@textcortex/zenocode 0.1.11 → 0.1.13

package/README.md

@@ -21,13 +21,14 @@ npm install -g @textcortex/zenocode
 
 ```bash
 zenocode login --email you@company.com
-zenocode
 ```
 
 Use your work email when logging in so Zenocode can route you to the correct onboarding and SSO flow for your workspace domain, for example `companyA.textcortex.com`.
 
 If you skip `--email`, Zenocode will ask for it interactively during login.
 
+The first `zenocode login` launches Zenocode automatically after browser authentication succeeds. In later terminal sessions, start it again with `zenocode`.
+
 If you already have an API key, you can also start Zenocode by setting `TEXTCORTEX_API_KEY` or `TEXTCORTEX_API_TOKEN`.
 
 ## Built For Security And Compliance

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@textcortex/zenocode",
-  "version": "0.1.11",
+  "version": "0.1.13",
   "description": "Secure, EU-hosted coding agent for TextCortex customers that runs in your terminal, edits files, runs scripts, and more.",
   "keywords": [
     "ai",

package/scripts/branding-patch.mjs

@@ -139,21 +139,55 @@ export function patchOpenCodeVersionFooterText(text) {
   return { patched, text: next };
 }
 
+export function patchOpenCodeDisplayNameText(text) {
+  const replacements = [
+    ['TD("Uninstall OpenCode")', 'TD("Uninstall Zenocode")'],
+    ['"name":"OpenCode"', '"name":"Zenocode"'],
+    ['"short_name":"OpenCode"', '"short_name":"Zenocode"'],
+  ];
+
+  let patched = false;
+  let nextText = text;
+  for (const [target, replacement] of replacements) {
+    if (!nextText.includes(target)) {
+      continue;
+    }
+    nextText = nextText.replaceAll(target, replacement);
+    patched = true;
+  }
+
+  return { patched, text: nextText };
+}
+
 export function patchZenocodeBinaryText(text) {
   let patched = false;
   let nextText = text;
+  const patches = {
+    logo: false,
+    footer: false,
+    displayName: false,
+  };
 
   const logoPatch = patchLogoSnippetText(nextText);
   if (logoPatch.patched) {
     nextText = logoPatch.text;
     patched = true;
+    patches.logo = true;
   }
 
   const footerPatch = patchOpenCodeVersionFooterText(nextText);
   if (footerPatch.patched) {
     nextText = footerPatch.text;
     patched = true;
+    patches.footer = true;
   }
 
-  return { patched, text: nextText };
+  const displayNamePatch = patchOpenCodeDisplayNameText(nextText);
+  if (displayNamePatch.patched) {
+    nextText = displayNamePatch.text;
+    patched = true;
+    patches.displayName = true;
+  }
+
+  return { patched, patches, text: nextText };
 }

package/scripts/branding-patch.test.mjs

@@ -1,6 +1,11 @@
 import assert from "node:assert/strict";
 import test from "node:test";
-import { padBinaryReplacement, patchOpenCodeVersionFooterText } from "./branding-patch.mjs";
+import {
+  padBinaryReplacement,
+  patchOpenCodeDisplayNameText,
+  patchOpenCodeVersionFooterText,
+  patchZenocodeBinaryText,
+} from "./branding-patch.mjs";
 
 test("padBinaryReplacement keeps binary length stable", () => {
   const padded = padBinaryReplacement("abcdef", "abc");
@@ -54,3 +59,31 @@ test("patchOpenCodeVersionFooterText is a no-op when already branded", () => {
   assert.equal(result.patched, false);
   assert.equal(result.text, branded);
 });
+
+test("patchOpenCodeDisplayNameText rewrites current compiled display names", () => {
+  const text = [
+    'TD("Uninstall OpenCode");"name":"OpenCode","short_name":"OpenCode"',
+    '"Powered by OpenCode"',
+  ].join(";");
+
+  const result = patchOpenCodeDisplayNameText(text);
+
+  assert.equal(result.patched, true);
+  assert.equal(result.text.length, text.length);
+  assert.equal(
+    result.text,
+    'TD("Uninstall Zenocode");"name":"Zenocode","short_name":"Zenocode";"Powered by OpenCode"',
+  );
+});
+
+test("patchZenocodeBinaryText reports display-name-only branding separately", () => {
+  const result = patchZenocodeBinaryText('"name":"OpenCode"');
+
+  assert.equal(result.patched, true);
+  assert.deepEqual(result.patches, {
+    logo: false,
+    footer: false,
+    displayName: true,
+  });
+  assert.equal(result.text, '"name":"Zenocode"');
+});

