@link-assistant/agent 0.16.17 → 0.16.18

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@link-assistant/agent",
-  "version": "0.16.17",
+  "version": "0.16.18",
   "description": "A minimal, public domain AI CLI agent compatible with OpenCode's JSON interface. Bun-only runtime.",
   "main": "src/index.js",
   "type": "module",

package/src/auth/claude-oauth.ts

@@ -2,6 +2,7 @@ import crypto from 'crypto';
 import path from 'path';
 import { Global } from '../global';
 import { Log } from '../util/log';
+import { createVerboseFetch } from '../util/verbose-fetch';
 import z from 'zod';
 
 /**
@@ -24,6 +25,7 @@ import z from 'zod';
  */
 export namespace ClaudeOAuth {
   const log = Log.create({ service: 'claude-oauth' });
+  const verboseFetch = createVerboseFetch(fetch, { caller: 'claude-oauth' });
 
   /**
    * OAuth Configuration
@@ -218,7 +220,7 @@ export namespace ClaudeOAuth {
       message: 'exchanging authorization code for tokens',
     }));
 
-    const response = await fetch(Config.tokenUrl, {
+    const response = await verboseFetch(Config.tokenUrl, {
       method: 'POST',
       headers: {
         'Content-Type': 'application/x-www-form-urlencoded',
@@ -402,7 +404,7 @@ export namespace ClaudeOAuth {
     log.info(() => ({ message: 'refreshing access token' }));
 
     try {
-      const response = await fetch(Config.tokenUrl, {
+      const response = await verboseFetch(Config.tokenUrl, {
         method: 'POST',
         headers: {
           'Content-Type': 'application/x-www-form-urlencoded',
@@ -446,7 +448,7 @@ export namespace ClaudeOAuth {
       } else {
         headers.set('anthropic-beta', Config.betaHeader);
       }
-      return fetch(url, { ...init, headers });
+      return verboseFetch(url, { ...init, headers });
     };
   }
 }

package/src/auth/plugins.ts

@@ -3,6 +3,7 @@ import * as http from 'node:http';
 import * as net from 'node:net';
 import { Auth } from './index';
 import { Log } from '../util/log';
+import { createVerboseFetch } from '../util/verbose-fetch';
 
 /**
  * Auth Plugins Module
@@ -12,6 +13,7 @@ import { Log } from '../util/log';
  */
 
 const log = Log.create({ service: 'auth-plugins' });
+const verboseFetch = createVerboseFetch(fetch, { caller: 'auth-plugins' });
 
 /**
  * OAuth callback result types
@@ -142,7 +144,7 @@ const AnthropicPlugin: AuthPlugin = {
             if (!code) return { type: 'failed' };
 
             const splits = code.split('#');
-            const result = await fetch(
+            const result = await verboseFetch(
               'https://console.anthropic.com/v1/oauth/token',
               {
                 method: 'POST',
@@ -210,7 +212,7 @@ const AnthropicPlugin: AuthPlugin = {
             if (!code) return { type: 'failed' };
 
             const splits = code.split('#');
-            const tokenResult = await fetch(
+            const tokenResult = await verboseFetch(
               'https://console.anthropic.com/v1/oauth/token',
               {
                 method: 'POST',
@@ -240,7 +242,7 @@ const AnthropicPlugin: AuthPlugin = {
             const credentials = await tokenResult.json();
 
             // Create API key using the access token
-            const apiKeyResult = await fetch(
+            const apiKeyResult = await verboseFetch(
               'https://api.anthropic.com/api/oauth/claude_cli/create_api_key',
               {
                 method: 'POST',
@@ -291,7 +293,7 @@ const AnthropicPlugin: AuthPlugin = {
           log.info(() => ({
             message: 'refreshing anthropic oauth token',
           }));
-          const response = await fetch(
+          const response = await verboseFetch(
             'https://console.anthropic.com/v1/oauth/token',
             {
               method: 'POST',
@@ -446,7 +448,7 @@ const GitHubCopilotPlugin: AuthPlugin = {
 
         const urls = getCopilotUrls(domain);
 
-        const deviceResponse = await fetch(urls.DEVICE_CODE_URL, {
+        const deviceResponse = await verboseFetch(urls.DEVICE_CODE_URL, {
           method: 'POST',
           headers: {
             Accept: 'application/json',
@@ -476,7 +478,7 @@ const GitHubCopilotPlugin: AuthPlugin = {
           method: 'auto',
           async callback(): Promise<AuthResult> {
             while (true) {
-              const response = await fetch(urls.ACCESS_TOKEN_URL, {
+              const response = await verboseFetch(urls.ACCESS_TOKEN_URL, {
                 method: 'POST',
                 headers: {
                   Accept: 'application/json',
@@ -571,7 +573,7 @@ const GitHubCopilotPlugin: AuthPlugin = {
           const urls = getCopilotUrls(domain);
 
           log.info(() => ({ message: 'refreshing github copilot token' }));
-          const response = await fetch(urls.COPILOT_API_KEY_URL, {
+          const response = await verboseFetch(urls.COPILOT_API_KEY_URL, {
             headers: {
               Accept: 'application/json',
               Authorization: `Bearer ${currentInfo.refresh}`,
@@ -731,7 +733,7 @@ const OpenAIPlugin: AuthPlugin = {
             }
 
