high": {
@@ -1210,7 +1289,7 @@ exports[`generateModelConfig mixed provider scenarios uses all fallback provider
   "$schema": "https://raw.githubusercontent.com/code-yeongyu/oh-my-opencode/master/assets/oh-my-opencode.schema.json",
   "agents": {
     "atlas": {
-      "model": "github-copilot/claude-sonnet-4.5",
+      "model": "opencode/kimi-k2.5-free",
     },
     "explore": {
       "model": "opencode/claude-haiku-4-5",
@@ -1246,6 +1325,10 @@ exports[`generateModelConfig mixed provider scenarios uses all fallback provider
       "model": "github-copilot/gemini-3-pro",
       "variant": "max",
     },
+    "deep": {
+      "model": "github-copilot/gpt-5.2-codex",
+      "variant": "medium",
+    },
     "quick": {
       "model": "github-copilot/claude-haiku-4.5",
     },
@@ -1274,7 +1357,7 @@ exports[`generateModelConfig mixed provider scenarios uses all providers togethe
   "$schema": "https://raw.githubusercontent.com/code-yeongyu/oh-my-opencode/master/assets/oh-my-opencode.schema.json",
   "agents": {
     "atlas": {
-      "model": "anthropic/claude-sonnet-4-5",
+      "model": "opencode/kimi-k2.5-free",
     },
     "explore": {
       "model": "anthropic/claude-haiku-4-5",
@@ -1310,6 +1393,10 @@ exports[`generateModelConfig mixed provider scenarios uses all providers togethe
       "model": "google/gemini-3-pro",
       "variant": "max",
     },
+    "deep": {
+      "model": "openai/gpt-5.2-codex",
+      "variant": "medium",
+    },
     "quick": {
       "model": "anthropic/claude-haiku-4-5",
     },
@@ -1338,7 +1425,7 @@ exports[`generateModelConfig mixed provider scenarios uses all providers with is
   "$schema": "https://raw.githubusercontent.com/code-yeongyu/oh-my-opencode/master/assets/oh-my-opencode.schema.json",
   "agents": {
     "atlas": {
-      "model": "anthropic/claude-sonnet-4-5",
+      "model": "opencode/kimi-k2.5-free",
     },
     "explore": {
       "model": "anthropic/claude-haiku-4-5",
@@ -1375,6 +1462,10 @@ exports[`generateModelConfig mixed provider scenarios uses all providers with is
       "model": "google/gemini-3-pro",
       "variant": "max",
     },
+    "deep": {
+      "model": "openai/gpt-5.2-codex",
+      "variant": "medium",
+    },
     "quick": {
       "model": "anthropic/claude-haiku-4-5",
     },

src/cli/config-manager.test.ts

@@ -250,6 +250,7 @@ describe("generateOmoConfig - model fallback system", () => {
       hasCopilot: false,
       hasOpencodeZen: false,
       hasZaiCodingPlan: false,
+      hasKimiForCoding: false,
     }
 
     // #when generating config
@@ -271,6 +272,7 @@ describe("generateOmoConfig - model fallback system", () => {
       hasCopilot: false,
       hasOpencodeZen: false,
       hasZaiCodingPlan: false,
+      hasKimiForCoding: false,
     }
 
     // #when generating config
@@ -290,6 +292,7 @@ describe("generateOmoConfig - model fallback system", () => {
       hasCopilot: true,
       hasOpencodeZen: false,
       hasZaiCodingPlan: false,
+      hasKimiForCoding: false,
     }
 
     // #when generating config
@@ -309,6 +312,7 @@ describe("generateOmoConfig - model fallback system", () => {
       hasCopilot: false,
       hasOpencodeZen: false,
       hasZaiCodingPlan: false,
+      hasKimiForCoding: false,
     }
 
     // #when generating config
@@ -316,7 +320,7 @@ describe("generateOmoConfig - model fallback system", () => {
 
     // #then should use ultimate fallback for all agents
     expect(result.$schema).toBe("https://raw.githubusercontent.com/code-yeongyu/oh-my-opencode/master/assets/oh-my-opencode.schema.json")
-    expect((result.agents as Record<string, { model: string }>).sisyphus.model).toBe("opencode/big-pickle")
+    expect((result.agents as Record<string, { model: string }>).sisyphus.model).toBe("opencode/glm-4.7-free")
   })
 
   test("uses zai-coding-plan/glm-4.7 for librarian when Z.ai available", () => {
@@ -329,6 +333,7 @@ describe("generateOmoConfig - model fallback system", () => {
       hasCopilot: false,
       hasOpencodeZen: false,
       hasZaiCodingPlan: true,
+      hasKimiForCoding: false,
     }
 
     // #when generating config
@@ -350,6 +355,7 @@ describe("generateOmoConfig - model fallback system", () => {
       hasCopilot: false,
       hasOpencodeZen: false,
       hasZaiCodingPlan: false,
+      hasKimiForCoding: false,
     }
 
     // #when generating config
@@ -373,6 +379,7 @@ describe("generateOmoConfig - model fallback system", () => {
       hasCopilot: false,
       hasOpencodeZen: false,
       hasZaiCodingPlan: false,
+      hasKimiForCoding: false,
     }
 
     // #when generating config
@@ -392,6 +399,7 @@ describe("generateOmoConfig - model fallback system", () => {
       hasCopilot: false,
       hasOpencodeZen: false,
       hasZaiCodingPlan: false,
+      hasKimiForCoding: false,
     }
 
     // #when generating config

src/cli/config-manager.ts

@@ -598,27 +598,28 @@ export function addProviderConfig(config: InstallConfig): ConfigMergeResult {
   }
 }
 
-function detectProvidersFromOmoConfig(): { hasOpenAI: boolean; hasOpencodeZen: boolean; hasZaiCodingPlan: boolean } {
+function detectProvidersFromOmoConfig(): { hasOpenAI: boolean; hasOpencodeZen: boolean; hasZaiCodingPlan: boolean; hasKimiForCoding: boolean } {
   const omoConfigPath = getOmoConfig()
   if (!existsSync(omoConfigPath)) {
-    return { hasOpenAI: true, hasOpencodeZen: true, hasZaiCodingPlan: false }
+    return { hasOpenAI: true, hasOpencodeZen: true, hasZaiCodingPlan: false, hasKimiForCoding: false }
   }
 
   try {
     const content = readFileSync(omoConfigPath, "utf-8")
     const omoConfig = parseJsonc<Record<string, unknown>>(content)
     if (!omoConfig || typeof omoConfig !== "object") {
-      return { hasOpenAI: true, hasOpencodeZen: true, hasZaiCodingPlan: false }
+      return { hasOpenAI: true, hasOpencodeZen: true, hasZaiCodingPlan: false, hasKimiForCoding: false }
     }
 
     const configStr = JSON.stringify(omoConfig)
     const hasOpenAI = configStr.includes('"openai/')
     const hasOpencodeZen = configStr.includes('"opencode/')
     const hasZaiCodingPlan = configStr.includes('"zai-coding-plan/')
+    const hasKimiForCoding = configStr.includes('"kimi-for-coding/')
 
-    return { hasOpenAI, hasOpencodeZen, hasZaiCodingPlan }
+    return { hasOpenAI, hasOpencodeZen, hasZaiCodingPlan, hasKimiForCoding }
   } catch {
-    return { hasOpenAI: true, hasOpencodeZen: true, hasZaiCodingPlan: false }
+    return { hasOpenAI: true, hasOpencodeZen: true, hasZaiCodingPlan: false, hasKimiForCoding: false }
   }
 }
 
@@ -632,6 +633,7 @@ export function detectCurrentConfig(): DetectedConfig {
     hasCopilot: false,
     hasOpencodeZen: true,
     hasZaiCodingPlan: false,
+    hasKimiForCoding: false,
   }
 
   const { format, path } = detectConfigFormat()
@@ -655,10 +657,11 @@ export function detectCurrentConfig(): DetectedConfig {
   // Gemini auth plugin detection still works via plugin presence
   result.hasGemini = plugins.some((p) => p.startsWith("opencode-antigravity-auth"))
 
-  const { hasOpenAI, hasOpencodeZen, hasZaiCodingPlan } = detectProvidersFromOmoConfig()
+  const { hasOpenAI, hasOpencodeZen, hasZaiCodingPlan, hasKimiForCoding } = detectProvidersFromOmoConfig()
   result.hasOpenAI = hasOpenAI
   result.hasOpencodeZen = hasOpencodeZen
   result.hasZaiCodingPlan = hasZaiCodingPlan
+  result.hasKimiForCoding = hasKimiForCoding
 
   return result
 }

src/cli/doctor/checks/index.ts

@@ -8,6 +8,7 @@ import { getDependencyCheckDefinitions } from "./dependencies"
 import { getGhCliCheckDefinition } from "./gh"
 import { getLspCheckDefinition } from "./lsp"
 import { getMcpCheckDefinitions } from "./mcp"
+import { getMcpOAuthCheckDefinition } from "./mcp-oauth"
 import { getVersionCheckDefinition } from "./version"
 
 export * from "./opencode"
@@ -19,6 +20,7 @@ export * from "./dependencies"
 export * from "./gh"
 export * from "./lsp"
 export * from "./mcp"
+export * from "./mcp-oauth"
 export * from "./version"
 
 export function getAllCheckDefinitions(): CheckDefinition[] {
@@ -32,6 +34,7 @@ export function getAllCheckDefinitions(): CheckDefinition[] {
     getGhCliCheckDefinition(),
     getLspCheckDefinition(),
     ...getMcpCheckDefinitions(),
+    getMcpOAuthCheckDefinition(),
     getVersionCheckDefinition(),
   ]
 }

src/cli/doctor/checks/mcp-oauth.test.ts

@@ -0,0 +1,133 @@
+import { describe, it, expect, spyOn, afterEach } from "bun:test"
+import * as mcpOauth from "./mcp-oauth"
+
+describe("mcp-oauth check", () => {
+  describe("getMcpOAuthCheckDefinition", () => {
+    it("returns check definition with correct properties", () => {
+      // #given
+      // #when getting definition
+      const def = mcpOauth.getMcpOAuthCheckDefinition()
+
+      // #then should have correct structure
+      expect(def.id).toBe("mcp-oauth-tokens")
+      expect(def.name).toBe("MCP OAuth Tokens")
+      expect(def.category).toBe("tools")
+      expect(def.critical).toBe(false)
+      expect(typeof def.check).toBe("function")
+    })
+  })
+
+  describe("checkMcpOAuthTokens", () => {
+    let readStoreSpy: ReturnType<typeof spyOn>
+
+    afterEach(() => {
+      readStoreSpy?.mockRestore()
+    })
+
+    it("returns skip when no tokens stored", async () => {
+      // #given no OAuth tokens configured
+      readStoreSpy = spyOn(mcpOauth, "readTokenStore").mockReturnValue(null)
+
+      // #when checking OAuth tokens
+      const result = await mcpOauth.checkMcpOAuthTokens()
+
+      // #then should skip
+      expect(result.status).toBe("skip")
+      expect(result.message).toContain("No OAuth")
+    })
+
+    it("returns pass when all tokens valid", async () => {
+      // #given valid tokens with future expiry (expiresAt is in epoch seconds)
+      const futureTime = Math.floor(Date.now() / 1000) + 3600
+      readStoreSpy = spyOn(mcpOauth, "readTokenStore").mockReturnValue({
+        "example.com/resource1": {
+          accessToken: "token1",
+          expiresAt: futureTime,
+        },
+        "example.com/resource2": {
+          accessToken: "token2",
+          expiresAt: futureTime,
+        },
+      })
+
+      // #when checking OAuth tokens
+      const result = await mcpOauth.checkMcpOAuthTokens()
+
+      // #then should pass
+      expect(result.status).toBe("pass")
+      expect(result.message).toContain("2")
+      expect(result.message).toContain("valid")
+    })
+
+    it("returns warn when some tokens expired", async () => {
+      // #given mix of valid and expired tokens (expiresAt is in epoch seconds)
+      const futureTime = Math.floor(Date.now() / 1000) + 3600
+      const pastTime = Math.floor(Date.now() / 1000) - 3600
+      readStoreSpy = spyOn(mcpOauth, "readTokenStore").mockReturnValue({
+        "example.com/resource1": {
+          accessToken: "token1",
+          expiresAt: futureTime,
+        },
+        "example.com/resource2": {
+          accessToken: "token2",
+          expiresAt: pastTime,
+        },
+      })
+
+      // #when checking OAuth tokens
+      const result = await mcpOauth.checkMcpOAuthTokens()
+
+      // #then should warn
+      expect(result.status).toBe("warn")
+      expect(result.message).toContain("1")
+      expect(result.message).toContain("expired")
+      expect(result.details?.some((d: string) => d.includes("Expired"))).toBe(
+        true
+      )
+    })
+
+    it("returns pass when tokens have no expiry", async () => {
+      // #given tokens without expiry info
+      readStoreSpy = spyOn(mcpOauth, "readTokenStore").mockReturnValue({
+        "example.com/resource1": {
+          accessToken: "token1",
+        },
+      })
+
+      // #when checking OAuth tokens
+      const result = await mcpOauth.checkMcpOAuthTokens()
+
+      // #then should pass (no expiry = assume valid)
+      expect(result.status).toBe("pass")
+      expect(result.message).toContain("1")
+    })
+
+    it("includes token details in output", async () => {
+      // #given multiple tokens
+      const futureTime = Math.floor(Date.now() / 1000) + 3600
+      readStoreSpy = spyOn(mcpOauth, "readTokenStore").mockReturnValue({
+        "api.example.com/v1": {
+          accessToken: "token1",
+          expiresAt: futureTime,
+        },
+        "auth.example.com/oauth": {
+          accessToken: "token2",
+          expiresAt: futureTime,
+        },
+      })
+
+      // #when checking OAuth tokens
+      const result = await mcpOauth.checkMcpOAuthTokens()
+
+      // #then should list tokens in details
+      expect(result.details).toBeDefined()
+      expect(result.details?.length).toBeGreaterThan(0)
+      expect(
+        result.details?.some((d: string) => d.includes("api.example.com"))
+      ).toBe(true)
+      expect(
+        result.details?.some((d: string) => d.includes("auth.example.com"))
+      ).toBe(true)
+    })
+  })
+})

src/cli/doctor/checks/mcp-oauth.ts

@@ -0,0 +1,80 @@
+import type { CheckResult, CheckDefinition } from "../types"
+import { CHECK_IDS, CHECK_NAMES } from "../constants"
+import { getMcpOauthStoragePath } from "../../../features/mcp-oauth/storage"
+import { existsSync, readFileSync } from "node:fs"
+
+interface OAuthTokenData {
+  accessToken: string
+  refreshToken?: string
+  expiresAt?: number
+  clientInfo?: {
+    clientId: string
+    clientSecret?: string
+  }
+}
+
+type TokenStore = Record<string, OAuthTokenData>
+
+export function readTokenStore(): TokenStore | null {
+  const filePath = getMcpOauthStoragePath()
+  if (!existsSync(filePath)) {
+    return null
+  }
+
+  try {
+    const content = readFileSync(filePath, "utf-8")
+    return JSON.parse(content) as TokenStore
+  } catch {
+    return null
+  }
+}
+
+export async function checkMcpOAuthTokens(): Promise<CheckResult> {
+  const store = readTokenStore()
+
+  if (!store || Object.keys(store).length === 0) {
+    return {
+      name: CHECK_NAMES[CHECK_IDS.MCP_OAUTH_TOKENS],
+      status: "skip",
+      message: "No OAuth tokens configured",
+      details: ["Optional: Configure OAuth tokens for MCP servers"],
+    }
+  }
+
+  const now = Math.floor(Date.now() / 1000)
+  const tokens = Object.entries(store)
+  const expiredTokens = tokens.filter(
+    ([, token]) => token.expiresAt && token.expiresAt < now
+  )
+
+  if (expiredTokens.length > 0) {
+    return {
+      name: CHECK_NAMES[CHECK_IDS.MCP_OAUTH_TOKENS],
+      status: "warn",
+      message: `${expiredTokens.length} of ${tokens.length} token(s) expired`,
+      details: [
+        ...tokens
+          .filter(([, token]) => !token.expiresAt || token.expiresAt >= now)
+          .map(([key]) => `Valid: ${key}`),
+        ...expiredTokens.map(([key]) => `Expired: ${key}`),
+      ],
+    }
+  }
+
+  return {
+    name: CHECK_NAMES[CHECK_IDS.MCP_OAUTH_TOKENS],
+    status: "pass",
+    message: `${tokens.length} OAuth token(s) valid`,
+    details: tokens.map(([key]) => `Configured: ${key}`),
+  }
+}
+
+export function getMcpOAuthCheckDefinition(): CheckDefinition {
+  return {
+    id: CHECK_IDS.MCP_OAUTH_TOKENS,
+    name: CHECK_NAMES[CHECK_IDS.MCP_OAUTH_TOKENS],
+    category: "tools",
+    check: checkMcpOAuthTokens,
+    critical: false,
+  }
+}

src/cli/doctor/constants.ts

@@ -32,6 +32,7 @@ export const CHECK_IDS = {
   LSP_SERVERS: "lsp-servers",
   MCP_BUILTIN: "mcp-builtin",
   MCP_USER: "mcp-user",
+  MCP_OAUTH_TOKENS: "mcp-oauth-tokens",
   VERSION_STATUS: "version-status",
 } as const
 