package/scripts/build-branded-opencode.mjs

@@ -7,17 +7,27 @@ import path from "node:path";
 import process from "node:process";
 import { fileURLToPath } from "node:url";
 import { patchZenocodeBinaryText } from "./branding-patch.mjs";
+import { openCodeRef, openCodeVersion } from "./opencode-version.mjs";
 
 const currentFilePath = realpathSync(fileURLToPath(import.meta.url));
 const __dirname = path.dirname(currentFilePath);
 const appRoot = path.resolve(__dirname, "..");
 const defaultOutputDir = path.join(appRoot, ".zenocode", "brand-build");
+export const defaultOpenCodeForkUrl = "https://github.com/sst/opencode";
+export const defaultOpenCodeRef = openCodeRef;
+export const defaultOpenCodeVersion = openCodeVersion;
+export const defaultOpenCodeBuildArgs = ["--skip-install"];
+const displayNameOnlyBrandingRefs = new Set([defaultOpenCodeRef]);
 
 const forkUrl =
   process.env.ZENOCODE_OPENCODE_FORK_URL ||
   process.env.CODECORTEX_OPENCODE_FORK_URL ||
-  "https://github.com/anomalyco/opencode";
-const forkRef = (process.env.ZENOCODE_OPENCODE_REF || process.env.CODECORTEX_OPENCODE_REF || "").trim();
+  defaultOpenCodeForkUrl;
+const forkRef = (
+  process.env.ZENOCODE_OPENCODE_REF ||
+  process.env.CODECORTEX_OPENCODE_REF ||
+  defaultOpenCodeRef
+).trim();
 const outputDir =
   process.env.ZENOCODE_BRANDED_OUTPUT_DIR ||
   process.env.CODECORTEX_BRANDED_OUTPUT_DIR ||
@@ -36,16 +46,25 @@ const publishTag =
   process.env.ZENOCODE_PUBLISH_TAG ||
   process.env.CODECORTEX_PUBLISH_TAG ||
   "latest";
-const buildArgs = (
+const configuredBuildArgs = (
   process.env.ZENOCODE_OPENCODE_BUILD_ARGS ||
   process.env.CODECORTEX_OPENCODE_BUILD_ARGS ||
   ""
-)
-  .trim()
-  .split(/\s+/)
-  .filter(Boolean);
+).trim();
+const buildArgs = configuredBuildArgs
+  ? configuredBuildArgs.split(/\s+/).filter(Boolean)
+  : defaultOpenCodeBuildArgs;
 const cliArgs = process.argv.slice(2);
 
+export function deriveOpenCodeVersionFromRef(ref, fallbackVersion = defaultOpenCodeVersion) {
+  const match = ref.match(/^v?(\d+\.\d+\.\d+(?:-[0-9A-Za-z.-]+)?)(?:\+.*)?$/);
+  return match?.[1] || fallbackVersion;
+}
+
+export function allowsDisplayNameOnlyBranding(ref) {
+  return displayNameOnlyBrandingRefs.has(ref);
+}
+
 function _command(name) {
   if (process.platform === "win32" && ["npm", "pnpm", "npx"].includes(name)) {
     return `${name}.cmd`;
@@ -270,6 +289,13 @@ function _binaryFilename() {
   return process.platform === "win32" ? "opencode.exe" : "opencode";
 }
 
+async function adHocSignBinary(binaryPath) {
+  if (process.platform !== "darwin") return;
+  await run("codesign", ["--force", "--sign", "-", binaryPath], {
+    stdio: "ignore",
+  });
+}
+
 async function patchBinaryAtPath(binaryPath) {
   const buffer = await fs.readFile(binaryPath);
   const originalLength = buffer.length;
@@ -277,6 +303,12 @@ async function patchBinaryAtPath(binaryPath) {
   if (!patch.patched) {
     throw new Error(`Branding patch did not match binary ${binaryPath}`);
   }
+  const patchedMandatoryBranding = patch.patches.logo || patch.patches.footer;
+  if (!patchedMandatoryBranding && !allowsDisplayNameOnlyBranding(forkRef)) {
+    throw new Error(
+      `Branding patch only matched display names for ${binaryPath}; update the logo/footer patch signatures before building ${forkRef}.`,
+    );
+  }
   const nextBuffer = Buffer.from(patch.text, "latin1");
   if (nextBuffer.length !== originalLength) {
     throw new Error(`Branding patch changed binary length for ${binaryPath}`);
@@ -285,6 +317,7 @@ async function patchBinaryAtPath(binaryPath) {
   if (process.platform !== "win32") {
     await fs.chmod(binaryPath, 0o755);
   }
+  await adHocSignBinary(binaryPath);
 }
 