             // Exchange authorization code for tokens
-            const tokenResult = await fetch(OPENAI_TOKEN_URL, {
+            const tokenResult = await verboseFetch(OPENAI_TOKEN_URL, {
               method: 'POST',
               headers: {
                 'Content-Type': 'application/x-www-form-urlencoded',
@@ -797,7 +799,7 @@ const OpenAIPlugin: AuthPlugin = {
         // Refresh token if expired
         if (!currentAuth.access || currentAuth.expires < Date.now()) {
           log.info(() => ({ message: 'refreshing openai oauth token' }));
-          const response = await fetch(OPENAI_TOKEN_URL, {
+          const response = await verboseFetch(OPENAI_TOKEN_URL, {
             method: 'POST',
             headers: {
               'Content-Type': 'application/x-www-form-urlencoded',
@@ -1091,7 +1093,7 @@ const GooglePlugin: AuthPlugin = {
               const { code } = await authPromise;
 
               // Exchange authorization code for tokens
-              const tokenResult = await fetch(GOOGLE_TOKEN_URL, {
+              const tokenResult = await verboseFetch(GOOGLE_TOKEN_URL, {
                 method: 'POST',
                 headers: {
                   'Content-Type': 'application/x-www-form-urlencoded',
@@ -1187,7 +1189,7 @@ const GooglePlugin: AuthPlugin = {
 
             try {
               // Exchange authorization code for tokens
-              const tokenResult = await fetch(GOOGLE_TOKEN_URL, {
+              const tokenResult = await verboseFetch(GOOGLE_TOKEN_URL, {
                 method: 'POST',
                 headers: {
                   'Content-Type': 'application/x-www-form-urlencoded',
@@ -1348,7 +1350,7 @@ const GooglePlugin: AuthPlugin = {
       // Call loadCodeAssist to discover project and tier
       try {
         const loadUrl = `${CLOUD_CODE_ENDPOINT}/${CLOUD_CODE_API_VERSION}:loadCodeAssist`;
-        const loadRes = await fetch(loadUrl, {
+        const loadRes = await verboseFetch(loadUrl, {
           method: 'POST',
           headers: {
             'Content-Type': 'application/json',
@@ -1440,7 +1442,7 @@ const GooglePlugin: AuthPlugin = {
                 },
               };
 
-        let lroRes = await fetch(onboardUrl, {
+        let lroRes = await verboseFetch(onboardUrl, {
           method: 'POST',
           headers: {
             'Content-Type': 'application/json',
@@ -1456,11 +1458,11 @@ const GooglePlugin: AuthPlugin = {
           if (lroRes.name) {
             // Poll operation status
             const opUrl = `${CLOUD_CODE_ENDPOINT}/${CLOUD_CODE_API_VERSION}/${lroRes.name}`;
-            lroRes = await fetch(opUrl, {
+            lroRes = await verboseFetch(opUrl, {
               headers: { Authorization: `Bearer ${accessToken}` },
             }).then((r) => r.json());
           } else {
-            lroRes = await fetch(onboardUrl, {
+            lroRes = await verboseFetch(onboardUrl, {
               method: 'POST',
               headers: {
                 'Content-Type': 'application/json',
@@ -1924,7 +1926,7 @@ const GooglePlugin: AuthPlugin = {
           // Invalidate project cache when token changes
           cachedProjectContext = null;
 
-          const response = await fetch(GOOGLE_TOKEN_URL, {
+          const response = await verboseFetch(GOOGLE_TOKEN_URL, {
             method: 'POST',
             headers: {
               'Content-Type': 'application/x-www-form-urlencoded',
@@ -2043,7 +2045,7 @@ const GooglePlugin: AuthPlugin = {
               await new Promise((resolve) => setTimeout(resolve, delay));
             }
 
-            const cloudCodeResponse = await fetch(finalCloudCodeUrl, {
+            const cloudCodeResponse = await verboseFetch(finalCloudCodeUrl, {
               ...init,
               body,
               headers,
@@ -2135,7 +2137,7 @@ const GooglePlugin: AuthPlugin = {
         };
         delete headers['x-goog-api-key'];
 
-        const oauthResponse = await fetch(input, {
+        const oauthResponse = await verboseFetch(input, {
           ...init,
           headers,
         });
@@ -2248,19 +2250,22 @@ const QwenPlugin: AuthPlugin = {
         const codeChallenge = generateCodeChallenge(codeVerifier);
 