@@ -50,6 +51,7 @@ export const CHECK_NAMES: Record<string, string> = {
   [CHECK_IDS.LSP_SERVERS]: "LSP Servers",
   [CHECK_IDS.MCP_BUILTIN]: "Built-in MCP Servers",
   [CHECK_IDS.MCP_USER]: "User MCP Configuration",
+  [CHECK_IDS.MCP_OAUTH_TOKENS]: "MCP OAuth Tokens",
   [CHECK_IDS.VERSION_STATUS]: "Version Status",
 } as const
 

src/cli/index.ts

@@ -4,6 +4,7 @@ import { install } from "./install"
 import { run } from "./run"
 import { getLocalVersion } from "./get-local-version"
 import { doctor } from "./doctor"
+import { createMcpOAuthCommand } from "./mcp-oauth"
 import type { InstallArgs } from "./types"
 import type { RunOptions } from "./run"
 import type { GetLocalVersionOptions } from "./get-local-version/types"
@@ -29,6 +30,7 @@ program
   .option("--copilot <value>", "GitHub Copilot subscription: no, yes")
   .option("--opencode-zen <value>", "OpenCode Zen access: no, yes (default: no)")
   .option("--zai-coding-plan <value>", "Z.ai Coding Plan subscription: no, yes (default: no)")
+  .option("--kimi-for-coding <value>", "Kimi For Coding subscription: no, yes (default: no)")
   .option("--skip-auth", "Skip authentication setup hints")
   .addHelpText("after", `
 Examples:
@@ -36,13 +38,14 @@ Examples:
   $ bunx oh-my-opencode install --no-tui --claude=max20 --openai=yes --gemini=yes --copilot=no
   $ bunx oh-my-opencode install --no-tui --claude=no --gemini=no --copilot=yes --opencode-zen=yes
 
-Model Providers (Priority: Native > Copilot > OpenCode Zen > Z.ai):
+Model Providers (Priority: Native > Copilot > OpenCode Zen > Z.ai > Kimi):
   Claude        Native anthropic/ models (Opus, Sonnet, Haiku)
   OpenAI        Native openai/ models (GPT-5.2 for Oracle)
   Gemini        Native google/ models (Gemini 3 Pro, Flash)
   Copilot       github-copilot/ models (fallback)
   OpenCode Zen  opencode/ models (opencode/claude-opus-4-5, etc.)
   Z.ai          zai-coding-plan/glm-4.7 (Librarian priority)
+  Kimi          kimi-for-coding/k2p5 (Sisyphus/Prometheus fallback)
 `)
   .action(async (options) => {
     const args: InstallArgs = {
@@ -53,6 +56,7 @@ Model Providers (Priority: Native > Copilot > OpenCode Zen > Z.ai):
       copilot: options.copilot,
       opencodeZen: options.opencodeZen,
       zaiCodingPlan: options.zaiCodingPlan,
+      kimiForCoding: options.kimiForCoding,
       skipAuth: options.skipAuth ?? false,
     }
     const exitCode = await install(args)
@@ -150,4 +154,6 @@ program
     console.log(`oh-my-opencode v${VERSION}`)
   })
 
+program.addCommand(createMcpOAuthCommand())
+
 program.parse()

src/cli/install.ts

@@ -45,6 +45,7 @@ function formatConfigSummary(config: InstallConfig): string {
   lines.push(formatProvider("GitHub Copilot", config.hasCopilot, "fallback"))
   lines.push(formatProvider("OpenCode Zen", config.hasOpencodeZen, "opencode/ models"))
   lines.push(formatProvider("Z.ai Coding Plan", config.hasZaiCodingPlan, "Librarian/Multimodal"))
+  lines.push(formatProvider("Kimi For Coding", config.hasKimiForCoding, "Sisyphus/Prometheus fallback"))
 
   lines.push("")
   lines.push(color.dim("─".repeat(40)))
@@ -141,6 +142,10 @@ function validateNonTuiArgs(args: InstallArgs): { valid: boolean; errors: string
     errors.push(`Invalid --zai-coding-plan value: ${args.zaiCodingPlan} (expected: no, yes)`)
   }
 
+  if (args.kimiForCoding !== undefined && !["no", "yes"].includes(args.kimiForCoding)) {
+    errors.push(`Invalid --kimi-for-coding value: ${args.kimiForCoding} (expected: no, yes)`)
+  }
+
   return { valid: errors.length === 0, errors }
 }
 
@@ -153,10 +158,11 @@ function argsToConfig(args: InstallArgs): InstallConfig {
     hasCopilot: args.copilot === "yes",
     hasOpencodeZen: args.opencodeZen === "yes",
     hasZaiCodingPlan: args.zaiCodingPlan === "yes",
+    hasKimiForCoding: args.kimiForCoding === "yes",
   }
 }
 
-function detectedToInitialValues(detected: DetectedConfig): { claude: ClaudeSubscription; openai: BooleanArg; gemini: BooleanArg; copilot: BooleanArg; opencodeZen: BooleanArg; zaiCodingPlan: BooleanArg } {
+function detectedToInitialValues(detected: DetectedConfig): { claude: ClaudeSubscription; openai: BooleanArg; gemini: BooleanArg; copilot: BooleanArg; opencodeZen: BooleanArg; zaiCodingPlan: BooleanArg; kimiForCoding: BooleanArg } {
   let claude: ClaudeSubscription = "no"
   if (detected.hasClaude) {
     claude = detected.isMax20 ? "max20" : "yes"
@@ -169,6 +175,7 @@ function detectedToInitialValues(detected: DetectedConfig): { claude: ClaudeSubs
     copilot: detected.hasCopilot ? "yes" : "no",
     opencodeZen: detected.hasOpencodeZen ? "yes" : "no",
     zaiCodingPlan: detected.hasZaiCodingPlan ? "yes" : "no",
+    kimiForCoding: detected.hasKimiForCoding ? "yes" : "no",
   }
 }
 
@@ -178,7 +185,7 @@ async function runTuiMode(detected: DetectedConfig): Promise<InstallConfig | nul
   const claude = await p.select({
     message: "Do you have a Claude Pro/Max subscription?",
     options: [
-      { value: "no" as const, label: "No", hint: "Will use opencode/big-pickle as fallback" },
+      { value: "no" as const, label: "No", hint: "Will use opencode/glm-4.7-free as fallback" },
       { value: "yes" as const, label: "Yes (standard)", hint: "Claude Opus 4.5 for orchestration" },
       { value: "max20" as const, label: "Yes (max20 mode)", hint: "Full power with Claude Sonnet 4.5 for Librarian" },
     ],
@@ -260,6 +267,20 @@ async function runTuiMode(detected: DetectedConfig): Promise<InstallConfig | nul
     return null
   }
 
+  const kimiForCoding = await p.select({
+    message: "Do you have a Kimi For Coding subscription?",
+    options: [
+      { value: "no" as const, label: "No", hint: "Will use other configured providers" },
+      { value: "yes" as const, label: "Yes", hint: "Kimi K2.5 for Sisyphus/Prometheus fallback" },
+    ],
+    initialValue: initial.kimiForCoding,
+  })
+
+  if (p.isCancel(kimiForCoding)) {
+    p.cancel("Installation cancelled.")
+    return null
+  }
+
   return {
     hasClaude: claude !== "no",
     isMax20: claude === "max20",
@@ -268,6 +289,7 @@ async function runTuiMode(detected: DetectedConfig): Promise<InstallConfig | nul
     hasCopilot: copilot === "yes",
     hasOpencodeZen: opencodeZen === "yes",
     hasZaiCodingPlan: zaiCodingPlan === "yes",
+    hasKimiForCoding: kimiForCoding === "yes",
   }
 }
 
@@ -363,7 +385,7 @@ async function runNonTuiInstall(args: InstallArgs): Promise<number> {
   }
 
   if (!config.hasClaude && !config.hasOpenAI && !config.hasGemini && !config.hasCopilot && !config.hasOpencodeZen) {
-    printWarning("No model providers configured. Using opencode/big-pickle as fallback.")
+    printWarning("No model providers configured. Using opencode/glm-4.7-free as fallback.")
   }
 
   console.log(`${SYMBOLS.star} ${color.bold(color.green(isUpdate ? "Configuration updated!" : "Installation complete!"))}`)
@@ -378,7 +400,7 @@ async function runNonTuiInstall(args: InstallArgs): Promise<number> {
   )
 
   console.log(`${SYMBOLS.star} ${color.yellow("If you found this helpful, consider starring the repo!")}`)
-  console.log(`  ${color.dim("gh repo star code-yeongyu/oh-my-opencode")}`)
+  console.log(`  ${color.dim("gh api --silent --method PUT /user/starred/code-yeongyu/oh-my-opencode >/dev/null 2>&1 || true")}`)
   console.log()
   console.log(color.dim("oMoMoMoMo... Enjoy!"))
   console.log()
@@ -480,7 +502,7 @@ export async function install(args: InstallArgs): Promise<number> {
   }
 
   if (!config.hasClaude && !config.hasOpenAI && !config.hasGemini && !config.hasCopilot && !config.hasOpencodeZen) {
-    p.log.warn("No model providers configured. Using opencode/big-pickle as fallback.")
+    p.log.warn("No model providers configured. Using opencode/glm-4.7-free as fallback.")
   }
 
   p.note(formatConfigSummary(config), isUpdate ? "Updated Configuration" : "Installation Complete")
@@ -496,7 +518,7 @@ export async function install(args: InstallArgs): Promise<number> {
   )
 
   p.log.message(`${color.yellow("★")} If you found this helpful, consider starring the repo!`)
-  p.log.message(`  ${color.dim("gh repo star code-yeongyu/oh-my-opencode")}`)
+  p.log.message(`  ${color.dim("gh api --silent --method PUT /user/starred/code-yeongyu/oh-my-opencode >/dev/null 2>&1 || true")}`)
 
   p.outro(color.green("oMoMoMoMo... Enjoy!"))
 

src/cli/mcp-oauth/index.test.ts

@@ -0,0 +1,123 @@
+import { describe, it, expect } from "bun:test"
+import { Command } from "commander"
+import { createMcpOAuthCommand } from "./index"
+
+describe("mcp oauth command", () => {
+
+  describe("command structure", () => {
+    it("creates mcp command group with oauth subcommand", () => {
+      // given
+      const mcpCommand = createMcpOAuthCommand()
+
+      // when
+      const subcommands = mcpCommand.commands.map((cmd: Command) => cmd.name())
+
+      // then
+      expect(subcommands).toContain("oauth")
+    })
+
+    it("oauth subcommand has login, logout, and status subcommands", () => {
+      // given
+      const mcpCommand = createMcpOAuthCommand()
+      const oauthCommand = mcpCommand.commands.find((cmd: Command) => cmd.name() === "oauth")
+
+      // when
+      const subcommands = oauthCommand?.commands.map((cmd: Command) => cmd.name()) ?? []
+
+      // then
+      expect(subcommands).toContain("login")
+      expect(subcommands).toContain("logout")
+      expect(subcommands).toContain("status")
+    })
+  })
+
+  describe("login subcommand", () => {
+    it("exists and has description", () => {
+      // given
+      const mcpCommand = createMcpOAuthCommand()
+      const oauthCommand = mcpCommand.commands.find((cmd: Command) => cmd.name() === "oauth")
+      const loginCommand = oauthCommand?.commands.find((cmd: Command) => cmd.name() === "login")
+
+      // when
+      const description = loginCommand?.description() ?? ""
+
+      // then
+      expect(loginCommand).toBeDefined()
+      expect(description).toContain("OAuth")
+    })
+
+    it("accepts --server-url option", () => {
+      // given
+      const mcpCommand = createMcpOAuthCommand()
+      const oauthCommand = mcpCommand.commands.find((cmd: Command) => cmd.name() === "oauth")
+      const loginCommand = oauthCommand?.commands.find((cmd: Command) => cmd.name() === "login")
+
+      // when
+      const options = loginCommand?.options ?? []
+      const serverUrlOption = options.find((opt: { long?: string }) => opt.long === "--server-url")
+
+      // then
+      expect(serverUrlOption).toBeDefined()
+    })
+
+    it("accepts --client-id option", () => {
+      // given
+      const mcpCommand = createMcpOAuthCommand()
+      const oauthCommand = mcpCommand.commands.find((cmd: Command) => cmd.name() === "oauth")
+      const loginCommand = oauthCommand?.commands.find((cmd: Command) => cmd.name() === "login")
+
+      // when
+      const options = loginCommand?.options ?? []
+      const clientIdOption = options.find((opt: { long?: string }) => opt.long === "--client-id")
+
+      // then
+      expect(clientIdOption).toBeDefined()
+    })
+
+    it("accepts --scopes option", () => {
+      // given
+      const mcpCommand = createMcpOAuthCommand()
+      const oauthCommand = mcpCommand.commands.find((cmd: Command) => cmd.name() === "oauth")
+      const loginCommand = oauthCommand?.commands.find((cmd: Command) => cmd.name() === "login")
+
+      // when
+      const options = loginCommand?.options ?? []
+      const scopesOption = options.find((opt: { long?: string }) => opt.long === "--scopes")
+
+      // then
+      expect(scopesOption).toBeDefined()
+    })
+  })
+
+  describe("logout subcommand", () => {
+    it("exists and has description", () => {
+      // given
+      const mcpCommand = createMcpOAuthCommand()
+      const oauthCommand = mcpCommand.commands.find((cmd: Command) => cmd.name() === "oauth")
+      const logoutCommand = oauthCommand?.commands.find((cmd: Command) => cmd.name() === "logout")
+
+      // when
+      const description = logoutCommand?.description() ?? ""
+
+      // then
+      expect(logoutCommand).toBeDefined()
+      expect(description).toContain("tokens")
+    })
+  })
+
+  describe("status subcommand", () => {
+    it("exists and has description", () => {
+      // given
+      const mcpCommand = createMcpOAuthCommand()
+      const oauthCommand = mcpCommand.commands.find((cmd: Command) => cmd.name() === "oauth")
+      const statusCommand = oauthCommand?.commands.find((cmd: Command) => cmd.name() === "status")
+
+      // when
+      const description = statusCommand?.description() ?? ""
+
+      // then
+      expect(statusCommand).toBeDefined()
+      expect(description).toContain("status")
+    })
+  })
+})

src/cli/mcp-oauth/index.ts

@@ -0,0 +1,43 @@
+import { Command } from "commander"
+import { login } from "./login"
+import { logout } from "./logout"
+import { status } from "./status"
+
+export function createMcpOAuthCommand(): Command {
+  const mcp = new Command("mcp").description("MCP server management")
+
+  const oauth = new Command("oauth").description("OAuth token management for MCP servers")
+
+  oauth
+    .command("login <server-name>")
+    .description("Authenticate with an MCP server using OAuth")
+    .option("--server-url <url>", "OAuth server URL (required if not in config)")
+    .option("--client-id <id>", "OAuth client ID (optional, uses DCR if not provided)")
+    .option("--scopes <scopes...>", "OAuth scopes to request")
+    .action(async (serverName: string, options) => {
+      const exitCode = await login(serverName, options)
+      process.exit(exitCode)
+    })
+
+  oauth
+    .command("logout <server-name>")
+    .description("Remove stored OAuth tokens for an MCP server")
+    .option("--server-url <url>", "OAuth server URL (use if server name differs from URL)")
+    .action(async (serverName: string, options) => {
+      const exitCode = await logout(serverName, options)
+      process.exit(exitCode)
+    })
+
+  oauth
+    .command("status [server-name]")
+    .description("Show OAuth token status for MCP servers")
+    .action(async (serverName: string | undefined) => {
+      const exitCode = await status(serverName)
+      process.exit(exitCode)
+    })
+
+  mcp.addCommand(oauth)
+  return mcp
+}
+
+export { login, logout, status }