 function _buildWrapperExecutable({ runtimePackageName, binName }) {
@@ -636,7 +669,16 @@ async function main() {
     await run(
       bunCommand,
       ["./packages/opencode/script/build.ts", "--single", ...buildArgs],
-      { cwd: checkoutDir },
+      {
+        cwd: checkoutDir,
+        env: {
+          ...process.env,
+          OPENCODE_CHANNEL: process.env.OPENCODE_CHANNEL || "latest",
+          OPENCODE_VERSION:
+            process.env.OPENCODE_VERSION ||
+            deriveOpenCodeVersionFromRef(forkRef, defaultOpenCodeVersion),
+        },
+      },
     );
 
     await fs.mkdir(artifactDir, { recursive: true });

package/scripts/build-branded-opencode.test.mjs

@@ -3,9 +3,33 @@ import test from "node:test";
 import {
   buildPublishCommandArgs,
   buildWrapperBinMap,
+  allowsDisplayNameOnlyBranding,
+  defaultOpenCodeBuildArgs,
+  defaultOpenCodeForkUrl,
+  defaultOpenCodeRef,
+  defaultOpenCodeVersion,
+  deriveOpenCodeVersionFromRef,
   mapBrandedBinaryPackageName,
 } from "./build-branded-opencode.mjs";
 
+test("branded OpenCode build defaults to the latest stable upstream release", () => {
+  assert.equal(defaultOpenCodeForkUrl, "https://github.com/sst/opencode");
+  assert.equal(defaultOpenCodeRef, "v1.17.6");
+  assert.equal(defaultOpenCodeVersion, "1.17.6");
+  assert.deepEqual(defaultOpenCodeBuildArgs, ["--skip-install"]);
+});
+
+test("deriveOpenCodeVersionFromRef follows explicit tag overrides", () => {
+  assert.equal(deriveOpenCodeVersionFromRef("v1.17.5"), "1.17.5");
+  assert.equal(deriveOpenCodeVersionFromRef("1.18.0-beta.1"), "1.18.0-beta.1");
+  assert.equal(deriveOpenCodeVersionFromRef("main", "1.17.4"), "1.17.4");
+});
+
+test("display-name-only branding is limited to reviewed upstream refs", () => {
+  assert.equal(allowsDisplayNameOnlyBranding(defaultOpenCodeRef), true);
+  assert.equal(allowsDisplayNameOnlyBranding("v1.17.7"), false);
+});
+
 test("mapBrandedBinaryPackageName scopes runtime binaries under zenocode", () => {
   assert.equal(
     mapBrandedBinaryPackageName("opencode-darwin-arm64", "@textcortex/zenocode-ai"),

package/scripts/opencode-version.mjs

@@ -0,0 +1,4 @@
+export const openCodePackageName = "opencode-ai";
+export const openCodeVersion = "1.17.6";
+export const openCodeRef = `v${openCodeVersion}`;
+export const openCodePackageSpec = `${openCodePackageName}@${openCodeVersion}`;

package/scripts/run-zenocode.mjs

@@ -11,6 +11,10 @@ import {
   patchZenocodeBinaryText,
   zenocodeLogo,
 } from "./branding-patch.mjs";
+import {
+  openCodePackageName,
+  openCodePackageSpec,
+} from "./opencode-version.mjs";
 