         // Request device code
-        const deviceResponse = await fetch(QWEN_OAUTH_DEVICE_CODE_ENDPOINT, {
-          method: 'POST',
-          headers: {
-            'Content-Type': 'application/x-www-form-urlencoded',
-            Accept: 'application/json',
-          },
-          body: new URLSearchParams({
-            client_id: QWEN_OAUTH_CLIENT_ID,
-            scope: QWEN_OAUTH_SCOPE,
-            code_challenge: codeChallenge,
-            code_challenge_method: 'S256',
-          }).toString(),
-        });
+        const deviceResponse = await verboseFetch(
+          QWEN_OAUTH_DEVICE_CODE_ENDPOINT,
+          {
+            method: 'POST',
+            headers: {
+              'Content-Type': 'application/x-www-form-urlencoded',
+              Accept: 'application/json',
+            },
+            body: new URLSearchParams({
+              client_id: QWEN_OAUTH_CLIENT_ID,
+              scope: QWEN_OAUTH_SCOPE,
+              code_challenge: codeChallenge,
+              code_challenge_method: 'S256',
+            }).toString(),
+          }
+        );
 
         if (!deviceResponse.ok) {
           const errorText = await deviceResponse.text();
@@ -2308,19 +2313,22 @@ const QwenPlugin: AuthPlugin = {
           async callback(): Promise<AuthResult> {
             // Poll for authorization completion
             for (let attempt = 0; attempt < maxPollAttempts; attempt++) {
-              const tokenResponse = await fetch(QWEN_OAUTH_TOKEN_ENDPOINT, {
-                method: 'POST',
-                headers: {
-                  'Content-Type': 'application/x-www-form-urlencoded',
-                  Accept: 'application/json',
-                },
-                body: new URLSearchParams({
-                  client_id: QWEN_OAUTH_CLIENT_ID,
-                  device_code: deviceData.device_code,
-                  grant_type: 'urn:ietf:params:oauth:grant-type:device_code',
-                  code_verifier: codeVerifier,
-                }).toString(),
-              });
+              const tokenResponse = await verboseFetch(
+                QWEN_OAUTH_TOKEN_ENDPOINT,
+                {
+                  method: 'POST',
+                  headers: {
+                    'Content-Type': 'application/x-www-form-urlencoded',
+                    Accept: 'application/json',
+                  },
+                  body: new URLSearchParams({
+                    client_id: QWEN_OAUTH_CLIENT_ID,
+                    device_code: deviceData.device_code,
+                    grant_type: 'urn:ietf:params:oauth:grant-type:device_code',
+                    code_verifier: codeVerifier,
+                  }).toString(),
+                }
+              );
 
               if (!tokenResponse.ok) {
                 const errorText = await tokenResponse.text();
@@ -2426,7 +2434,7 @@ const QwenPlugin: AuthPlugin = {
               : 'token expiring soon',
           }));
 
-          const response = await fetch(QWEN_OAUTH_TOKEN_ENDPOINT, {
+          const response = await verboseFetch(QWEN_OAUTH_TOKEN_ENDPOINT, {
             method: 'POST',
             headers: {
               'Content-Type': 'application/x-www-form-urlencoded',
@@ -2575,7 +2583,7 @@ const AlibabaPlugin: AuthPlugin = {
             message: 'refreshing qwen oauth token (alibaba provider)',
           }));
 
-          const response = await fetch(QWEN_OAUTH_TOKEN_ENDPOINT, {
+          const response = await verboseFetch(QWEN_OAUTH_TOKEN_ENDPOINT, {
             method: 'POST',
             headers: {
               'Content-Type': 'application/x-www-form-urlencoded',
@@ -2651,7 +2659,7 @@ const KiloPlugin: AuthPlugin = {
       type: 'oauth',
       async authorize() {
         // Initiate device authorization
-        const initResponse = await fetch(
+        const initResponse = await verboseFetch(
           `${KILO_API_BASE}/api/device-auth/codes`,
           {
             method: 'POST',
@@ -2704,7 +2712,7 @@ const KiloPlugin: AuthPlugin = {
                 setTimeout(resolve, KILO_POLL_INTERVAL_MS)
               );
 
-              const pollResponse = await fetch(
+              const pollResponse = await verboseFetch(
                 `${KILO_API_BASE}/api/device-auth/codes/${authData.code}`
               );
 

package/src/cli/cmd/auth.ts

@@ -9,6 +9,9 @@ import path from 'path';
 import os from 'os';
 import { Global } from '../../global';
 import { map, pipe, sortBy, values } from 'remeda';
+import { createVerboseFetch } from '../../util/verbose-fetch';
+
+const verboseFetch = createVerboseFetch(fetch, { caller: 'auth-cmd' });
 
 /**
  * Auth Command
@@ -86,9 +89,9 @@ export const AuthLoginCommand = cmd({
     // Handle wellknown URL login
     if (args.url) {
       try {
-        const wellknown = await fetch(`${args.url}/.well-known/opencode`).then(
-          (x) => x.json() as any
-        );
+        const wellknown = await verboseFetch(
+          `${args.url}/.well-known/opencode`
+        ).then((x) => x.json() as any);
         prompts.log.info(`Running \`${wellknown.auth.command.join(' ')}\``);
         const proc = Bun.spawn({
           cmd: wellknown.auth.command,

package/src/cli/continuous-mode.js

@@ -12,6 +12,7 @@ import { createEventHandler } from '../json-standard/index.ts';
 import { createContinuousStdinReader } from './input-queue.js';
 import { Log } from '../util/log.ts';
 import { Flag } from '../flag/flag.ts';
+import { createVerboseFetch } from '../util/verbose-fetch.ts';
 import { outputStatus, outputError, outputInput } from './output.ts';
 