src/cli/mcp-oauth/login.test.ts

@@ -0,0 +1,80 @@
+import { describe, it, expect, beforeEach, afterEach, mock } from "bun:test"
+
+const mockLogin = mock(() => Promise.resolve({ accessToken: "test-token", expiresAt: 1710000000 }))
+
+mock.module("../../features/mcp-oauth/provider", () => ({
+  McpOAuthProvider: class MockMcpOAuthProvider {
+    constructor(public options: { serverUrl: string; clientId?: string; scopes?: string[] }) {}
+    async login() {
+      return mockLogin()
+    }
+  },
+}))
+
+const { login } = await import("./login")
+
+describe("login command", () => {
+  beforeEach(() => {
+    mockLogin.mockClear()
+  })
+
+  afterEach(() => {
+    // cleanup
+  })
+
+  it("returns error code when server-url is not provided", async () => {
+    // given
+    const serverName = "test-server"
+    const options = {}
+
+    // when
+    const exitCode = await login(serverName, options)
+
+    // then
+    expect(exitCode).toBe(1)
+  })
+
+  it("returns success code when login succeeds", async () => {
+    // given
+    const serverName = "test-server"
+    const options = {
+      serverUrl: "https://oauth.example.com",
+    }
+
+    // when
+    const exitCode = await login(serverName, options)
+
+    // then
+    expect(exitCode).toBe(0)
+    expect(mockLogin).toHaveBeenCalledTimes(1)
+  })
+
+  it("returns error code when login throws", async () => {
+    // given
+    const serverName = "test-server"
+    const options = {
+      serverUrl: "https://oauth.example.com",
+    }
+    mockLogin.mockRejectedValueOnce(new Error("Network error"))
+
+    // when
+    const exitCode = await login(serverName, options)
+
+    // then
+    expect(exitCode).toBe(1)
+  })
+
+  it("returns error code when server-url is missing", async () => {
+    // given
+    const serverName = "test-server"
+    const options = {
+      clientId: "test-client-id",
+    }
+
+    // when
+    const exitCode = await login(serverName, options)
+
+    // then
+    expect(exitCode).toBe(1)
+  })
+})

src/cli/mcp-oauth/login.ts

@@ -0,0 +1,38 @@
+import { McpOAuthProvider } from "../../features/mcp-oauth/provider"
+
+export interface LoginOptions {
+  serverUrl?: string
+  clientId?: string
+  scopes?: string[]
+}
+
+export async function login(serverName: string, options: LoginOptions): Promise<number> {
+  try {
+    const serverUrl = options.serverUrl
+    if (!serverUrl) {
+      console.error(`Error: --server-url is required for server "${serverName}"`)
+      return 1
+    }
+
+    const provider = new McpOAuthProvider({
+      serverUrl,
+      clientId: options.clientId,
+      scopes: options.scopes,
+    })
+
+    console.log(`Authenticating with ${serverName}...`)
+    const tokenData = await provider.login()
+
+    console.log(`✓ Successfully authenticated with ${serverName}`)
+    if (tokenData.expiresAt) {
+      const expiryDate = new Date(tokenData.expiresAt * 1000)
+      console.log(`  Token expires at: ${expiryDate.toISOString()}`)
+    }
+
+    return 0
+  } catch (error) {
+    const message = error instanceof Error ? error.message : String(error)
+    console.error(`Error: Failed to authenticate with ${serverName}: ${message}`)
+    return 1
+  }
+}

src/cli/mcp-oauth/logout.test.ts

@@ -0,0 +1,65 @@
+import { describe, it, expect, beforeEach, afterEach, mock } from "bun:test"
+import { existsSync, mkdirSync, rmSync } from "node:fs"
+import { join } from "node:path"
+import { tmpdir } from "node:os"
+import { saveToken } from "../../features/mcp-oauth/storage"
+
+const { logout } = await import("./logout")
+
+describe("logout command", () => {
+  const TEST_CONFIG_DIR = join(tmpdir(), "mcp-oauth-logout-test-" + Date.now())
+  let originalConfigDir: string | undefined
+
+  beforeEach(() => {
+    originalConfigDir = process.env.OPENCODE_CONFIG_DIR
+    process.env.OPENCODE_CONFIG_DIR = TEST_CONFIG_DIR
+    if (!existsSync(TEST_CONFIG_DIR)) {
+      mkdirSync(TEST_CONFIG_DIR, { recursive: true })
+    }
+  })
+
+  afterEach(() => {
+    if (originalConfigDir === undefined) {
+      delete process.env.OPENCODE_CONFIG_DIR
+    } else {
+      process.env.OPENCODE_CONFIG_DIR = originalConfigDir
+    }
+    if (existsSync(TEST_CONFIG_DIR)) {
+      rmSync(TEST_CONFIG_DIR, { recursive: true, force: true })
+    }
+  })
+
+  it("returns success code when logout succeeds", async () => {
+    // given
+    const serverUrl = "https://test-server.example.com"
+    saveToken(serverUrl, serverUrl, { accessToken: "test-token" })
+
+    // when
+    const exitCode = await logout("test-server", { serverUrl })
+
+    // then
+    expect(exitCode).toBe(0)
+  })
+
+  it("handles non-existent server gracefully", async () => {
+    // given
+    const serverName = "non-existent-server"
+
+    // when
+    const exitCode = await logout(serverName, { serverUrl: "https://nonexistent.example.com" })
+
+    // then
+    expect(exitCode).toBe(0)
+  })
+
+  it("returns error when --server-url is not provided", async () => {
+    // given
+    const serverName = "test-server"
+
+    // when
+    const exitCode = await logout(serverName)
+
+    // then
+    expect(exitCode).toBe(1)
+  })
+})

src/cli/mcp-oauth/logout.ts

@@ -0,0 +1,30 @@
+import { deleteToken } from "../../features/mcp-oauth/storage"
+
+export interface LogoutOptions {
+  serverUrl?: string
+}
+
+export async function logout(serverName: string, options?: LogoutOptions): Promise<number> {
+  try {
+    const serverUrl = options?.serverUrl
+    if (!serverUrl) {
+      console.error(`Error: --server-url is required for logout. Token storage uses server URLs, not names.`)
+      console.error(`  Usage: mcp oauth logout ${serverName} --server-url https://your-server.example.com`)
+      return 1
+    }
+
+    const success = deleteToken(serverUrl, serverUrl)
+
+    if (success) {
+      console.log(`✓ Successfully removed tokens for ${serverName}`)
+      return 0
+    }
+
+    console.error(`Error: Failed to remove tokens for ${serverName}`)
+    return 1
+  } catch (error) {
+    const message = error instanceof Error ? error.message : String(error)
+    console.error(`Error: Failed to remove tokens for ${serverName}: ${message}`)
+    return 1
+  }
+}

src/cli/mcp-oauth/status.test.ts

@@ -0,0 +1,48 @@
+import { describe, it, expect, beforeEach, afterEach } from "bun:test"
+import { status } from "./status"
+
+describe("status command", () => {
+  beforeEach(() => {
+    // setup
+  })
+
+  afterEach(() => {
+    // cleanup
+  })
+
+  it("returns success code when checking status for specific server", async () => {
+    // given
+    const serverName = "test-server"
+
+    // when
+    const exitCode = await status(serverName)
+
+    // then
+    expect(typeof exitCode).toBe("number")
+    expect(exitCode).toBe(0)
+  })
+
+  it("returns success code when checking status for all servers", async () => {
+    // given
+    const serverName = undefined
+
+    // when
+    const exitCode = await status(serverName)
+
+    // then
+    expect(typeof exitCode).toBe("number")
+    expect(exitCode).toBe(0)
+  })
+
+  it("handles non-existent server gracefully", async () => {
+    // given
+    const serverName = "non-existent-server"
+
+    // when
+    const exitCode = await status(serverName)
+
+    // then
+    expect(typeof exitCode).toBe("number")
+    expect(exitCode).toBe(0)
+  })
+})

src/cli/mcp-oauth/status.ts

@@ -0,0 +1,50 @@
+import { listAllTokens, listTokensByHost } from "../../features/mcp-oauth/storage"
+
+export async function status(serverName: string | undefined): Promise<number> {
+  try {
+    if (serverName) {
+      const tokens = listTokensByHost(serverName)
+
+      if (Object.keys(tokens).length === 0) {
+        console.log(`No tokens found for ${serverName}`)
+        return 0
+      }
+
+      console.log(`OAuth Status for ${serverName}:`)
+      for (const [key, token] of Object.entries(tokens)) {
+        console.log(`  ${key}:`)
+        console.log(`    Access Token: [REDACTED]`)
+        if (token.refreshToken) {
+          console.log(`    Refresh Token: [REDACTED]`)
+        }
+        if (token.expiresAt) {
+          const expiryDate = new Date(token.expiresAt * 1000)
+          const now = Date.now() / 1000
+          const isExpired = token.expiresAt < now
+          const tokenStatus = isExpired ? "EXPIRED" : "VALID"
+          console.log(`    Expiry: ${expiryDate.toISOString()} (${tokenStatus})`)
+        }
+      }
+      return 0
+    }
+
+    const tokens = listAllTokens()
+    if (Object.keys(tokens).length === 0) {
+      console.log("No OAuth tokens stored")
+      return 0
+    }
+
+    console.log("Stored OAuth Tokens:")
+    for (const [key, token] of Object.entries(tokens)) {
+      const isExpired = token.expiresAt && token.expiresAt < Date.now() / 1000
+      const tokenStatus = isExpired ? "EXPIRED" : "VALID"
+      console.log(`  ${key}: ${tokenStatus}`)
+    }
+
+    return 0
+  } catch (error) {
+    const message = error instanceof Error ? error.message : String(error)
+    console.error(`Error: Failed to get token status: ${message}`)
+    return 1
+  }
+}

src/cli/model-fallback.test.ts

@@ -12,6 +12,7 @@ function createConfig(overrides: Partial<InstallConfig> = {}): InstallConfig {
     hasCopilot: false,
     hasOpencodeZen: false,
     hasZaiCodingPlan: false,
+    hasKimiForCoding: false,
     ...overrides,
   }
 }

src/cli/model-fallback.ts

@@ -14,6 +14,7 @@ interface ProviderAvailability {
   opencodeZen: boolean
   copilot: boolean
   zai: boolean
+  kimiForCoding: boolean
   isMaxPlan: boolean
 }
 
@@ -36,7 +37,7 @@ export interface GeneratedOmoConfig {
 
 const ZAI_MODEL = "zai-coding-plan/glm-4.7"
 
-const ULTIMATE_FALLBACK = "opencode/big-pickle"
+const ULTIMATE_FALLBACK = "opencode/glm-4.7-free"
 const SCHEMA_URL = "https://raw.githubusercontent.com/code-yeongyu/oh-my-opencode/master/assets/oh-my-opencode.schema.json"
 
 function toProviderAvailability(config: InstallConfig): ProviderAvailability {
@@ -49,6 +50,7 @@ function toProviderAvailability(config: InstallConfig): ProviderAvailability {
     opencodeZen: config.hasOpencodeZen,
     copilot: config.hasCopilot,
     zai: config.hasZaiCodingPlan,
+    kimiForCoding: config.hasKimiForCoding,
     isMaxPlan: config.isMax20,
   }
 }
@@ -61,6 +63,7 @@ function isProviderAvailable(provider: string, avail: ProviderAvailability): boo
     "github-copilot": avail.copilot,
     opencode: avail.opencodeZen,
     "zai-coding-plan": avail.zai,
+    "kimi-for-coding": avail.kimiForCoding,
   }
   return mapping[provider] ?? false
 }
@@ -102,6 +105,8 @@ function getSisyphusFallbackChain(isMaxPlan: boolean): FallbackEntry[] {
   // For non-max plan, use sonnet instead of opus
   return [
     { providers: ["anthropic", "github-copilot", "opencode"], model: "claude-sonnet-4-5" },
+    { providers: ["kimi-for-coding"], model: "k2p5" },
+    { providers: ["opencode"], model: "kimi-k2.5-free" },
     { providers: ["openai", "github-copilot", "opencode"], model: "gpt-5.2", variant: "high" },
     { providers: ["google", "github-copilot", "opencode"], model: "gemini-3-pro" },
   ]
@@ -115,7 +120,8 @@ export function generateModelConfig(config: InstallConfig): GeneratedOmoConfig {
     avail.native.gemini ||
     avail.opencodeZen ||
     avail.copilot ||
-    avail.zai
+    avail.zai ||
+    avail.kimiForCoding
 
   if (!hasAnyProvider) {
     return {

src/cli/run/events.test.ts

@@ -82,6 +82,7 @@ describe("createEventState", () => {
     expect(state.lastOutput).toBe("")
     expect(state.lastPartText).toBe("")
     expect(state.currentTool).toBe(null)
+    expect(state.hasReceivedMeaningfulWork).toBe(false)
   })
 })
 
@@ -126,6 +127,119 @@ describe("event handling", () => {
     expect(state.mainSessionIdle).toBe(false)
   })
 
+  it("hasReceivedMeaningfulWork is false initially after session.idle", async () => {
+    // #given - session goes idle without any assistant output (race condition scenario)
+    const ctx = createMockContext("my-session")
+    const state = createEventState()
+
+    const payload: EventPayload = {
+      type: "session.idle",
+      properties: { sessionID: "my-session" },
+    }
+
+    const events = toAsyncIterable([payload])
+    const { processEvents } = await import("./events")
+
+    // #when
+    await processEvents(ctx, events, state)
+
+    // #then - idle but no meaningful work yet
+    expect(state.mainSessionIdle).toBe(true)
+    expect(state.hasReceivedMeaningfulWork).toBe(false)
+  })
+
+  it("message.updated with assistant role sets hasReceivedMeaningfulWork", async () => {
+    // #given
+    const ctx = createMockContext("my-session")
+    const state = createEventState()
+
+    const payload: EventPayload = {
+      type: "message.updated",
+      properties: {
+        info: { sessionID: "my-session", role: "assistant" },
+      },
+    }
+
+    const events = toAsyncIterable([payload])
+    const { processEvents } = await import("./events")
+
+    // #when
+    await processEvents(ctx, events, state)
+
+    // #then
+    expect(state.hasReceivedMeaningfulWork).toBe(true)
+  })
+
+  it("message.updated with user role does not set hasReceivedMeaningfulWork", async () => {
+    // #given - user message should not count as meaningful work
+    const ctx = createMockContext("my-session")
+    const state = createEventState()
+
+    const payload: EventPayload = {
+      type: "message.updated",
+      properties: {
+        info: { sessionID: "my-session", role: "user" },
+      },
+    }
+
+    const events = toAsyncIterable([payload])
+    const { processEvents } = await import("./events")
+
+    // #when
+    await processEvents(ctx, events, state)
+
+    // #then - user role should not count as meaningful work
+    expect(state.hasReceivedMeaningfulWork).toBe(false)
+  })
+
+  it("tool.execute sets hasReceivedMeaningfulWork", async () => {
+    // #given
+    const ctx = createMockContext("my-session")
+    const state = createEventState()
+
+    const payload: EventPayload = {
+      type: "tool.execute",
+      properties: {
+        sessionID: "my-session",
+        name: "read_file",
+        input: { filePath: "/src/index.ts" },
+      },
+    }
+
+    const events = toAsyncIterable([payload])
+    const { processEvents } = await import("./events")
+
+    // #when
+    await processEvents(ctx, events, state)
+
+    // #then
+    expect(state.hasReceivedMeaningfulWork).toBe(true)
+  })
+
+  it("tool.execute from different session does not set hasReceivedMeaningfulWork", async () => {
+    // #given
+    const ctx = createMockContext("my-session")
+    const state = createEventState()
+
+    const payload: EventPayload = {
+      type: "tool.execute",
+      properties: {
+        sessionID: "other-session",
+        name: "read_file",
+        input: { filePath: "/src/index.ts" },
+      },
+    }
+
+    const events = toAsyncIterable([payload])
+    const { processEvents } = await import("./events")
+
+    // #when
+    await processEvents(ctx, events, state)
+
+    // #then - different session's tool call shouldn't count
+    expect(state.hasReceivedMeaningfulWork).toBe(false)
+  })
+
   it("session.status with busy type sets mainSessionIdle to false", async () => {
     // #given
     const ctx = createMockContext("my-session")
@@ -136,6 +250,7 @@ describe("event handling", () => {
       lastOutput: "",
       lastPartText: "",
       currentTool: null,
+      hasReceivedMeaningfulWork: false,
     }
 
     const payload: EventPayload = {

src/cli/run/events.ts

@@ -63,6 +63,8 @@ export interface EventState {
   lastOutput: string
   lastPartText: string
   currentTool: string | null
+  /** Set to true when the main session has produced meaningful work (text, tool call, or tool result) */
+  hasReceivedMeaningfulWork: boolean
 }
 
 export function createEventState(): EventState {
@@ -73,6 +75,7 @@ export function createEventState(): EventState {
     lastOutput: "",
     lastPartText: "",
     currentTool: null,
+    hasReceivedMeaningfulWork: false,
   }
 }
 
@@ -113,7 +116,9 @@ function logEventVerbose(ctx: RunContext, payload: EventPayload): void {
   const isMainSession = sessionID === ctx.sessionID
   const sessionTag = isMainSession
     ? pc.green("[MAIN]")
-    : pc.yellow(`[${String(sessionID).slice(0, 8)}]`)
+    : sessionID
+      ? pc.yellow(`[${String(sessionID).slice(0, 8)}]`)
+      : pc.dim("[system]")
 
   switch (payload.type) {
     case "session.idle":
@@ -124,8 +129,6 @@ function logEventVerbose(ctx: RunContext, payload: EventPayload): void {
     }
 
     case "message.part.updated": {
-      // Skip verbose logging for partial message updates
-      // Only log tool invocation state changes, not text streaming
       const partProps = props as MessagePartUpdatedProps | undefined
       const part = partProps?.part
       if (part?.type === "tool-invocation") {
@@ -133,6 +136,11 @@ function logEventVerbose(ctx: RunContext, payload: EventPayload): void {
         console.error(
           pc.dim(`${sessionTag} message.part (tool): ${toolPart.toolName} [${toolPart.state}]`)
         )
+      } else if (part?.type === "text" && part.text) {
+        const preview = part.text.slice(0, 80).replace(/\n/g, "\\n")
+        console.error(
+          pc.dim(`${sessionTag} message.part (text): "${preview}${part.text.length > 80 ? "..." : ""}"`)
+        )
       }
       break
     }
@@ -140,11 +148,10 @@ function logEventVerbose(ctx: RunContext, payload: EventPayload): void {
     case "message.updated": {
       const msgProps = props as MessageUpdatedProps | undefined
       const role = msgProps?.info?.role ?? "unknown"
-      const content = msgProps?.content ?? ""
-      const preview = content.slice(0, 100).replace(/\n/g, "\\n")
-      console.error(
-        pc.dim(`${sessionTag} message.updated (${role}): "${preview}${content.length > 100 ? "..." : ""}"`)
-      )
+      const model = msgProps?.info?.modelID
+      const agent = msgProps?.info?.agent
+      const details = [role, agent, model].filter(Boolean).join(", ")
+      console.error(pc.dim(`${sessionTag} message.updated (${details})`))
       break
     }
 
@@ -241,6 +248,7 @@ function handleMessagePartUpdated(
     const newText = part.text.slice(state.lastPartText.length)
     if (newText) {
       process.stdout.write(newText)
+      state.hasReceivedMeaningfulWork = true
     }
     state.lastPartText = part.text
   }
@@ -257,16 +265,7 @@ function handleMessageUpdated(
   if (props?.info?.sessionID !== ctx.sessionID) return
   if (props?.info?.role !== "assistant") return
 
-  const content = props.content
-  if (!content || content === state.lastOutput) return
-
-  if (state.lastPartText.length === 0) {
-    const newContent = content.slice(state.lastOutput.length)
-    if (newContent) {
-      process.stdout.write(newContent)
-    }
-  }
-  state.lastOutput = content
+  state.hasReceivedMeaningfulWork = true
 }
 
 function handleToolExecute(
@@ -296,6 +295,7 @@ function handleToolExecute(
     }
   }
 
+  state.hasReceivedMeaningfulWork = true
   process.stdout.write(`\n${pc.cyan(">")} ${pc.bold(toolName)}${inputPreview}\n`)
 }
 

src/cli/run/runner.ts

@@ -31,8 +31,18 @@ export async function run(options: RunOptions): Promise<number> {
   }
 
   try {
+    // Support custom OpenCode server port via environment variable
+    // This allows Open Agent and other orchestrators to run multiple
+    // concurrent missions without port conflicts
+    const serverPort = process.env.OPENCODE_SERVER_PORT
+      ? parseInt(process.env.OPENCODE_SERVER_PORT, 10)
+      : undefined
+    const serverHostname = process.env.OPENCODE_SERVER_HOSTNAME || undefined
+
     const { client, server } = await createOpencode({
       signal: abortController.signal,
+      ...(serverPort && !isNaN(serverPort) ? { port: serverPort } : {}),
+      ...(serverHostname ? { hostname: serverHostname } : {}),
     })
 
     const cleanup = () => {
@@ -133,6 +143,14 @@ export async function run(options: RunOptions): Promise<number> {
           process.exit(1)
         }
 
+        // Guard against premature completion: don't check completion until the
+        // session has produced meaningful work (text output, tool call, or tool result).
+        // Without this, a session that goes busy->idle before the LLM responds
+        // would exit immediately because 0 todos + 0 children = "complete".
+        if (!eventState.hasReceivedMeaningfulWork) {
+          continue
+        }
+
         const shouldExit = await checkCompletionConditions(ctx)
         if (shouldExit) {
           console.log(pc.green("\n\nAll tasks completed."))

src/cli/run/types.ts

@@ -44,8 +44,13 @@ export interface SessionStatusProps {
 }
 
 export interface MessageUpdatedProps {
-  info?: { sessionID?: string; role?: string }
-  content?: string
+  info?: {
+    sessionID?: string
+    role?: string
+    modelID?: string
+    providerID?: string
+    agent?: string
+  }
 }
 
 export interface MessagePartUpdatedProps {

src/cli/types.ts

@@ -9,6 +9,7 @@ export interface InstallArgs {
   copilot?: BooleanArg
   opencodeZen?: BooleanArg
   zaiCodingPlan?: BooleanArg
+  kimiForCoding?: BooleanArg
   skipAuth?: boolean
 }
 
@@ -20,6 +21,7 @@ export interface InstallConfig {
   hasCopilot: boolean
   hasOpencodeZen: boolean
   hasZaiCodingPlan: boolean
+  hasKimiForCoding: boolean
 }
 
 export interface ConfigMergeResult {
@@ -37,4 +39,5 @@ export interface DetectedConfig {
   hasCopilot: boolean
   hasOpencodeZen: boolean
   hasZaiCodingPlan: boolean
+  hasKimiForCoding: boolean
 }

src/config/schema.ts

@@ -88,6 +88,7 @@ export const HookNameSchema = z.enum([
   "sisyphus-junior-notepad",
   "start-work",
   "atlas",
+  "stop-continuation-guard",
 ])
 
 export const BuiltinCommandNameSchema = z.enum([
@@ -187,6 +188,7 @@ export const CategoryConfigSchema = z.object({
 export const BuiltinCategoryNameSchema = z.enum([
   "visual-engineering",
   "ultrabrain",
+  "deep",
   "artistry",
   "quick",
   "unspecified-low",
@@ -313,13 +315,14 @@ export const GitMasterConfigSchema = z.object({
   include_co_authored_by: z.boolean().default(true),
 })
 
-export const BrowserAutomationProviderSchema = z.enum(["playwright", "agent-browser"])
+export const BrowserAutomationProviderSchema = z.enum(["playwright", "agent-browser", "dev-browser"])
 
 export const BrowserAutomationConfigSchema = z.object({
   /**
    * Browser automation provider to use for the "playwright" skill.
    * - "playwright": Uses Playwright MCP server (@playwright/mcp) - default
    * - "agent-browser": Uses Vercel's agent-browser CLI (requires: bun add -g agent-browser)
+   * - "dev-browser": Uses dev-browser skill with persistent browser state
    */
   provider: BrowserAutomationProviderSchema.default("playwright"),
 })
@@ -339,6 +342,29 @@ export const TmuxConfigSchema = z.object({
   main_pane_min_width: z.number().min(40).default(120),
   agent_pane_min_width: z.number().min(20).default(40),
 })
+
+export const SisyphusTasksConfigSchema = z.object({
+  /** Enable Sisyphus Tasks system (default: false) */
+  enabled: z.boolean().default(false),
+  /** Storage path for tasks (default: .sisyphus/tasks) */
+  storage_path: z.string().default(".sisyphus/tasks"),
+  /** Enable Claude Code path compatibility mode */
+  claude_code_compat: z.boolean().default(false),
+})
+
+export const SisyphusSwarmConfigSchema = z.object({
+  /** Enable Sisyphus Swarm system (default: false) */
+  enabled: z.boolean().default(false),
+  /** Storage path for teams (default: .sisyphus/teams) */
+  storage_path: z.string().default(".sisyphus/teams"),
+  /** UI mode: toast notifications, tmux panes, or both */
+  ui_mode: z.enum(["toast", "tmux", "both"]).default("toast"),
+})
+
+export const SisyphusConfigSchema = z.object({
+  tasks: SisyphusTasksConfigSchema.optional(),
+  swarm: SisyphusSwarmConfigSchema.optional(),
+})
 export const OhMyOpenCodeConfigSchema = z.object({
   $schema: z.string().optional(),
   disabled_mcps: z.array(AnyMcpNameSchema).optional(),
@@ -360,6 +386,7 @@ export const OhMyOpenCodeConfigSchema = z.object({
   git_master: GitMasterConfigSchema.optional(),
   browser_automation_engine: BrowserAutomationConfigSchema.optional(),
   tmux: TmuxConfigSchema.optional(),
+  sisyphus: SisyphusConfigSchema.optional(),
 })
 
 export type OhMyOpenCodeConfig = z.infer<typeof OhMyOpenCodeConfigSchema>
@@ -386,5 +413,8 @@ export type BrowserAutomationProvider = z.infer<typeof BrowserAutomationProvider
 export type BrowserAutomationConfig = z.infer<typeof BrowserAutomationConfigSchema>
 export type TmuxConfig = z.infer<typeof TmuxConfigSchema>
 export type TmuxLayout = z.infer<typeof TmuxLayoutSchema>
+export type SisyphusTasksConfig = z.infer<typeof SisyphusTasksConfigSchema>
+export type SisyphusSwarmConfig = z.infer<typeof SisyphusSwarmConfigSchema>
+export type SisyphusConfig = z.infer<typeof SisyphusConfigSchema>
 
 export { AnyMcpNameSchema, type AnyMcpName, McpNameSchema, type McpName } from "../mcp/types"

src/features/background-agent/concurrency.test.ts

@@ -176,8 +176,8 @@ describe("ConcurrencyManager.acquire/release", () => {
     await manager.acquire("model-a")
     await manager.acquire("model-a")
 
-    // #then - both resolved without waiting
-    expect(true).toBe(true)
+    // #then - both resolved without waiting, count should be 2
+    expect(manager.getCount("model-a")).toBe(2)
   })
 
   test("should allow acquires up to default limit of 5", async () => {
@@ -190,8 +190,8 @@ describe("ConcurrencyManager.acquire/release", () => {
     await manager.acquire("model-a")
     await manager.acquire("model-a")
 
-    // #then - all 5 resolved
-    expect(true).toBe(true)
+    // #then - all 5 resolved, count should be 5
+    expect(manager.getCount("model-a")).toBe(5)
   })
 
   test("should queue when limit reached", async () => {
@@ -276,8 +276,8 @@ describe("ConcurrencyManager.acquire/release", () => {
     manager.release("model-a")
     await manager.acquire("model-a")
 
-    // #then
-    expect(true).toBe(true)
+    // #then - count should be 1 after re-acquiring
+    expect(manager.getCount("model-a")).toBe(1)
   })
 
   test("should handle release when no acquire", () => {
@@ -288,21 +288,21 @@ describe("ConcurrencyManager.acquire/release", () => {
     // #when - release without acquire
     manager.release("model-a")
 
-    // #then - should not throw
-    expect(true).toBe(true)
+    // #then - count should be 0 (no negative count)
+    expect(manager.getCount("model-a")).toBe(0)
   })
 
   test("should handle release when no prior acquire", () => {
     // #given - default config
 
-    // #when - release without acquire
-    manager.release("model-a")
+     // #when - release without acquire
+     manager.release("model-a")
 
-    // #then - should not throw
-    expect(true).toBe(true)
-  })
+     // #then - count should be 0 (no negative count)
+     expect(manager.getCount("model-a")).toBe(0)
+   })
 
-  test("should handle multiple acquires and releases correctly", async () => {
+   test("should handle multiple acquires and releases correctly", async () => {
     // #given
     const config: BackgroundTaskConfig = { defaultConcurrency: 3 }
     manager = new ConcurrencyManager(config)
@@ -317,11 +317,11 @@ describe("ConcurrencyManager.acquire/release", () => {
     manager.release("model-a")
     manager.release("model-a")
 
-    // Should be able to acquire again
-    await manager.acquire("model-a")
+     // Should be able to acquire again
+     await manager.acquire("model-a")
 
-    // #then
-    expect(true).toBe(true)
+     // #then - count should be 1 after re-acquiring
+     expect(manager.getCount("model-a")).toBe(1)
   })
 
   test("should use model-specific limit for acquire", async () => {

src/features/background-agent/manager.test.ts

@@ -170,6 +170,7 @@ function createBackgroundManager(): BackgroundManager {
   const client = {
     session: {
       prompt: async () => ({}),
+      abort: async () => ({}),
     },
   }
   return new BackgroundManager({ client, directory: tmpdir() } as unknown as PluginInput)
@@ -1053,6 +1054,7 @@ describe("BackgroundManager.resume model persistence", () => {
           promptCalls.push(args)
           return {}
         },
+        abort: async () => ({}),
       },
     }
     manager = new BackgroundManager({ client, directory: tmpdir() } as unknown as PluginInput)
@@ -1926,3 +1928,254 @@ describe("BackgroundManager.checkAndInterruptStaleTasks", () => {
   })
 })
 