 // Shared error tracking
@@ -215,7 +216,10 @@ export async function runContinuousServerMode(
       sessionID = resumeInfo.sessionID;
     } else {
       // Create a new session
-      const createRes = await fetch(
+      const localVerboseFetch = createVerboseFetch(fetch, {
+        caller: 'continuous-mode',
+      });
+      const createRes = await localVerboseFetch(
         `http://${server.hostname}:${server.port}/session`,
         {
           method: 'POST',

package/src/config/config.ts

@@ -11,6 +11,7 @@ import { lazy } from '../util/lazy';
 import { NamedError } from '../util/error';
 import { Flag } from '../flag/flag';
 import { Auth } from '../auth';
+import { createVerboseFetch } from '../util/verbose-fetch';
 import {
   type ParseError as JsoncParseError,
   parse as parseJsonc,
@@ -21,6 +22,7 @@ import { ConfigMarkdown } from './markdown';
 
 export namespace Config {
   const log = Log.create({ service: 'config' });
+  const verboseFetch = createVerboseFetch(fetch, { caller: 'config' });
 
   /**
    * Automatically migrate .opencode directories to .link-assistant-agent
@@ -163,9 +165,9 @@ export namespace Config {
     for (const [key, value] of Object.entries(auth)) {
       if (value.type === 'wellknown') {
         process.env[value.key] = value.token;
-        const wellknown = (await fetch(`${key}/.well-known/opencode`).then(
-          (x) => x.json()
-        )) as any;
+        const wellknown = (await verboseFetch(
+          `${key}/.well-known/opencode`
+        ).then((x) => x.json())) as any;
         result = mergeDeep(
           result,
           await load(JSON.stringify(wellknown.config ?? {}), process.cwd())

package/src/file/ripgrep.ts

@@ -9,9 +9,11 @@ import { $ } from 'bun';
 
 import { ZipReader, BlobReader, BlobWriter } from '@zip.js/zip.js';
 import { Log } from '../util/log';
+import { createVerboseFetch } from '../util/verbose-fetch';
 
 export namespace Ripgrep {
   const log = Log.create({ service: 'ripgrep' });
+  const verboseFetch = createVerboseFetch(fetch, { caller: 'ripgrep' });
   const Stats = z.object({
     elapsed: z.object({
       secs: z.number(),
@@ -142,7 +144,7 @@ export namespace Ripgrep {
       const filename = `ripgrep-${version}-${config.platform}.${config.extension}`;
       const url = `https://github.com/BurntSushi/ripgrep/releases/download/${version}/${filename}`;
 
-      const response = await fetch(url);
+      const response = await verboseFetch(url);
       if (!response.ok)
         throw new DownloadFailedError({ url, status: response.status });
 

package/src/index.js

@@ -21,6 +21,7 @@ import { McpCommand } from './cli/cmd/mcp.ts';
 import { AuthCommand } from './cli/cmd/auth.ts';
 import { FormatError } from './cli/error.ts';
 import { UI } from './cli/ui.ts';
+import { createVerboseFetch } from './util/verbose-fetch.ts';
 import {
   runContinuousServerMode,
   runContinuousDirectMode,
@@ -427,7 +428,8 @@ async function runServerMode(
       sessionID = resumeInfo.sessionID;
     } else {
       // Create a new session
-      const createRes = await fetch(
+      const localVerboseFetch = createVerboseFetch(fetch, { caller: 'cli' });
+      const createRes = await localVerboseFetch(
         `http://${server.hostname}:${server.port}/session`,
         {
           method: 'POST',

package/src/provider/google-cloudcode.ts

@@ -15,8 +15,10 @@
 
 import { Log } from '../util/log';
 import { Auth } from '../auth';
+import { createVerboseFetch } from '../util/verbose-fetch';
 
 const log = Log.create({ service: 'google-cloudcode' });
+const verboseFetch = createVerboseFetch(fetch, { caller: 'google-cloudcode' });
 
 // Cloud Code API endpoints (from gemini-cli)
 // Configurable via environment variables for testing or alternative endpoints
@@ -179,7 +181,7 @@ export class CloudCodeClient {
       message: 'refreshing google oauth token for cloud code',
     }));
 
-    const response = await fetch(GOOGLE_TOKEN_URL, {
+    const response = await verboseFetch(GOOGLE_TOKEN_URL, {
       method: 'POST',
       headers: {
         'Content-Type': 'application/x-www-form-urlencoded',
@@ -223,7 +225,7 @@ export class CloudCodeClient {
     const baseUrl = `${CODE_ASSIST_ENDPOINT}/${CODE_ASSIST_API_VERSION}:${method}`;
     const url = options.stream ? `${baseUrl}?alt=sse` : baseUrl;
 