+describe("BackgroundManager.shutdown session abort", () => {
+  test("should call session.abort for all running tasks during shutdown", () => {
+    // #given
+    const abortedSessionIDs: string[] = []
+    const client = {
+      session: {
+        prompt: async () => ({}),
+        abort: async (args: { path: { id: string } }) => {
+          abortedSessionIDs.push(args.path.id)
+          return {}
+        },
+      },
+    }
+    const manager = new BackgroundManager({ client, directory: tmpdir() } as unknown as PluginInput)
+
+    const task1: BackgroundTask = {
+      id: "task-1",
+      sessionID: "session-1",
+      parentSessionID: "parent-1",
+      parentMessageID: "msg-1",
+      description: "Running task 1",
+      prompt: "Test",
+      agent: "test-agent",
+      status: "running",
+      startedAt: new Date(),
+    }
+    const task2: BackgroundTask = {
+      id: "task-2",
+      sessionID: "session-2",
+      parentSessionID: "parent-2",
+      parentMessageID: "msg-2",
+      description: "Running task 2",
+      prompt: "Test",
+      agent: "test-agent",
+      status: "running",
+      startedAt: new Date(),
+    }
+
+    getTaskMap(manager).set(task1.id, task1)
+    getTaskMap(manager).set(task2.id, task2)
+
+    // #when
+    manager.shutdown()
+
+    // #then
+    expect(abortedSessionIDs).toContain("session-1")
+    expect(abortedSessionIDs).toContain("session-2")
+    expect(abortedSessionIDs).toHaveLength(2)
+  })
+
+  test("should not call session.abort for completed or cancelled tasks", () => {
+    // #given
+    const abortedSessionIDs: string[] = []
+    const client = {
+      session: {
+        prompt: async () => ({}),
+        abort: async (args: { path: { id: string } }) => {
+          abortedSessionIDs.push(args.path.id)
+          return {}
+        },
+      },
+    }
+    const manager = new BackgroundManager({ client, directory: tmpdir() } as unknown as PluginInput)
+
+    const completedTask: BackgroundTask = {
+      id: "task-completed",
+      sessionID: "session-completed",
+      parentSessionID: "parent-1",
+      parentMessageID: "msg-1",
+      description: "Completed task",
+      prompt: "Test",
+      agent: "test-agent",
+      status: "completed",
+      startedAt: new Date(),
+      completedAt: new Date(),
+    }
+    const cancelledTask: BackgroundTask = {
+      id: "task-cancelled",
+      sessionID: "session-cancelled",
+      parentSessionID: "parent-2",
+      parentMessageID: "msg-2",
+      description: "Cancelled task",
+      prompt: "Test",
+      agent: "test-agent",
+      status: "cancelled",
+      startedAt: new Date(),
+      completedAt: new Date(),
+    }
+    const pendingTask: BackgroundTask = {
+      id: "task-pending",
+      parentSessionID: "parent-3",
+      parentMessageID: "msg-3",
+      description: "Pending task",
+      prompt: "Test",
+      agent: "test-agent",
+      status: "pending",
+      queuedAt: new Date(),
+    }
+
+    getTaskMap(manager).set(completedTask.id, completedTask)
+    getTaskMap(manager).set(cancelledTask.id, cancelledTask)
+    getTaskMap(manager).set(pendingTask.id, pendingTask)
+
+    // #when
+    manager.shutdown()
+
+    // #then
+    expect(abortedSessionIDs).toHaveLength(0)
+  })
+
+  test("should call onShutdown callback during shutdown", () => {
+    // #given
+    let shutdownCalled = false
+    const client = {
+      session: {
+        prompt: async () => ({}),
+        abort: async () => ({}),
+      },
+    }
+    const manager = new BackgroundManager(
+      { client, directory: tmpdir() } as unknown as PluginInput,
+      undefined,
+      {
+        onShutdown: () => {
+          shutdownCalled = true
+        },
+      }
+    )
+
+    // #when
+    manager.shutdown()
+
+    // #then
+    expect(shutdownCalled).toBe(true)
+  })
+
+  test("should not throw when onShutdown callback throws", () => {
+    // #given
+    const client = {
+      session: {
+        prompt: async () => ({}),
+        abort: async () => ({}),
+      },
+    }
+    const manager = new BackgroundManager(
+      { client, directory: tmpdir() } as unknown as PluginInput,
+      undefined,
+      {
+        onShutdown: () => {
+          throw new Error("cleanup failed")
+        },
+      }
+    )
+
+    // #when / #then
+    expect(() => manager.shutdown()).not.toThrow()
+  })
+})
+
+describe("BackgroundManager.completionTimers - Memory Leak Fix", () => {
+  function getCompletionTimers(manager: BackgroundManager): Map<string, ReturnType<typeof setTimeout>> {
+    return (manager as unknown as { completionTimers: Map<string, ReturnType<typeof setTimeout>> }).completionTimers
+  }
+
+  function setCompletionTimer(manager: BackgroundManager, taskId: string): void {
+    const completionTimers = getCompletionTimers(manager)
+    const timer = setTimeout(() => {
+      completionTimers.delete(taskId)
+    }, 5 * 60 * 1000)
+    completionTimers.set(taskId, timer)
+  }
+
+  test("should have completionTimers Map initialized", () => {
+    // #given
+    const manager = createBackgroundManager()
+
+    // #when
+    const completionTimers = getCompletionTimers(manager)
+
+    // #then
+    expect(completionTimers).toBeDefined()
+    expect(completionTimers).toBeInstanceOf(Map)
+    expect(completionTimers.size).toBe(0)
+
+    manager.shutdown()
+  })
+
+  test("should clear all completion timers on shutdown", () => {
+    // #given
+    const manager = createBackgroundManager()
+    setCompletionTimer(manager, "task-1")
+    setCompletionTimer(manager, "task-2")
+
+    const completionTimers = getCompletionTimers(manager)
+    expect(completionTimers.size).toBe(2)
+
+    // #when
+    manager.shutdown()
+
+    // #then
+    expect(completionTimers.size).toBe(0)
+  })
+
+  test("should cancel timer when task is deleted via session.deleted", () => {
+    // #given
+    const manager = createBackgroundManager()
+    const task: BackgroundTask = {
+      id: "task-timer-4",
+      sessionID: "session-timer-4",
+      parentSessionID: "parent-session",
+      parentMessageID: "msg-1",
+      description: "Test task",
+      prompt: "test",
+      agent: "explore",
+      status: "completed",
+      startedAt: new Date(),
+    }
+    getTaskMap(manager).set(task.id, task)
+    setCompletionTimer(manager, task.id)
+
+    const completionTimers = getCompletionTimers(manager)
+    expect(completionTimers.size).toBe(1)
+
+    // #when
+    manager.handleEvent({
+      type: "session.deleted",
+      properties: {
+        info: { id: "session-timer-4" },
+      },
+    })
+
+    // #then
+    expect(completionTimers.has(task.id)).toBe(false)
+
+    manager.shutdown()
+  })
+
+  test("should not leak timers across multiple shutdown calls", () => {
+    // #given
+    const manager = createBackgroundManager()
+    setCompletionTimer(manager, "task-1")
+
+    // #when
+    manager.shutdown()
+    manager.shutdown()
+
+    // #then
+    const completionTimers = getCompletionTimers(manager)
+    expect(completionTimers.size).toBe(0)
+  })
+})

src/features/background-agent/manager.ts

@@ -5,7 +5,7 @@ import type {
   LaunchInput,
   ResumeInput,
 } from "./types"
-import { log, getAgentToolRestrictions } from "../../shared"
+import { log, getAgentToolRestrictions, promptWithModelSuggestionRetry } from "../../shared"
 import { ConcurrencyManager } from "./concurrency"
 import type { BackgroundTaskConfig, TmuxConfig } from "../../config/schema"
 import { isInsideTmux } from "../../shared/tmux"
@@ -79,9 +79,11 @@ export class BackgroundManager {
   private config?: BackgroundTaskConfig
   private tmuxEnabled: boolean
   private onSubagentSessionCreated?: OnSubagentSessionCreated
+  private onShutdown?: () => void
 
   private queuesByKey: Map<string, QueueItem[]> = new Map()
   private processingKeys: Set<string> = new Set()
+  private completionTimers: Map<string, ReturnType<typeof setTimeout>> = new Map()
 
   constructor(
     ctx: PluginInput,
@@ -89,6 +91,7 @@ export class BackgroundManager {
     options?: {
       tmuxConfig?: TmuxConfig
       onSubagentSessionCreated?: OnSubagentSessionCreated
+      onShutdown?: () => void
     }
   ) {
     this.tasks = new Map()
@@ -100,6 +103,7 @@ export class BackgroundManager {
     this.config = config
     this.tmuxEnabled = options?.tmuxConfig?.enabled ?? false
     this.onSubagentSessionCreated = options?.onSubagentSessionCreated
+    this.onShutdown = options?.onShutdown
     this.registerProcessCleanup()
   }
 
@@ -224,7 +228,10 @@ export class BackgroundManager {
       body: {
         parentID: input.parentSessionID,
         title: `Background: ${input.description}`,
-      },
+        permission: [
+          { permission: "question", action: "deny" as const, pattern: "*" },
+        ],
+      } as any,
       query: {
         directory: parentDirectory,
       },
@@ -294,11 +301,19 @@ export class BackgroundManager {
 
     // Use prompt() instead of promptAsync() to properly initialize agent loop (fire-and-forget)
     // Include model if caller provided one (e.g., from Sisyphus category configs)
-    this.client.session.prompt({
+    // IMPORTANT: variant must be a top-level field in the body, NOT nested inside model
+    // OpenCode's PromptInput schema expects: { model: { providerID, modelID }, variant: "max" }
+    const launchModel = input.model
+      ? { providerID: input.model.providerID, modelID: input.model.modelID }
+      : undefined
+    const launchVariant = input.model?.variant
+
+    promptWithModelSuggestionRetry(this.client, {
       path: { id: sessionID },
       body: {
         agent: input.agent,
-        ...(input.model ? { model: input.model } : {}),
+        ...(launchModel ? { model: launchModel } : {}),
+        ...(launchVariant ? { variant: launchVariant } : {}),
         system: input.skillContent,
         tools: {
           ...getAgentToolRestrictions(input.agent),
@@ -542,11 +557,18 @@ export class BackgroundManager {
 
     // Use prompt() instead of promptAsync() to properly initialize agent loop
     // Include model if task has one (preserved from original launch with category config)
+    // variant must be top-level in body, not nested inside model (OpenCode PromptInput schema)
+    const resumeModel = existingTask.model
+      ? { providerID: existingTask.model.providerID, modelID: existingTask.model.modelID }
+      : undefined
+    const resumeVariant = existingTask.model?.variant
+
     this.client.session.prompt({
       path: { id: existingTask.sessionID },
       body: {
         agent: existingTask.agent,
-        ...(existingTask.model ? { model: existingTask.model } : {}),
+        ...(resumeModel ? { model: resumeModel } : {}),
+        ...(resumeVariant ? { variant: resumeVariant } : {}),
         tools: {
           ...getAgentToolRestrictions(existingTask.agent),
           task: false,
@@ -687,7 +709,11 @@ export class BackgroundManager {
          this.concurrencyManager.release(task.concurrencyKey)
          task.concurrencyKey = undefined
        }
-      // Clean up pendingByParent to prevent stale entries
+      const existingTimer = this.completionTimers.get(task.id)
+      if (existingTimer) {
+        clearTimeout(existingTimer)
+        this.completionTimers.delete(task.id)
+      }
       this.cleanupPendingByParent(task)
       this.tasks.delete(task.id)
       this.clearNotificationsForTask(task.id)
@@ -1052,14 +1078,15 @@ Use \`background_output(task_id="${task.id}")\` to retrieve this result when rea
     }
 
     const taskId = task.id
-    setTimeout(() => {
-      // Guard: Only delete if task still exists (could have been deleted by session.deleted event)
+    const timer = setTimeout(() => {
+      this.completionTimers.delete(taskId)
       if (this.tasks.has(taskId)) {
         this.clearNotificationsForTask(taskId)
         this.tasks.delete(taskId)
         log("[background-agent] Removed completed task from memory:", taskId)
       }
     }, 5 * 60 * 1000)
+    this.completionTimers.set(taskId, timer)
   }
 
   private formatDuration(start: Date, end?: Date): string {
@@ -1328,7 +1355,25 @@ Use \`background_output(task_id="${task.id}")\` to retrieve this result when rea
     log("[background-agent] Shutting down BackgroundManager")
     this.stopPolling()
 
-    // Release concurrency for all running tasks first
+    // Abort all running sessions to prevent zombie processes (#1240)
+    for (const task of this.tasks.values()) {
+      if (task.status === "running" && task.sessionID) {
+        this.client.session.abort({
+          path: { id: task.sessionID },
+        }).catch(() => {})
+      }
+    }
+
+    // Notify shutdown listeners (e.g., tmux cleanup)
+    if (this.onShutdown) {
+      try {
+        this.onShutdown()
+      } catch (error) {
+        log("[background-agent] Error in onShutdown callback:", error)
+      }
+    }
+
+    // Release concurrency for all running tasks
     for (const task of this.tasks.values()) {
       if (task.concurrencyKey) {
         this.concurrencyManager.release(task.concurrencyKey)
@@ -1336,7 +1381,11 @@ Use \`background_output(task_id="${task.id}")\` to retrieve this result when rea
       }
     }
 
-    // Then clear all state (cancels any remaining waiters)
+    for (const timer of this.completionTimers.values()) {
+      clearTimeout(timer)
+    }
+    this.completionTimers.clear()
+
     this.concurrencyManager.clear()
     this.tasks.clear()
     this.notifications.clear()
@@ -1357,7 +1406,10 @@ function registerProcessSignal(
   const listener = () => {
     handler()
     if (exitAfter) {
-      process.exit(0)
+      // Set exitCode and schedule exit after delay to allow other handlers to complete async cleanup
+      // Use 6s delay to accommodate LSP cleanup (5s timeout + 1s SIGKILL wait)
+      process.exitCode = 0
+      setTimeout(() => process.exit(), 6000)
     }
   }
   process.on(signal, listener)

src/features/builtin-commands/commands.ts

@@ -2,6 +2,7 @@ import type { CommandDefinition } from "../claude-code-command-loader"
 import type { BuiltinCommandName, BuiltinCommands } from "./types"
 import { INIT_DEEP_TEMPLATE } from "./templates/init-deep"
 import { RALPH_LOOP_TEMPLATE, CANCEL_RALPH_TEMPLATE } from "./templates/ralph-loop"
+import { STOP_CONTINUATION_TEMPLATE } from "./templates/stop-continuation"
 import { REFACTOR_TEMPLATE } from "./templates/refactor"
 import { START_WORK_TEMPLATE } from "./templates/start-work"
 
@@ -70,6 +71,12 @@ $ARGUMENTS
 </user-request>`,
     argumentHint: "[plan-name]",
   },
+  "stop-continuation": {
+    description: "(builtin) Stop all continuation mechanisms (ralph loop, todo continuation, boulder) for this session",
+    template: `<command-instruction>
+${STOP_CONTINUATION_TEMPLATE}
+</command-instruction>`,
+  },
 }
 
 export function loadBuiltinCommands(

src/features/builtin-commands/templates/stop-continuation.test.ts

@@ -0,0 +1,25 @@
+import { describe, expect, test } from "bun:test"
+import { STOP_CONTINUATION_TEMPLATE } from "./stop-continuation"
+
+describe("stop-continuation template", () => {
+  test("should export a non-empty template string", () => {
+    // #given - the stop-continuation template
+
+    // #when - we access the template
+
+    // #then - it should be a non-empty string
+    expect(typeof STOP_CONTINUATION_TEMPLATE).toBe("string")
+    expect(STOP_CONTINUATION_TEMPLATE.length).toBeGreaterThan(0)
+  })
+
+  test("should describe the stop-continuation behavior", () => {
+    // #given - the stop-continuation template
+
+    // #when - we check the content
+
+    // #then - it should mention key behaviors
+    expect(STOP_CONTINUATION_TEMPLATE).toContain("todo-continuation-enforcer")
+    expect(STOP_CONTINUATION_TEMPLATE).toContain("Ralph Loop")
+    expect(STOP_CONTINUATION_TEMPLATE).toContain("boulder state")
+  })
+})

src/features/builtin-commands/templates/stop-continuation.ts

@@ -0,0 +1,13 @@
+export const STOP_CONTINUATION_TEMPLATE = `Stop all continuation mechanisms for the current session.
+
+This command will:
+1. Stop the todo-continuation-enforcer from automatically continuing incomplete tasks
+2. Cancel any active Ralph Loop
+3. Clear the boulder state for the current project
+
+After running this command:
+- The session will not auto-continue when idle
+- You can manually continue work when ready
+- The stop state is per-session and clears when the session ends
+
+Use this when you need to pause automated continuation and take manual control.`

src/features/builtin-commands/types.ts

@@ -1,6 +1,6 @@
 import type { CommandDefinition } from "../claude-code-command-loader"
 
-export type BuiltinCommandName = "init-deep" | "ralph-loop" | "cancel-ralph" | "ulw-loop" | "refactor" | "start-work"
+export type BuiltinCommandName = "init-deep" | "ralph-loop" | "cancel-ralph" | "ulw-loop" | "refactor" | "start-work" | "stop-continuation"
 
 export interface BuiltinCommandConfig {
   disabled_commands?: BuiltinCommandName[]

src/features/claude-code-mcp-loader/types.ts

@@ -7,6 +7,10 @@ export interface ClaudeCodeMcpServer {
   args?: string[]
   env?: Record<string, string>
   headers?: Record<string, string>
+  oauth?: {
+    clientId?: string
+    scopes?: string[]
+  }
   disabled?: boolean
 }
 

src/features/claude-code-session-state/state.test.ts

@@ -1,4 +1,4 @@
-import { describe, test, expect, beforeEach } from "bun:test"
+import { describe, test, expect, beforeEach, afterEach } from "bun:test"
 import {
   setSessionAgent,
   getSessionAgent,
@@ -13,9 +13,11 @@ describe("claude-code-session-state", () => {
   beforeEach(() => {
     // #given - clean state before each test
     _resetForTesting()
-    clearSessionAgent("test-session-1")
-    clearSessionAgent("test-session-2")
-    clearSessionAgent("test-prometheus-session")
+  })
+
+  afterEach(() => {
+    // #then - cleanup after each test to prevent pollution
+    _resetForTesting()
   })
 
   describe("setSessionAgent", () => {
@@ -92,9 +94,9 @@ describe("claude-code-session-state", () => {
       expect(getMainSessionID()).toBe(mainID)
     })
 