-    const response = await fetch(url, {
+    const response = await verboseFetch(url, {
       method: 'POST',
       headers: {
         'Content-Type': 'application/json',

package/src/provider/models.ts

@@ -1,11 +1,13 @@
 import { Global } from '../global';
 import { Log } from '../util/log';
+import { createVerboseFetch } from '../util/verbose-fetch';
 import path from 'path';
 import z from 'zod';
 import { data } from './models-macro';
 
 export namespace ModelsDev {
   const log = Log.create({ service: 'models.dev' });
+  const verboseFetch = createVerboseFetch(fetch, { caller: 'models.dev' });
   const filepath = path.join(Global.Path.cache, 'models.json');
 
   export const Model = z
@@ -145,7 +147,7 @@ export namespace ModelsDev {
   export async function refresh() {
     const file = Bun.file(filepath);
     log.info(() => ({ message: 'refreshing', file }));
-    const result = await fetch('https://models.dev/api.json', {
+    const result = await verboseFetch('https://models.dev/api.json', {
       headers: {
         'User-Agent': 'agent-cli/1.0.0',
       },

package/src/provider/provider.ts

@@ -1207,8 +1207,22 @@ export namespace Provider {
       // When verbose is disabled, the wrapper is a no-op passthrough with negligible overhead.
       // See: https://github.com/link-assistant/agent/issues/200
       // See: https://github.com/link-assistant/agent/issues/206
+      // See: https://github.com/link-assistant/agent/issues/215
       {
         const innerFetch = options['fetch'];
+        let verboseWrapperConfirmed = false;
+        let httpCallCount = 0;
+
+        // Log at SDK creation time that the fetch wrapper is installed.
+        // This runs once per provider SDK creation (not per request).
+        // If verbose is off at creation time, the per-request check still applies.
+        // See: https://github.com/link-assistant/agent/issues/215
+        log.info('verbose HTTP fetch wrapper installed', {
+          providerID: provider.id,
+          pkg,
+          verboseAtCreation: Flag.OPENCODE_VERBOSE,
+        });
+
         options['fetch'] = async (
           input: RequestInfo | URL,
           init?: RequestInit
@@ -1218,6 +1232,24 @@ export namespace Provider {
             return innerFetch(input, init);
           }
 
+          httpCallCount++;
+          const callNum = httpCallCount;
+
+          // Log a one-time confirmation that the verbose wrapper is active for this provider.
+          // This diagnostic breadcrumb confirms the wrapper is in the fetch chain.
+          // Also write to stderr as a redundant channel — stdout JSON may be filtered by wrappers.
+          // See: https://github.com/link-assistant/agent/issues/215
+          if (!verboseWrapperConfirmed) {
+            verboseWrapperConfirmed = true;
+            log.info('verbose HTTP logging active', {
+              providerID: provider.id,
+            });
+            // Redundant stderr confirmation — visible even if stdout is piped/filtered
+            process.stderr.write(
+              `[verbose] HTTP logging active for provider: ${provider.id}\n`
+            );
+          }
+
           const url =
             typeof input === 'string'
               ? input
@@ -1226,50 +1258,64 @@ export namespace Provider {
                 : input.url;
           const method = init?.method ?? 'GET';
 
-          // Sanitize headers - mask authorization values
-          const sanitizedHeaders: Record<string, string> = {};
-          const rawHeaders = init?.headers;
-          if (rawHeaders) {
-            const entries =
-              rawHeaders instanceof Headers
-                ? Array.from(rawHeaders.entries())
-                : Array.isArray(rawHeaders)
-                  ? rawHeaders
-                  : Object.entries(rawHeaders);
-            for (const [key, value] of entries) {
-              const lower = key.toLowerCase();
-              if (
-                lower === 'authorization' ||
-                lower === 'x-api-key' ||
-                lower === 'api-key'
-              ) {
-                sanitizedHeaders[key] =
-                  typeof value === 'string' && value.length > 8
-                    ? value.slice(0, 4) + '...' + value.slice(-4)
-                    : '[REDACTED]';
-              } else {
-                sanitizedHeaders[key] = String(value);
+          // Wrap all verbose logging in try/catch so it never breaks the actual HTTP request.
+          // If logging fails, the request must still proceed — logging is observability, not control flow.
+          // See: https://github.com/link-assistant/agent/issues/215
+          let sanitizedHeaders: Record<string, string> = {};
+          let bodyPreview: string | undefined;
+          try {
+            // Sanitize headers - mask authorization values
+            const rawHeaders = init?.headers;
+            if (rawHeaders) {
+              const entries =
+                rawHeaders instanceof Headers
+                  ? Array.from(rawHeaders.entries())
+                  : Array.isArray(rawHeaders)
+                    ? rawHeaders
+                    : Object.entries(rawHeaders);
+              for (const [key, value] of entries) {
+                const lower = key.toLowerCase();
+                if (
+                  lower === 'authorization' ||
+                  lower === 'x-api-key' ||
+                  lower === 'api-key'
+                ) {
+                  sanitizedHeaders[key] =
+                    typeof value === 'string' && value.length > 8
+                      ? value.slice(0, 4) + '...' + value.slice(-4)
+                      : '[REDACTED]';
+                } else {
+                  sanitizedHeaders[key] = String(value);
+                }
               }
             }
-          }
 
-          // Log request body preview (truncated)
-          let bodyPreview: string | undefined;
-          if (init?.body) {
-            const bodyStr =
-              typeof init.body === 'string'
-                ? init.body
-                : init.body instanceof ArrayBuffer ||
-                    init.body instanceof Uint8Array
-                  ? `[binary ${(init.body as ArrayBuffer).byteLength ?? (init.body as Uint8Array).length} bytes]`
-                  : undefined;
-            if (bodyStr && typeof bodyStr === 'string') {
-              bodyPreview =
-                bodyStr.length > 2000
-                  ? bodyStr.slice(0, 2000) +
-                    `... [truncated, total ${bodyStr.length} chars]`
-                  : bodyStr;
+            // Log request body preview (truncated)
+            if (init?.body) {
+              const bodyStr =
+                typeof init.body === 'string'
+                  ? init.body
+                  : init.body instanceof ArrayBuffer ||
+                      init.body instanceof Uint8Array
+                    ? `[binary ${(init.body as ArrayBuffer).byteLength ?? (init.body as Uint8Array).length} bytes]`
+                    : undefined;
+              if (bodyStr && typeof bodyStr === 'string') {
+                bodyPreview =
+                  bodyStr.length > 2000
+                    ? bodyStr.slice(0, 2000) +
+                      `... [truncated, total ${bodyStr.length} chars]`
+                    : bodyStr;
+              }
             }
+          } catch (prepError) {
+            // If header/body processing fails, log the error but continue with the request
+            log.warn('verbose logging: failed to prepare request details', {
+              providerID: provider.id,
+              error:
+                prepError instanceof Error
+                  ? prepError.message
+                  : String(prepError),
+            });
           }
 
           // Use direct (non-lazy) logging for HTTP request/response to ensure output
@@ -1277,7 +1323,9 @@ export namespace Provider {
           // The verbose check is already done above, so lazy evaluation is not needed here.
           // See: https://github.com/link-assistant/agent/issues/211
           log.info('HTTP request', {
+            caller: `provider/${provider.id}`,
             providerID: provider.id,
+            callNum,
             method,
             url,
             headers: sanitizedHeaders,
@@ -1286,13 +1334,21 @@ export namespace Provider {
 
           const startMs = Date.now();
           try {
-            const response = await innerFetch(input, init);
+            // Pass Bun-specific verbose:true to get detailed connection debugging
+            // (prints request/response headers to stderr on socket errors).
+            // This is a no-op on non-Bun runtimes.
+            // See: https://bun.sh/docs/api/fetch
+            // See: https://github.com/link-assistant/agent/issues/215
+            const verboseInit = { ...init, verbose: true } as RequestInit;
+            const response = await innerFetch(input, verboseInit);
             const durationMs = Date.now() - startMs;
 
             // Use direct (non-lazy) logging to ensure HTTP response details are captured
             // See: https://github.com/link-assistant/agent/issues/211
             log.info('HTTP response', {
+              caller: `provider/${provider.id}`,
               providerID: provider.id,
+              callNum,
               method,
               url,
               status: response.status,
@@ -1342,7 +1398,9 @@ export namespace Provider {
                     // Use direct (non-lazy) logging for stream body
                     // See: https://github.com/link-assistant/agent/issues/211
                     log.info('HTTP response body (stream)', {
+                      caller: `provider/${provider.id}`,
                       providerID: provider.id,
+                      callNum,
                       url,
                       bodyPreview: truncated
                         ? bodyPreview + `... [truncated]`
@@ -1370,7 +1428,9 @@ export namespace Provider {
                 // Use direct (non-lazy) logging for non-streaming body
                 // See: https://github.com/link-assistant/agent/issues/211
                 log.info('HTTP response body', {
+                  caller: `provider/${provider.id}`,
                   providerID: provider.id,
+                  callNum,
                   url,
                   bodyPreview,
                 });
@@ -1386,15 +1446,29 @@ export namespace Provider {
           } catch (error) {
             const durationMs = Date.now() - startMs;
             // Use direct (non-lazy) logging for error path
+            // Include stack trace and error cause for better debugging of socket errors
             // See: https://github.com/link-assistant/agent/issues/211
+            // See: https://github.com/link-assistant/agent/issues/215
             log.error('HTTP request failed', {
+              caller: `provider/${provider.id}`,
               providerID: provider.id,
+              callNum,
               method,
               url,
               durationMs,
               error:
                 error instanceof Error
-                  ? { name: error.name, message: error.message }
+                  ? {
+                      name: error.name,
+                      message: error.message,
+                      stack: error.stack,
+                      cause:
+                        error.cause instanceof Error
+                          ? error.cause.message
+                          : error.cause
+                            ? String(error.cause)
+                            : undefined,
+                    }
                   : String(error),
             });
             throw error;

package/src/tool/codesearch.ts

@@ -1,6 +1,9 @@
 import z from 'zod';
 import { Tool } from './tool';
 import DESCRIPTION from './codesearch.txt';
+import { createVerboseFetch } from '../util/verbose-fetch';
+
+const verboseFetch = createVerboseFetch(fetch, { caller: 'codesearch' });
 
 const API_CONFIG = {
   BASE_URL: 'https://mcp.exa.ai',
@@ -73,7 +76,7 @@ export const CodeSearchTool = Tool.define('codesearch', {
         'content-type': 'application/json',
       };
 
-      const response = await fetch(
+      const response = await verboseFetch(
         `${API_CONFIG.BASE_URL}${API_CONFIG.ENDPOINTS.CONTEXT}`,
         {
           method: 'POST',

package/src/tool/webfetch.ts

@@ -2,6 +2,9 @@ import z from 'zod';
 import { Tool } from './tool';
 import TurndownService from 'turndown';
 import DESCRIPTION from './webfetch.txt';
+import { createVerboseFetch } from '../util/verbose-fetch';
+
+const verboseFetch = createVerboseFetch(fetch, { caller: 'webfetch' });
 
 const MAX_RESPONSE_SIZE = 5 * 1024 * 1024; // 5MB
 const DEFAULT_TIMEOUT = 30 * 1000; // 30 seconds
@@ -59,7 +62,7 @@ export const WebFetchTool = Tool.define('webfetch', {
           'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8';
     }
 