-    test.skip("should return undefined when not set", () => {
-      // #given - not set
-      // TODO: Fix flaky test - parallel test execution causes state pollution
+    test("should return undefined when not set", () => {
+      // #given - explicit reset to ensure clean state (parallel test isolation)
+      _resetForTesting()
       // #then
       expect(getMainSessionID()).toBeUndefined()
     })

src/features/claude-code-session-state/state.ts

@@ -14,6 +14,7 @@ export function getMainSessionID(): string | undefined {
 export function _resetForTesting(): void {
   _mainSessionID = undefined
   subagentSessions.clear()
+  sessionAgentMap.clear()
 }
 
 const sessionAgentMap = new Map<string, string>()

src/features/hook-message-injector/injector.ts

@@ -2,10 +2,11 @@ import { existsSync, mkdirSync, readFileSync, readdirSync, writeFileSync } from
 import { join } from "node:path"
 import { MESSAGE_STORAGE, PART_STORAGE } from "./constants"
 import type { MessageMeta, OriginalMessageContext, TextPart, ToolPermission } from "./types"
+import { log } from "../../shared/logger"
 
 export interface StoredMessage {
   agent?: string
-  model?: { providerID?: string; modelID?: string }
+  model?: { providerID?: string; modelID?: string; variant?: string }
   tools?: Record<string, ToolPermission>
 }
 
@@ -117,7 +118,7 @@ export function injectHookMessage(
 ): boolean {
   // Validate hook content to prevent empty message injection
   if (!hookContent || hookContent.trim().length === 0) {
-    console.warn("[hook-message-injector] Attempted to inject empty hook content, skipping injection", {
+    log("[hook-message-injector] Attempted to inject empty hook content, skipping injection", {
       sessionID,
       hasAgent: !!originalMessage.agent,
       hasModel: !!(originalMessage.model?.providerID && originalMessage.model?.modelID)
@@ -141,9 +142,17 @@ export function injectHookMessage(
   const resolvedAgent = originalMessage.agent ?? fallback?.agent ?? "general"
   const resolvedModel =
     originalMessage.model?.providerID && originalMessage.model?.modelID
-      ? { providerID: originalMessage.model.providerID, modelID: originalMessage.model.modelID }
+      ? { 
+          providerID: originalMessage.model.providerID, 
+          modelID: originalMessage.model.modelID,
+          ...(originalMessage.model.variant ? { variant: originalMessage.model.variant } : {})
+        }
       : fallback?.model?.providerID && fallback?.model?.modelID
-        ? { providerID: fallback.model.providerID, modelID: fallback.model.modelID }
+        ? { 
+            providerID: fallback.model.providerID, 
+            modelID: fallback.model.modelID,
+            ...(fallback.model.variant ? { variant: fallback.model.variant } : {})
+          }
         : undefined
   const resolvedTools = originalMessage.tools ?? fallback?.tools
 

src/features/hook-message-injector/types.ts

@@ -12,6 +12,7 @@ export interface MessageMeta {
   model?: {
     providerID: string
     modelID: string
+    variant?: string
   }
   path?: {
     cwd: string
@@ -25,6 +26,7 @@ export interface OriginalMessageContext {
   model?: {
     providerID?: string
     modelID?: string
+    variant?: string
   }
   path?: {
     cwd?: string

src/features/mcp-oauth/callback-server.test.ts

@@ -0,0 +1,136 @@
+import { afterEach, describe, expect, it } from "bun:test"
+import { findAvailablePort, startCallbackServer, type CallbackServer } from "./callback-server"
+
+const nativeFetch = Bun.fetch.bind(Bun)
+
+describe("findAvailablePort", () => {
+  it("returns the start port when it is available", async () => {
+    //#given
+    const startPort = 19877
+
+    //#when
+    const port = await findAvailablePort(startPort)
+
+    //#then
+    expect(port).toBeGreaterThanOrEqual(startPort)
+    expect(port).toBeLessThan(startPort + 20)
+  })
+
+  it("skips busy ports and returns next available", async () => {
+    //#given
+    const blocker = Bun.serve({
+      port: 19877,
+      hostname: "127.0.0.1",
+      fetch: () => new Response(),
+    })
+
+    //#when
+    const port = await findAvailablePort(19877)
+
+    //#then
+    expect(port).toBeGreaterThan(19877)
+    blocker.stop(true)
+  })
+})
+
+describe("startCallbackServer", () => {
+  let server: CallbackServer | null = null
+
+  afterEach(async () => {
+    server?.close()
+    server = null
+    // Allow time for port to be released before next test
+    await Bun.sleep(10)
+  })
+
+  it("starts server and returns port", async () => {
+    //#given - no preconditions
+
+    //#when
+    server = await startCallbackServer()
+
+    //#then
+    expect(server.port).toBeGreaterThanOrEqual(19877)
+    expect(typeof server.waitForCallback).toBe("function")
+    expect(typeof server.close).toBe("function")
+  })
+
+  it("resolves callback with code and state from query params", async () => {
+    //#given
+    server = await startCallbackServer()
+    const callbackUrl = `http://127.0.0.1:${server.port}/oauth/callback?code=test-code&state=test-state`
+
+    //#when
+    // Use Promise.all to ensure fetch and waitForCallback run concurrently
+    // This prevents race condition where waitForCallback blocks before fetch starts
+    const [result, response] = await Promise.all([
+      server.waitForCallback(),
+      nativeFetch(callbackUrl)
+    ])
+
+    //#then
+    expect(result).toEqual({ code: "test-code", state: "test-state" })
+    expect(response.status).toBe(200)
+    const html = await response.text()
+    expect(html).toContain("Authorization successful")
+  })
+
+  it("returns 404 for non-callback routes", async () => {
+    //#given
+    server = await startCallbackServer()
+
+    //#when
+    const response = await nativeFetch(`http://127.0.0.1:${server.port}/other`)
+
+    //#then
+    expect(response.status).toBe(404)
+  })
+
+  it("returns 400 and rejects when code is missing", async () => {
+    //#given
+    server = await startCallbackServer()
+    const callbackRejection = server.waitForCallback().catch((e: Error) => e)
+
+    //#when
+    const response = await nativeFetch(`http://127.0.0.1:${server.port}/oauth/callback?state=s`)
+
+    //#then
+    expect(response.status).toBe(400)
+    const error = await callbackRejection
+    expect(error).toBeInstanceOf(Error)
+    expect((error as Error).message).toContain("missing code or state")
+  })
+
+  it("returns 400 and rejects when state is missing", async () => {
+    //#given
+    server = await startCallbackServer()
+    const callbackRejection = server.waitForCallback().catch((e: Error) => e)
+
+    //#when
+    const response = await nativeFetch(`http://127.0.0.1:${server.port}/oauth/callback?code=c`)
+
+    //#then
+    expect(response.status).toBe(400)
+    const error = await callbackRejection
+    expect(error).toBeInstanceOf(Error)
+    expect((error as Error).message).toContain("missing code or state")
+  })
+
+  it("close stops the server immediately", async () => {
+    //#given
+    server = await startCallbackServer()
+    const port = server.port
+
+    //#when
+    server.close()
+    server = null
+
+    //#then
+    try {
+      await nativeFetch(`http://127.0.0.1:${port}/oauth/callback?code=c&state=s`)
+      expect(true).toBe(false)
+    } catch (error) {
+      expect(error).toBeDefined()
+    }
+  })
+})

src/features/mcp-oauth/callback-server.ts

@@ -0,0 +1,124 @@
+const DEFAULT_PORT = 19877
+const MAX_PORT_ATTEMPTS = 20
+const TIMEOUT_MS = 5 * 60 * 1000
+
+export type OAuthCallbackResult = {
+  code: string
+  state: string
+}
+
+export type CallbackServer = {
+  port: number
+  waitForCallback: () => Promise<OAuthCallbackResult>
+  close: () => void
+}
+
+const SUCCESS_HTML = `<!DOCTYPE html>
+<html>
+<head>
+  <meta charset="utf-8">
+  <title>OAuth Authorized</title>
+  <style>
+    body { font-family: -apple-system, BlinkMacSystemFont, sans-serif; display: flex; justify-content: center; align-items: center; height: 100vh; margin: 0; background: #0a0a0a; color: #fafafa; }
+    .container { text-align: center; }
+    h1 { font-size: 1.5rem; margin-bottom: 0.5rem; }
+    p { color: #888; }
+  </style>
+</head>
+<body>
+  <div class="container">
+    <h1>Authorization successful</h1>
+    <p>You can close this window and return to your terminal.</p>
+  </div>
+</body>
+</html>`
+
+async function isPortAvailable(port: number): Promise<boolean> {
+  try {
+    const server = Bun.serve({
+      port,
+      hostname: "127.0.0.1",
+      fetch: () => new Response(),
+    })
+    server.stop(true)
+    return true
+  } catch {
+    return false
+  }
+}
+
+export async function findAvailablePort(startPort: number = DEFAULT_PORT): Promise<number> {
+  for (let attempt = 0; attempt < MAX_PORT_ATTEMPTS; attempt++) {
+    const port = startPort + attempt
+    if (await isPortAvailable(port)) {
+      return port
+    }
+  }
+  throw new Error(`No available port found in range ${startPort}-${startPort + MAX_PORT_ATTEMPTS - 1}`)
+}
+
+export async function startCallbackServer(startPort: number = DEFAULT_PORT): Promise<CallbackServer> {
+  const port = await findAvailablePort(startPort)
+
+  let resolveCallback: ((result: OAuthCallbackResult) => void) | null = null
+  let rejectCallback: ((error: Error) => void) | null = null
+
+  const callbackPromise = new Promise<OAuthCallbackResult>((resolve, reject) => {
+    resolveCallback = resolve
+    rejectCallback = reject
+  })
+
+  const timeoutId = setTimeout(() => {
+    rejectCallback?.(new Error("OAuth callback timed out after 5 minutes"))
+    server.stop(true)
+  }, TIMEOUT_MS)
+
+  const server = Bun.serve({
+    port,
+    hostname: "127.0.0.1",
+    fetch(request: Request): Response {
+      const url = new URL(request.url)
+
+      if (url.pathname !== "/oauth/callback") {
+        return new Response("Not Found", { status: 404 })
+      }
+
+      const oauthError = url.searchParams.get("error")
+      if (oauthError) {
+        const description = url.searchParams.get("error_description") ?? oauthError
+        clearTimeout(timeoutId)
+        rejectCallback?.(new Error(`OAuth authorization failed: ${description}`))
+        setTimeout(() => server.stop(true), 100)
+        return new Response(`Authorization failed: ${description}`, { status: 400 })
+      }
+
+      const code = url.searchParams.get("code")
+      const state = url.searchParams.get("state")
+
+      if (!code || !state) {
+        clearTimeout(timeoutId)
+        rejectCallback?.(new Error("OAuth callback missing code or state parameter"))
+        setTimeout(() => server.stop(true), 100)
+        return new Response("Missing code or state parameter", { status: 400 })
+      }
+
+      resolveCallback?.({ code, state })
+      clearTimeout(timeoutId)
+
+      setTimeout(() => server.stop(true), 100)
+
+      return new Response(SUCCESS_HTML, {
+        headers: { "content-type": "text/html; charset=utf-8" },
+      })
+    },
+  })
+
+  return {
+    port,
+    waitForCallback: () => callbackPromise,
+    close: () => {
+      clearTimeout(timeoutId)
+      server.stop(true)
+    },
+  }
+}

src/features/mcp-oauth/dcr.test.ts

@@ -0,0 +1,164 @@
+import { describe, expect, it } from "bun:test"
+import {
+  getOrRegisterClient,
+  type ClientCredentials,
+  type ClientRegistrationStorage,
+  type DcrFetch,
+} from "./dcr"
+
+function createStorage(initial: ClientCredentials | null):
+  & ClientRegistrationStorage
+  & { getLastKey: () => string | null; getLastSet: () => ClientCredentials | null } {
+  let stored = initial
+  let lastKey: string | null = null
+  let lastSet: ClientCredentials | null = null
+
+  return {
+    getClientRegistration: () => stored,
+    setClientRegistration: (serverIdentifier: string, credentials: ClientCredentials) => {
+      lastKey = serverIdentifier
+      lastSet = credentials
+      stored = credentials
+    },
+    getLastKey: () => lastKey,
+    getLastSet: () => lastSet,
+  }
+}
+
+describe("getOrRegisterClient", () => {
+  it("returns cached registration when available", async () => {
+    // #given
+    const storage = createStorage({
+      clientId: "cached-client",
+      clientSecret: "cached-secret",
+    })
+    const fetchMock: DcrFetch = async () => {
+      throw new Error("fetch should not be called")
+    }
+
+    // #when
+    const result = await getOrRegisterClient({
+      registrationEndpoint: "https://server.example.com/register",
+      serverIdentifier: "server-1",
+      clientName: "Test Client",
+      redirectUris: ["https://app.example.com/callback"],
+      tokenEndpointAuthMethod: "client_secret_post",
+      storage,
+      fetch: fetchMock,
+    })
+
+    // #then
+    expect(result).toEqual({
+      clientId: "cached-client",
+      clientSecret: "cached-secret",
+    })
+  })
+
+  it("registers client and stores credentials when endpoint available", async () => {
+    // #given
+    const storage = createStorage(null)
+    let fetchCalled = false
+    const fetchMock: DcrFetch = async (
+      input: string,
+      init?: { method?: string; headers?: Record<string, string>; body?: string }
+    ) => {
+      fetchCalled = true
+      expect(input).toBe("https://server.example.com/register")
+      if (typeof init?.body !== "string") {
+        throw new Error("Expected request body string")
+      }
+      const payload = JSON.parse(init.body)
+      expect(payload).toEqual({
+        redirect_uris: ["https://app.example.com/callback"],
+        client_name: "Test Client",
+        grant_types: ["authorization_code", "refresh_token"],
+        response_types: ["code"],
+        token_endpoint_auth_method: "client_secret_post",
+      })
+
+      return {
+        ok: true,
+        json: async () => ({
+          client_id: "registered-client",
+          client_secret: "registered-secret",
+        }),
+      }
+    }
+
+    // #when
+    const result = await getOrRegisterClient({
+      registrationEndpoint: "https://server.example.com/register",
+      serverIdentifier: "server-2",
+      clientName: "Test Client",
+      redirectUris: ["https://app.example.com/callback"],
+      tokenEndpointAuthMethod: "client_secret_post",
+      storage,
+      fetch: fetchMock,
+    })
+
+    // #then
+    expect(fetchCalled).toBe(true)
+    expect(result).toEqual({
+      clientId: "registered-client",
+      clientSecret: "registered-secret",
+    })
+    expect(storage.getLastKey()).toBe("server-2")
+    expect(storage.getLastSet()).toEqual({
+      clientId: "registered-client",
+      clientSecret: "registered-secret",
+    })
+  })
+
+  it("uses config client id when registration endpoint missing", async () => {
+    // #given
+    const storage = createStorage(null)
+    let fetchCalled = false
+    const fetchMock: DcrFetch = async () => {
+      fetchCalled = true
+      return {
+        ok: false,
+        json: async () => ({}),
+      }
+    }
+
+    // #when
+    const result = await getOrRegisterClient({
+      registrationEndpoint: undefined,
+      serverIdentifier: "server-3",
+      clientName: "Test Client",
+      redirectUris: ["https://app.example.com/callback"],
+      tokenEndpointAuthMethod: "client_secret_post",
+      clientId: "config-client",
+      storage,
+      fetch: fetchMock,
+    })
+
+    // #then
+    expect(fetchCalled).toBe(false)
+    expect(result).toEqual({ clientId: "config-client" })
+  })
+
+  it("falls back to config client id when registration fails", async () => {
+    // #given
+    const storage = createStorage(null)
+    const fetchMock: DcrFetch = async () => {
+      throw new Error("network error")
+    }
+
+    // #when
+    const result = await getOrRegisterClient({
+      registrationEndpoint: "https://server.example.com/register",
+      serverIdentifier: "server-4",
+      clientName: "Test Client",
+      redirectUris: ["https://app.example.com/callback"],
+      tokenEndpointAuthMethod: "client_secret_post",
+      clientId: "fallback-client",
+      storage,
+      fetch: fetchMock,
+    })
+
+    // #then
+    expect(result).toEqual({ clientId: "fallback-client" })
+    expect(storage.getLastSet()).toBeNull()
+  })
+})