-    const response = await fetch(params.url, {
+    const response = await verboseFetch(params.url, {
       signal: AbortSignal.any([controller.signal, ctx.abort]),
       headers: {
         'User-Agent':

package/src/tool/websearch.ts

@@ -2,6 +2,9 @@ import z from 'zod';
 import { Tool } from './tool';
 import DESCRIPTION from './websearch.txt';
 import { Config } from '../config/config';
+import { createVerboseFetch } from '../util/verbose-fetch';
+
+const verboseFetch = createVerboseFetch(fetch, { caller: 'websearch' });
 
 const API_CONFIG = {
   BASE_URL: 'https://mcp.exa.ai',
@@ -91,7 +94,7 @@ export const WebSearchTool = Tool.define('websearch', {
         'content-type': 'application/json',
       };
 
-      const response = await fetch(
+      const response = await verboseFetch(
         `${API_CONFIG.BASE_URL}${API_CONFIG.ENDPOINTS.SEARCH}`,
         {
           method: 'POST',

package/src/util/verbose-fetch.ts

@@ -0,0 +1,303 @@
+import { Log } from './log';
+import { Flag } from '../flag/flag';
+
+/**
+ * Shared verbose HTTP fetch wrapper.
+ *
+ * Intercepts fetch() calls and logs request/response details as JSON objects
+ * when --verbose mode is enabled. Used across the entire codebase (tools, auth,
+ * config, providers) to ensure uniform and predictable HTTP logging.
+ *
+ * Features:
+ * - Logs HTTP request: method, URL, sanitized headers, body preview
+ * - Logs HTTP response: status, headers, duration, body preview
+ * - Logs HTTP errors: stack trace, error cause chain
+ * - Sequential call numbering for correlation
+ * - Error-resilient: logging failures never break the actual HTTP request
+ * - Runtime verbose check: respects Flag.OPENCODE_VERBOSE at call time
+ *
+ * @see https://github.com/link-assistant/agent/issues/215
+ */
+
+const log = Log.create({ service: 'http' });
+
+/** Global call counter shared across all verbose fetch wrappers */
+let globalHttpCallCount = 0;
+
+/**
+ * Sanitize HTTP headers by masking sensitive values.
+ * Masks authorization, x-api-key, and api-key headers.
+ */
+export function sanitizeHeaders(
+  rawHeaders: HeadersInit | Record<string, string> | Headers | undefined
+): Record<string, string> {
+  const sanitized: Record<string, string> = {};
+  if (!rawHeaders) return sanitized;
+
+  const entries =
+    rawHeaders instanceof Headers
+      ? Array.from(rawHeaders.entries())
+      : Array.isArray(rawHeaders)
+        ? rawHeaders
+        : Object.entries(rawHeaders);
+
+  for (const [key, value] of entries) {
+    const lower = key.toLowerCase();
+    if (
+      lower === 'authorization' ||
+      lower === 'x-api-key' ||
+      lower === 'api-key'
+    ) {
+      sanitized[key] =
+        typeof value === 'string' && value.length > 8
+          ? value.slice(0, 4) + '...' + value.slice(-4)
+          : '[REDACTED]';
+    } else {
+      sanitized[key] = String(value);
+    }
+  }
+  return sanitized;
+}
+
+/**
+ * Create a body preview string, truncated to maxChars.
+ */
+export function bodyPreview(
+  body: BodyInit | null | undefined,
+  maxChars = 2000
+): string | undefined {
+  if (!body) return undefined;
+
+  const bodyStr =
+    typeof body === 'string'
+      ? body
+      : body instanceof ArrayBuffer || body instanceof Uint8Array
+        ? `[binary ${(body as ArrayBuffer).byteLength ?? (body as Uint8Array).length} bytes]`
+        : body instanceof URLSearchParams
+          ? body.toString()
+          : undefined;
+
+  if (bodyStr && typeof bodyStr === 'string') {
+    return bodyStr.length > maxChars
+      ? bodyStr.slice(0, maxChars) +
+          `... [truncated, total ${bodyStr.length} chars]`
+      : bodyStr;
+  }
+  return undefined;
+}
+
+export interface VerboseFetchOptions {
+  /** Identifier for the caller (e.g. 'webfetch', 'auth-plugins', 'config') */
+  caller: string;
+  /** Maximum chars for response body preview (default: 4000) */
+  responseBodyMaxChars?: number;
+  /** Maximum chars for request body preview (default: 2000) */
+  requestBodyMaxChars?: number;
+}
+
+/**
+ * Wrap a fetch function with verbose HTTP logging.
+ *
+ * When Flag.OPENCODE_VERBOSE is true, logs all HTTP requests and responses
+ * as JSON objects. When verbose is false, returns a no-op passthrough.
+ *
+ * All logging is wrapped in try/catch so it never breaks the actual HTTP request.
+ *
+ * @param innerFetch - The fetch function to wrap (defaults to global fetch)
+ * @param options - Configuration for the wrapper
+ * @returns A wrapped fetch function with verbose logging
+ */
+export function createVerboseFetch(
+  innerFetch: typeof fetch = fetch,
+  options: VerboseFetchOptions
+): typeof fetch {
+  const {
+    caller,
+    responseBodyMaxChars = 4000,
+    requestBodyMaxChars = 2000,
+  } = options;
+
+  return async (
+    input: RequestInfo | URL,
+    init?: RequestInit
+  ): Promise<Response> => {
+    // Check verbose flag at call time
+    if (!Flag.OPENCODE_VERBOSE) {
+      return innerFetch(input, init);
+    }
+
+    globalHttpCallCount++;
+    const callNum = globalHttpCallCount;
+
+    const url =
+      typeof input === 'string'
+        ? input