src/features/mcp-oauth/dcr.ts

@@ -0,0 +1,98 @@
+export type ClientRegistrationRequest = {
+  redirect_uris: string[]
+  client_name: string
+  grant_types: ["authorization_code", "refresh_token"]
+  response_types: ["code"]
+  token_endpoint_auth_method: "none" | "client_secret_post"
+}
+
+export type ClientCredentials = {
+  clientId: string
+  clientSecret?: string
+}
+
+export type ClientRegistrationStorage = {
+  getClientRegistration: (serverIdentifier: string) => ClientCredentials | null
+  setClientRegistration: (
+    serverIdentifier: string,
+    credentials: ClientCredentials
+  ) => void
+}
+
+export type DynamicClientRegistrationOptions = {
+  registrationEndpoint?: string | null
+  serverIdentifier?: string
+  clientName: string
+  redirectUris: string[]
+  tokenEndpointAuthMethod: "none" | "client_secret_post"
+  clientId?: string | null
+  storage: ClientRegistrationStorage
+  fetch?: DcrFetch
+}
+
+export type DcrFetch = (
+  input: string,
+  init?: { method?: string; headers?: Record<string, string>; body?: string }
+) => Promise<{ ok: boolean; json: () => Promise<unknown> }>
+
+export async function getOrRegisterClient(
+  options: DynamicClientRegistrationOptions
+): Promise<ClientCredentials | null> {
+  const serverIdentifier =
+    options.serverIdentifier ?? options.registrationEndpoint ?? "default"
+  const existing = options.storage.getClientRegistration(serverIdentifier)
+  if (existing) return existing
+
+  if (!options.registrationEndpoint) {
+    return options.clientId ? { clientId: options.clientId } : null
+  }
+
+  const fetchImpl = options.fetch ?? globalThis.fetch
+  const request: ClientRegistrationRequest = {
+    redirect_uris: options.redirectUris,
+    client_name: options.clientName,
+    grant_types: ["authorization_code", "refresh_token"],
+    response_types: ["code"],
+    token_endpoint_auth_method: options.tokenEndpointAuthMethod,
+  }
+
+  try {
+    const response = await fetchImpl(options.registrationEndpoint, {
+      method: "POST",
+      headers: { "content-type": "application/json" },
+      body: JSON.stringify(request),
+    })
+
+    if (!response.ok) {
+      return options.clientId ? { clientId: options.clientId } : null
+    }
+
+    const data: unknown = await response.json()
+    const parsed = parseRegistrationResponse(data)
+    if (!parsed) {
+      return options.clientId ? { clientId: options.clientId } : null
+    }
+
+    options.storage.setClientRegistration(serverIdentifier, parsed)
+    return parsed
+  } catch {
+    return options.clientId ? { clientId: options.clientId } : null
+  }
+}
+
+function parseRegistrationResponse(data: unknown): ClientCredentials | null {
+  if (!isRecord(data)) return null
+  const clientId = data.client_id
+  if (typeof clientId !== "string" || clientId.length === 0) return null
+
+  const clientSecret = data.client_secret
+  if (typeof clientSecret === "string" && clientSecret.length > 0) {
+    return { clientId, clientSecret }
+  }
+
+  return { clientId }
+}
+
+function isRecord(value: unknown): value is Record<string, unknown> {
+  return typeof value === "object" && value !== null
+}

src/features/mcp-oauth/discovery.test.ts

@@ -0,0 +1,175 @@
+import { describe, test, expect, beforeEach, afterEach } from "bun:test"
+import { discoverOAuthServerMetadata, resetDiscoveryCache } from "./discovery"
+
+describe("discoverOAuthServerMetadata", () => {
+  const originalFetch = globalThis.fetch
+
+  beforeEach(() => {
+    resetDiscoveryCache()
+  })
+
+  afterEach(() => {
+    Object.defineProperty(globalThis, "fetch", { value: originalFetch, configurable: true })
+  })
+
+  test("returns endpoints from PRM + AS discovery", () => {
+    // #given
+    const resource = "https://mcp.example.com"
+    const prmUrl = new URL("/.well-known/oauth-protected-resource", resource).toString()
+    const authServer = "https://auth.example.com"
+    const asUrl = new URL("/.well-known/oauth-authorization-server", authServer).toString()
+    const calls: string[] = []
+    const fetchMock = async (input: string | URL) => {
+      const url = typeof input === "string" ? input : input.toString()
+      calls.push(url)
+      if (url === prmUrl) {
+        return new Response(JSON.stringify({ authorization_servers: [authServer] }), { status: 200 })
+      }
+      if (url === asUrl) {
+        return new Response(
+          JSON.stringify({
+            authorization_endpoint: "https://auth.example.com/authorize",
+            token_endpoint: "https://auth.example.com/token",
+            registration_endpoint: "https://auth.example.com/register",
+          }),
+          { status: 200 }
+        )
+      }
+      return new Response("not found", { status: 404 })
+    }
+    Object.defineProperty(globalThis, "fetch", { value: fetchMock, configurable: true })
+
+    // #when
+    return discoverOAuthServerMetadata(resource).then((result) => {
+      // #then
+      expect(result).toEqual({
+        authorizationEndpoint: "https://auth.example.com/authorize",
+        tokenEndpoint: "https://auth.example.com/token",
+        registrationEndpoint: "https://auth.example.com/register",
+        resource,
+      })
+      expect(calls).toEqual([prmUrl, asUrl])
+    })
+  })
+
+  test("falls back to RFC 8414 when PRM returns 404", () => {
+    // #given
+    const resource = "https://mcp.example.com"
+    const prmUrl = new URL("/.well-known/oauth-protected-resource", resource).toString()
+    const asUrl = new URL("/.well-known/oauth-authorization-server", resource).toString()
+    const calls: string[] = []
+    const fetchMock = async (input: string | URL) => {
+      const url = typeof input === "string" ? input : input.toString()
+      calls.push(url)
+      if (url === prmUrl) {
+        return new Response("not found", { status: 404 })
+      }
+      if (url === asUrl) {
+        return new Response(
+          JSON.stringify({
+            authorization_endpoint: "https://mcp.example.com/authorize",
+            token_endpoint: "https://mcp.example.com/token",
+          }),
+          { status: 200 }
+        )
+      }
+      return new Response("not found", { status: 404 })
+    }
+    Object.defineProperty(globalThis, "fetch", { value: fetchMock, configurable: true })
+
+    // #when
+    return discoverOAuthServerMetadata(resource).then((result) => {
+      // #then
+      expect(result).toEqual({
+        authorizationEndpoint: "https://mcp.example.com/authorize",
+        tokenEndpoint: "https://mcp.example.com/token",
+        registrationEndpoint: undefined,
+        resource,
+      })
+      expect(calls).toEqual([prmUrl, asUrl])
+    })
+  })
+
+  test("throws when both PRM and AS discovery return 404", () => {
+    // #given
+    const resource = "https://mcp.example.com"
+    const prmUrl = new URL("/.well-known/oauth-protected-resource", resource).toString()
+    const asUrl = new URL("/.well-known/oauth-authorization-server", resource).toString()
+    const fetchMock = async (input: string | URL) => {
+      const url = typeof input === "string" ? input : input.toString()
+      if (url === prmUrl || url === asUrl) {
+        return new Response("not found", { status: 404 })
+      }
+      return new Response("not found", { status: 404 })
+    }
+    Object.defineProperty(globalThis, "fetch", { value: fetchMock, configurable: true })
+
+    // #when
+    const result = discoverOAuthServerMetadata(resource)
+
+    // #then
+    return expect(result).rejects.toThrow("OAuth authorization server metadata not found")
+  })
+
+  test("throws when AS metadata is malformed", () => {
+    // #given
+    const resource = "https://mcp.example.com"
+    const prmUrl = new URL("/.well-known/oauth-protected-resource", resource).toString()
+    const authServer = "https://auth.example.com"
+    const asUrl = new URL("/.well-known/oauth-authorization-server", authServer).toString()
+    const fetchMock = async (input: string | URL) => {
+      const url = typeof input === "string" ? input : input.toString()
+      if (url === prmUrl) {
+        return new Response(JSON.stringify({ authorization_servers: [authServer] }), { status: 200 })
+      }
+      if (url === asUrl) {
+        return new Response(JSON.stringify({ authorization_endpoint: "https://auth.example.com/authorize" }), {
+          status: 200,
+        })
+      }
+      return new Response("not found", { status: 404 })
+    }
+    Object.defineProperty(globalThis, "fetch", { value: fetchMock, configurable: true })
+
+    // #when
+    const result = discoverOAuthServerMetadata(resource)
+
+    // #then
+    return expect(result).rejects.toThrow("token_endpoint")
+  })
+
+  test("caches discovery results per resource URL", () => {
+    // #given
+    const resource = "https://mcp.example.com"
+    const prmUrl = new URL("/.well-known/oauth-protected-resource", resource).toString()
+    const authServer = "https://auth.example.com"
+    const asUrl = new URL("/.well-known/oauth-authorization-server", authServer).toString()
+    const calls: string[] = []
+    const fetchMock = async (input: string | URL) => {
+      const url = typeof input === "string" ? input : input.toString()
+      calls.push(url)
+      if (url === prmUrl) {
+        return new Response(JSON.stringify({ authorization_servers: [authServer] }), { status: 200 })
+      }
+      if (url === asUrl) {
+        return new Response(
+          JSON.stringify({
+            authorization_endpoint: "https://auth.example.com/authorize",
+            token_endpoint: "https://auth.example.com/token",
+          }),
+          { status: 200 }
+        )
+      }
+      return new Response("not found", { status: 404 })
+    }
+    Object.defineProperty(globalThis, "fetch", { value: fetchMock, configurable: true })
+
+    // #when
+    return discoverOAuthServerMetadata(resource)
+      .then(() => discoverOAuthServerMetadata(resource))
+      .then(() => {
+        // #then
+        expect(calls).toEqual([prmUrl, asUrl])
+      })
+  })
+})

src/features/mcp-oauth/discovery.ts

@@ -0,0 +1,123 @@
+export interface OAuthServerMetadata {
+  authorizationEndpoint: string
+  tokenEndpoint: string
+  registrationEndpoint?: string
+  resource: string
+}
+
+const discoveryCache = new Map<string, OAuthServerMetadata>()
+const pendingDiscovery = new Map<string, Promise<OAuthServerMetadata>>()
+
+function parseHttpsUrl(value: string, label: string): URL {
+  const parsed = new URL(value)
+  if (parsed.protocol !== "https:") {
+    throw new Error(`${label} must use https`)
+  }
+  return parsed
+}
+
+function readStringField(source: Record<string, unknown>, field: string): string {
+  const value = source[field]
+  if (typeof value !== "string" || value.length === 0) {
+    throw new Error(`OAuth metadata missing ${field}`)
+  }
+  return value
+}
+
+async function fetchMetadata(url: string): Promise<{ ok: true; json: Record<string, unknown> } | { ok: false; status: number }> {
+  const response = await fetch(url, { headers: { accept: "application/json" } })
+  if (!response.ok) {
+    return { ok: false, status: response.status }
+  }
+  const json = (await response.json().catch(() => null)) as Record<string, unknown> | null
+  if (!json || typeof json !== "object") {
+    throw new Error("OAuth metadata response is not valid JSON")
+  }
+  return { ok: true, json }
+}
+
+async function fetchAuthorizationServerMetadata(issuer: string, resource: string): Promise<OAuthServerMetadata> {
+  const issuerUrl = parseHttpsUrl(issuer, "Authorization server URL")
+  const issuerPath = issuerUrl.pathname.replace(/\/+$/, "")
+  const metadataUrl = new URL(`/.well-known/oauth-authorization-server${issuerPath}`, issuerUrl).toString()
+  const metadata = await fetchMetadata(metadataUrl)
+
+  if (!metadata.ok) {
+    if (metadata.status === 404) {
+      throw new Error("OAuth authorization server metadata not found")
+    }
+    throw new Error(`OAuth authorization server metadata fetch failed (${metadata.status})`)
+  }
+
+  const authorizationEndpoint = parseHttpsUrl(
+    readStringField(metadata.json, "authorization_endpoint"),
+    "authorization_endpoint"
+  ).toString()
+  const tokenEndpoint = parseHttpsUrl(
+    readStringField(metadata.json, "token_endpoint"),
+    "token_endpoint"
+  ).toString()
+  const registrationEndpointValue = metadata.json.registration_endpoint
+  const registrationEndpoint =
+    typeof registrationEndpointValue === "string" && registrationEndpointValue.length > 0
+      ? parseHttpsUrl(registrationEndpointValue, "registration_endpoint").toString()
+      : undefined
+
+  return {
+    authorizationEndpoint,
+    tokenEndpoint,
+    registrationEndpoint,
+    resource,
+  }
+}
+
+function parseAuthorizationServers(metadata: Record<string, unknown>): string[] {
+  const servers = metadata.authorization_servers
+  if (!Array.isArray(servers)) return []
+  return servers.filter((server): server is string => typeof server === "string" && server.length > 0)
+}
+
+export async function discoverOAuthServerMetadata(resource: string): Promise<OAuthServerMetadata> {
+  const resourceUrl = parseHttpsUrl(resource, "Resource server URL")
+  const resourceKey = resourceUrl.toString()
+
+  const cached = discoveryCache.get(resourceKey)
+  if (cached) return cached
+
+  const pending = pendingDiscovery.get(resourceKey)
+  if (pending) return pending
+
+  const discoveryPromise = (async () => {
+    const prmUrl = new URL("/.well-known/oauth-protected-resource", resourceUrl).toString()
+    const prmResponse = await fetchMetadata(prmUrl)
+
+    if (prmResponse.ok) {
+      const authServers = parseAuthorizationServers(prmResponse.json)
+      if (authServers.length === 0) {
+        throw new Error("OAuth protected resource metadata missing authorization_servers")
+      }
+      return fetchAuthorizationServerMetadata(authServers[0], resource)
+    }
+
+    if (prmResponse.status !== 404) {
+      throw new Error(`OAuth protected resource metadata fetch failed (${prmResponse.status})`)
+    }
+
+    return fetchAuthorizationServerMetadata(resourceKey, resource)
+  })()
+
+  pendingDiscovery.set(resourceKey, discoveryPromise)
+
+  try {
+    const result = await discoveryPromise
+    discoveryCache.set(resourceKey, result)
+    return result
+  } finally {
+    pendingDiscovery.delete(resourceKey)
+  }
+}
+
+export function resetDiscoveryCache(): void {
+  discoveryCache.clear()
+  pendingDiscovery.clear()
+}

src/features/mcp-oauth/index.ts

@@ -0,0 +1 @@
+export * from "./schema"