+        : input instanceof URL
+          ? input.toString()
+          : input.url;
+    const method = init?.method ?? 'GET';
+
+    // Prepare request details for logging (error-resilient)
+    let sanitizedHdrs: Record<string, string> = {};
+    let reqBodyPreview: string | undefined;
+    try {
+      sanitizedHdrs = sanitizeHeaders(init?.headers as HeadersInit | undefined);
+      reqBodyPreview = bodyPreview(init?.body, requestBodyMaxChars);
+    } catch (prepError) {
+      log.warn('verbose logging: failed to prepare request details', {
+        caller,
+        error:
+          prepError instanceof Error ? prepError.message : String(prepError),
+      });
+    }
+
+    // Log request
+    log.info('HTTP request', {
+      caller,
+      callNum,
+      method,
+      url,
+      headers: sanitizedHdrs,
+      bodyPreview: reqBodyPreview,
+    });
+
+    const startMs = Date.now();
+    try {
+      const response = await innerFetch(input, init);
+      const durationMs = Date.now() - startMs;
+
+      // Log response
+      try {
+        log.info('HTTP response', {
+          caller,
+          callNum,
+          method,
+          url,
+          status: response.status,
+          statusText: response.statusText,
+          durationMs,
+          responseHeaders: Object.fromEntries(response.headers.entries()),
+        });
+      } catch {
+        // Ignore logging errors
+      }
+
+      // Log response body
+      const contentType = response.headers.get('content-type') ?? '';
+      const isStreaming =
+        contentType.includes('event-stream') ||
+        contentType.includes('octet-stream');
+
+      if (response.body) {
+        try {
+          if (isStreaming) {
+            const [sdkStream, logStream] = response.body.tee();
+
+            // Consume log stream asynchronously
+            (async () => {
+              try {
+                const reader = logStream.getReader();
+                const decoder = new TextDecoder();
+                let preview = '';
+                let truncated = false;
+                while (true) {
+                  const { done, value } = await reader.read();
+                  if (done) break;
+                  if (!truncated) {
+                    const chunk = decoder.decode(value, { stream: true });
+                    preview += chunk;
+                    if (preview.length > responseBodyMaxChars) {
+                      preview = preview.slice(0, responseBodyMaxChars);
+                      truncated = true;
+                    }
+                  }
+                }
+                log.info('HTTP response body (stream)', {
+                  caller,
+                  callNum,
+                  url,
+                  bodyPreview: truncated
+                    ? preview + `... [truncated]`
+                    : preview,
+                });
+              } catch {
+                // Ignore logging errors
+              }
+            })();
+
+            return new Response(sdkStream, {
+              status: response.status,
+              statusText: response.statusText,
+              headers: response.headers,
+            });
+          } else {
+            const bodyText = await response.text();
+            const preview =
+              bodyText.length > responseBodyMaxChars
+                ? bodyText.slice(0, responseBodyMaxChars) +
+                  `... [truncated, total ${bodyText.length} chars]`
+                : bodyText;
+            log.info('HTTP response body', {
+              caller,
+              callNum,
+              url,
+              bodyPreview: preview,
+            });
+            return new Response(bodyText, {
+              status: response.status,
+              statusText: response.statusText,
+              headers: response.headers,
+            });
+          }
+        } catch {
+          // If body logging fails, return original response
+          return response;
+        }
+      }
+
+      return response;
+    } catch (error) {
+      const durationMs = Date.now() - startMs;
+      try {
+        log.error('HTTP request failed', {
+          caller,
+          callNum,
+          method,
+          url,
+          durationMs,
+          error:
+            error instanceof Error
+              ? {
+                  name: error.name,
+                  message: error.message,
+                  stack: error.stack,
+                  cause:
+                    error.cause instanceof Error
+                      ? error.cause.message
+                      : error.cause
+                        ? String(error.cause)
+                        : undefined,
+                }
+              : String(error),
+        });
+      } catch {
+        // Ignore logging errors
+      }
+      throw error;
+    }
+  };
+}
+
+/**
+ * Get the current global HTTP call count (for testing).
+ */
+export function getHttpCallCount(): number {
+  return globalHttpCallCount;
+}
+
+/**
+ * Reset the global HTTP call count (for testing).
+ */
+export function resetHttpCallCount(): void {
+  globalHttpCallCount = 0;
+}