src/features/mcp-oauth/provider.test.ts

@@ -0,0 +1,223 @@
+import { describe, expect, it, beforeEach, afterEach, mock } from "bun:test"
+import { createHash, randomBytes } from "node:crypto"
+import { McpOAuthProvider, generateCodeVerifier, generateCodeChallenge, buildAuthorizationUrl } from "./provider"
+import type { OAuthTokenData } from "./storage"
+
+describe("McpOAuthProvider", () => {
+  describe("generateCodeVerifier", () => {
+    it("returns a base64url-encoded 32-byte random string", () => {
+      //#given
+      const verifier = generateCodeVerifier()
+
+      //#when
+      const decoded = Buffer.from(verifier, "base64url")
+
+      //#then
+      expect(decoded.length).toBe(32)
+      expect(verifier).toMatch(/^[A-Za-z0-9_-]+$/)
+    })
+
+    it("produces unique values on each call", () => {
+      //#given
+      const first = generateCodeVerifier()
+
+      //#when
+      const second = generateCodeVerifier()
+
+      //#then
+      expect(first).not.toBe(second)
+    })
+  })
+
+  describe("generateCodeChallenge", () => {
+    it("returns SHA256 base64url digest of the verifier", () => {
+      //#given
+      const verifier = "test-verifier-value"
+      const expected = createHash("sha256").update(verifier).digest("base64url")
+
+      //#when
+      const challenge = generateCodeChallenge(verifier)
+
+      //#then
+      expect(challenge).toBe(expected)
+    })
+  })
+
+  describe("buildAuthorizationUrl", () => {
+    it("builds URL with all required PKCE parameters", () => {
+      //#given
+      const endpoint = "https://auth.example.com/authorize"
+
+      //#when
+      const url = buildAuthorizationUrl(endpoint, {
+        clientId: "my-client",
+        redirectUri: "http://127.0.0.1:8912/callback",
+        codeChallenge: "challenge-value",
+        state: "state-value",
+        scopes: ["openid", "profile"],
+        resource: "https://mcp.example.com",
+      })
+
+      //#then
+      const parsed = new URL(url)
+      expect(parsed.origin + parsed.pathname).toBe("https://auth.example.com/authorize")
+      expect(parsed.searchParams.get("response_type")).toBe("code")
+      expect(parsed.searchParams.get("client_id")).toBe("my-client")
+      expect(parsed.searchParams.get("redirect_uri")).toBe("http://127.0.0.1:8912/callback")
+      expect(parsed.searchParams.get("code_challenge")).toBe("challenge-value")
+      expect(parsed.searchParams.get("code_challenge_method")).toBe("S256")
+      expect(parsed.searchParams.get("state")).toBe("state-value")
+      expect(parsed.searchParams.get("scope")).toBe("openid profile")
+      expect(parsed.searchParams.get("resource")).toBe("https://mcp.example.com")
+    })
+
+    it("omits scope when empty", () => {
+      //#given
+      const endpoint = "https://auth.example.com/authorize"
+
+      //#when
+      const url = buildAuthorizationUrl(endpoint, {
+        clientId: "my-client",
+        redirectUri: "http://127.0.0.1:8912/callback",
+        codeChallenge: "challenge-value",
+        state: "state-value",
+        scopes: [],
+      })
+
+      //#then
+      const parsed = new URL(url)
+      expect(parsed.searchParams.has("scope")).toBe(false)
+    })
+
+    it("omits resource when undefined", () => {
+      //#given
+      const endpoint = "https://auth.example.com/authorize"
+
+      //#when
+      const url = buildAuthorizationUrl(endpoint, {
+        clientId: "my-client",
+        redirectUri: "http://127.0.0.1:8912/callback",
+        codeChallenge: "challenge-value",
+        state: "state-value",
+      })
+
+      //#then
+      const parsed = new URL(url)
+      expect(parsed.searchParams.has("resource")).toBe(false)
+    })
+  })
+
+  describe("constructor and basic methods", () => {
+    it("stores serverUrl and optional clientId and scopes", () => {
+      //#given
+      const options = {
+        serverUrl: "https://mcp.example.com",
+        clientId: "my-client",
+        scopes: ["openid"],
+      }
+
+      //#when
+      const provider = new McpOAuthProvider(options)
+
+      //#then
+      expect(provider.tokens()).toBeNull()
+      expect(provider.clientInformation()).toBeNull()
+      expect(provider.codeVerifier()).toBeNull()
+    })
+
+    it("defaults scopes to empty array", () => {
+      //#given
+      const options = { serverUrl: "https://mcp.example.com" }
+
+      //#when
+      const provider = new McpOAuthProvider(options)
+
+      //#then
+      expect(provider.redirectUrl()).toBe("http://127.0.0.1:19877/callback")
+    })
+  })
+
+  describe("saveCodeVerifier / codeVerifier", () => {
+    it("stores and retrieves code verifier", () => {
+      //#given
+      const provider = new McpOAuthProvider({ serverUrl: "https://mcp.example.com" })
+
+      //#when
+      provider.saveCodeVerifier("my-verifier")
+
+      //#then
+      expect(provider.codeVerifier()).toBe("my-verifier")
+    })
+  })
+
+  describe("saveTokens / tokens", () => {
+    let originalEnv: string | undefined
+
+    beforeEach(() => {
+      originalEnv = process.env.OPENCODE_CONFIG_DIR
+      const { mkdirSync } = require("node:fs")
+      const { tmpdir } = require("node:os")
+      const { join } = require("node:path")
+      const testDir = join(tmpdir(), "mcp-oauth-provider-test-" + Date.now())
+      mkdirSync(testDir, { recursive: true })
+      process.env.OPENCODE_CONFIG_DIR = testDir
+    })
+
+    afterEach(() => {
+      if (originalEnv === undefined) {
+        delete process.env.OPENCODE_CONFIG_DIR
+      } else {
+        process.env.OPENCODE_CONFIG_DIR = originalEnv
+      }
+    })
+
+    it("persists and loads token data via storage", () => {
+      //#given
+      const provider = new McpOAuthProvider({ serverUrl: "https://mcp.example.com" })
+      const tokenData: OAuthTokenData = {
+        accessToken: "access-token-123",
+        refreshToken: "refresh-token-456",
+        expiresAt: 1710000000,
+      }
+
+      //#when
+      const saved = provider.saveTokens(tokenData)
+      const loaded = provider.tokens()
+
+      //#then
+      expect(saved).toBe(true)
+      expect(loaded).toEqual(tokenData)
+    })
+  })
+
+  describe("redirectToAuthorization", () => {
+    it("throws when no client information is set", async () => {
+      //#given
+      const provider = new McpOAuthProvider({ serverUrl: "https://mcp.example.com" })
+      const metadata = {
+        authorizationEndpoint: "https://auth.example.com/authorize",
+        tokenEndpoint: "https://auth.example.com/token",
+        resource: "https://mcp.example.com",
+      }
+
+      //#when
+      const result = provider.redirectToAuthorization(metadata)
+
+      //#then
+      await expect(result).rejects.toThrow("No client information available")
+    })
+  })
+
+  describe("redirectUrl", () => {
+    it("returns localhost callback URL with default port", () => {
+      //#given
+      const provider = new McpOAuthProvider({ serverUrl: "https://mcp.example.com" })
+
+      //#when
+      const url = provider.redirectUrl()
+
+      //#then
+      expect(url).toBe("http://127.0.0.1:19877/callback")
+    })
+  })
+})

src/features/mcp-oauth/provider.ts

@@ -0,0 +1,295 @@
+import { createHash, randomBytes } from "node:crypto"
+import { createServer } from "node:http"
+import { spawn } from "node:child_process"
+import type { OAuthTokenData } from "./storage"
+import { loadToken, saveToken } from "./storage"
+import { discoverOAuthServerMetadata } from "./discovery"
+import type { OAuthServerMetadata } from "./discovery"
+import { getOrRegisterClient } from "./dcr"
+import type { ClientCredentials, ClientRegistrationStorage } from "./dcr"
+import { findAvailablePort } from "./callback-server"
+
+export type McpOAuthProviderOptions = {
+  serverUrl: string
+  clientId?: string
+  scopes?: string[]
+}
+
+type CallbackResult = {
+  code: string
+  state: string
+}
+
+function generateCodeVerifier(): string {
+  return randomBytes(32).toString("base64url")
+}
+
+function generateCodeChallenge(verifier: string): string {
+  return createHash("sha256").update(verifier).digest("base64url")
+}
+
+function buildAuthorizationUrl(
+  authorizationEndpoint: string,
+  options: {
+    clientId: string
+    redirectUri: string
+    codeChallenge: string
+    state: string
+    scopes?: string[]
+    resource?: string
+  }
+): string {
+  const url = new URL(authorizationEndpoint)
+  url.searchParams.set("response_type", "code")
+  url.searchParams.set("client_id", options.clientId)
+  url.searchParams.set("redirect_uri", options.redirectUri)
+  url.searchParams.set("code_challenge", options.codeChallenge)
+  url.searchParams.set("code_challenge_method", "S256")
+  url.searchParams.set("state", options.state)
+  if (options.scopes && options.scopes.length > 0) {
+    url.searchParams.set("scope", options.scopes.join(" "))
+  }
+  if (options.resource) {
+    url.searchParams.set("resource", options.resource)
+  }
+  return url.toString()
+}
+
+const CALLBACK_TIMEOUT_MS = 5 * 60 * 1000
+
+function startCallbackServer(port: number): Promise<CallbackResult> {
+  return new Promise((resolve, reject) => {
+    let timeoutId: ReturnType<typeof setTimeout>
+
+    const server = createServer((request, response) => {
+      clearTimeout(timeoutId)
+
+      const requestUrl = new URL(request.url ?? "/", `http://localhost:${port}`)
+      const code = requestUrl.searchParams.get("code")
+      const state = requestUrl.searchParams.get("state")
+      const error = requestUrl.searchParams.get("error")
+
+      if (error) {
+        const errorDescription = requestUrl.searchParams.get("error_description") ?? error
+        response.writeHead(400, { "content-type": "text/html" })
+        response.end("<html><body><h1>Authorization failed</h1></body></html>")
+        server.close()
+        reject(new Error(`OAuth authorization error: ${errorDescription}`))
+        return
+      }
+
+      if (!code || !state) {
+        response.writeHead(400, { "content-type": "text/html" })
+        response.end("<html><body><h1>Missing code or state</h1></body></html>")
+        server.close()
+        reject(new Error("OAuth callback missing code or state parameter"))
+        return
+      }
+
+      response.writeHead(200, { "content-type": "text/html" })
+      response.end("<html><body><h1>Authorization successful. You can close this tab.</h1></body></html>")
+      server.close()
+      resolve({ code, state })
+    })
+
+    timeoutId = setTimeout(() => {
+      server.close()
+      reject(new Error("OAuth callback timed out after 5 minutes"))
+    }, CALLBACK_TIMEOUT_MS)
+
+    server.listen(port, "127.0.0.1")
+    server.on("error", (err) => {
+      clearTimeout(timeoutId)
+      reject(err)
+    })
+  })
+}
+
+function openBrowser(url: string): void {
+  const platform = process.platform
+  let cmd: string
+  let args: string[]
+
+  if (platform === "darwin") {
+    cmd = "open"
+    args = [url]
+  } else if (platform === "win32") {
+    cmd = "explorer"
+    args = [url]
+  } else {
+    cmd = "xdg-open"
+    args = [url]
+  }
+
+  try {
+    const child = spawn(cmd, args, { stdio: "ignore", detached: true })
+    child.on("error", () => {})
+    child.unref()
+  } catch {
+    // Browser open failed — user must navigate manually
+  }
+}
+
+export class McpOAuthProvider {
+  private readonly serverUrl: string
+  private readonly configClientId: string | undefined
+  private readonly scopes: string[]
+  private storedCodeVerifier: string | null = null
+  private storedClientInfo: ClientCredentials | null = null
+  private callbackPort: number | null = null
+
+  constructor(options: McpOAuthProviderOptions) {
+    this.serverUrl = options.serverUrl
+    this.configClientId = options.clientId
+    this.scopes = options.scopes ?? []
+  }
+
+  tokens(): OAuthTokenData | null {
+    return loadToken(this.serverUrl, this.serverUrl)
+  }
+
+  saveTokens(tokenData: OAuthTokenData): boolean {
+    return saveToken(this.serverUrl, this.serverUrl, tokenData)
+  }
+
+  clientInformation(): ClientCredentials | null {
+    if (this.storedClientInfo) return this.storedClientInfo
+    const tokenData = this.tokens()
+    if (tokenData?.clientInfo) {
+      this.storedClientInfo = tokenData.clientInfo
+      return this.storedClientInfo
+    }
+    return null
+  }
+
+  redirectUrl(): string {
+    return `http://127.0.0.1:${this.callbackPort ?? 19877}/callback`
+  }
+
+  saveCodeVerifier(verifier: string): void {
+    this.storedCodeVerifier = verifier
+  }
+
+  codeVerifier(): string | null {
+    return this.storedCodeVerifier
+  }
+
+  async redirectToAuthorization(metadata: OAuthServerMetadata): Promise<CallbackResult> {
+    const verifier = generateCodeVerifier()
+    this.saveCodeVerifier(verifier)
+    const challenge = generateCodeChallenge(verifier)
+    const state = randomBytes(16).toString("hex")
+
+    const clientInfo = this.clientInformation()
+    if (!clientInfo) {
+      throw new Error("No client information available. Run login() or register a client first.")
+    }
+
+    if (this.callbackPort === null) {
+      this.callbackPort = await findAvailablePort()
+    }
+
+    const authUrl = buildAuthorizationUrl(metadata.authorizationEndpoint, {
+      clientId: clientInfo.clientId,
+      redirectUri: this.redirectUrl(),
+      codeChallenge: challenge,
+      state,
+      scopes: this.scopes,
+      resource: metadata.resource,
+    })
+
+    const callbackPromise = startCallbackServer(this.callbackPort)
+    openBrowser(authUrl)
+
+    const result = await callbackPromise
+    if (result.state !== state) {
+      throw new Error("OAuth state mismatch")
+    }
+
+    return result
+  }
+
+  async login(): Promise<OAuthTokenData> {
+    const metadata = await discoverOAuthServerMetadata(this.serverUrl)
+
+    const clientRegistrationStorage: ClientRegistrationStorage = {
+      getClientRegistration: () => this.storedClientInfo,
+      setClientRegistration: (_serverIdentifier: string, credentials: ClientCredentials) => {
+        this.storedClientInfo = credentials
+      },
+    }
+
+    const clientInfo = await getOrRegisterClient({
+      registrationEndpoint: metadata.registrationEndpoint,
+      serverIdentifier: this.serverUrl,
+      clientName: "oh-my-opencode",
+      redirectUris: [this.redirectUrl()],
+      tokenEndpointAuthMethod: "none",
+      clientId: this.configClientId,
+      storage: clientRegistrationStorage,
+    })
+
+    if (!clientInfo) {
+      throw new Error("Failed to obtain client credentials. Provide a clientId or ensure the server supports DCR.")
+    }
+
+    this.storedClientInfo = clientInfo
+
+    const { code } = await this.redirectToAuthorization(metadata)
+    const verifier = this.codeVerifier()
+    if (!verifier) {
+      throw new Error("Code verifier not found")
+    }
+
+    const tokenResponse = await fetch(metadata.tokenEndpoint, {
+      method: "POST",
+      headers: { "content-type": "application/x-www-form-urlencoded" },
+      body: new URLSearchParams({
+        grant_type: "authorization_code",
+        code,
+        redirect_uri: this.redirectUrl(),
+        client_id: clientInfo.clientId,
+        code_verifier: verifier,
+        ...(metadata.resource ? { resource: metadata.resource } : {}),
+      }).toString(),
+    })
+
+    if (!tokenResponse.ok) {
+      let errorDetail = `${tokenResponse.status}`
+      try {
+        const body = (await tokenResponse.json()) as Record<string, unknown>
+        if (body.error) {
+          errorDetail = `${tokenResponse.status} ${body.error}`
+          if (body.error_description) {
+            errorDetail += `: ${body.error_description}`
+          }
+        }
+      } catch {
+        // Response body not JSON
+      }
+      throw new Error(`Token exchange failed: ${errorDetail}`)
+    }
+
+    const tokenData = (await tokenResponse.json()) as Record<string, unknown>
+    const accessToken = tokenData.access_token
+    if (typeof accessToken !== "string") {
+      throw new Error("Token response missing access_token")
+    }
+
+    const oauthTokenData: OAuthTokenData = {
+      accessToken,
+      refreshToken: typeof tokenData.refresh_token === "string" ? tokenData.refresh_token : undefined,
+      expiresAt:
+        typeof tokenData.expires_in === "number" ? Math.floor(Date.now() / 1000) + tokenData.expires_in : undefined,
+      clientInfo: {
+        clientId: clientInfo.clientId,
+        clientSecret: clientInfo.clientSecret,
+      },
+    }
+
+    this.saveTokens(oauthTokenData)
+    return oauthTokenData
+  }
+}
+
+export { generateCodeVerifier, generateCodeChallenge, buildAuthorizationUrl, startCallbackServer }