 const currentFilePath = realpathSync(fileURLToPath(import.meta.url));
 const __dirname = path.dirname(currentFilePath);
@@ -29,6 +33,7 @@ const legacyRuntimeCredentialsPath = path.join(
 const logoutMarkerPath = path.join(runtimeDir, "logout-marker.json");
 const modelsPath = path.join(runtimeDir, "models.json");
 const configPath = path.join(runtimeDir, "opencode.jsonc");
+const tuiConfigPath = path.join(runtimeDir, "opencode.tui.json");
 const localBaseUrlDefault = "http://127.0.0.1:8080";
 const cloudBaseUrlDefault = "https://api.textcortex.com";
 const localBaseUrlFlags = new Set(["--local", "--localhost"]);
@@ -39,19 +44,21 @@ const configuredOpencodePackage =
   process.env.CODECORTEX_OPENCODE_PACKAGE ||
   process.env.OPENCODE_PACKAGE ||
   null;
-const defaultBrandedOpencodePackage = "@textcortex/zenocode-ai";
+const defaultBrandedOpencodePackage = openCodePackageSpec;
 const legacyBrandedOpencodePackage = "@textcortex/opencode-ai";
-const fallbackOpencodePackage = "opencode-ai";
+const fallbackOpencodePackage = openCodePackageName;
 const opencodePackage = configuredOpencodePackage || defaultBrandedOpencodePackage;
 const opencodeBinaryPath =
   process.env.ZENOCODE_OPENCODE_BIN_PATH ||
   process.env.CODECORTEX_OPENCODE_BIN_PATH ||
   "";
-const oauthInitiatePath = "/internal/v1/fastapi/zenocode/oauth2/initiate";
-const oauthTokenPath = "/internal/v1/fastapi/zenocode/oauth2/token";
+const oauthInitiatePath = "/internal/v2/fastapi/zenocode/oauth2/initiate";
+const oauthTokenPath = "/internal/v2/fastapi/zenocode/oauth2/token";
 const defaultOrder = [
+  "minimax-m3-thinking",
+  "kimi-k2-6",
   "kimi-k2-5-thinking",
-  "glm-5",
+  "glm-5-1",
   "gpt-5-2",
   "gpt-5-1",
   "gpt-5",
@@ -394,13 +401,15 @@ export function buildOpenCodeConfig({ baseUrl, providerID, model, smallModel })
   return {
     $schema: "https://opencode.ai/config.json",
     enabled_providers: [providerID],
+    // Keep the legacy theme key populated for older OpenCode builds.
+    theme: "system",
     model: `${providerID}/${model}`,
     small_model: `${providerID}/${smallModel}`,
     provider: {
       [providerID]: {
         name: "Zenocode",
         options: {
-          baseURL: new URL("/internal/v1/fastapi/zenocode/v1", baseUrl).toString(),
+          baseURL: new URL("/internal/v2/fastapi/zenocode/v1", baseUrl).toString(),
         },
       },
       // Older fallback opencode-ai builds can load the Codex auth plugin when
@@ -415,6 +424,13 @@ export function buildOpenCodeConfig({ baseUrl, providerID, model, smallModel })
   };
 }
 
+export function buildOpenCodeTuiConfig() {
+  return {
+    $schema: "https://opencode.ai/tui.json",
+    theme: "system",
+  };
+}
+
 function unwrapData(payload) {
   if (payload && typeof payload === "object" && payload.data && typeof payload.data === "object") {
     return payload.data;
@@ -454,7 +470,7 @@ async function requestJson(url, init) {
 }
 
 async function prepareRuntime(baseUrl, token) {
-  const modelsUrl = new URL("/internal/v1/fastapi/zenocode/models/api.json", baseUrl).toString();
+  const modelsUrl = new URL("/internal/v2/fastapi/zenocode/models/api.json", baseUrl).toString();
   const { response, payload, text } = await requestJson(modelsUrl, {
     headers: { Authorization: `Bearer ${token}`, Accept: "application/json" },
   });
@@ -482,10 +498,12 @@ async function prepareRuntime(baseUrl, token) {
     model,
     smallModel,
   });
+  const tuiConfig = buildOpenCodeTuiConfig();
 
   await fs.mkdir(runtimeDir, { recursive: true });
   await fs.writeFile(modelsPath, `${JSON.stringify(payload, null, 2)}\n`, "utf-8");
   await fs.writeFile(configPath, `${JSON.stringify(config, null, 2)}\n`, "utf-8");
+  await fs.writeFile(tuiConfigPath, `${JSON.stringify(tuiConfig, null, 2)}\n`, "utf-8");
   return model;
 }
 
@@ -942,11 +960,26 @@ function _runtimeBrandedBinaryPath() {
   return path.join(runtimeDir, "bin", binaryName);
 }
 
+export function packageNameFromSpecifier(packageSpecifier) {
+  if (!packageSpecifier.includes("@")) {
+    return packageSpecifier;
+  }
+  if (!packageSpecifier.startsWith("@")) {
+    return packageSpecifier.split("@")[0];
+  }
+
+  const versionSeparator = packageSpecifier.lastIndexOf("@");
+  return versionSeparator > packageSpecifier.indexOf("/")
+    ? packageSpecifier.slice(0, versionSeparator)
+    : packageSpecifier;
+}
+
 function shouldPatchOpencodeRuntimePackage(packageName) {
+  const runtimePackageName = packageNameFromSpecifier(packageName);
   return (
-    packageName.endsWith("/opencode-ai") ||
-    packageName.endsWith("/zenocode-ai") ||
-    packageName === "opencode-ai"
+    runtimePackageName.endsWith("/opencode-ai") ||
+    runtimePackageName.endsWith("/zenocode-ai") ||
+    runtimePackageName === openCodePackageName
   );
 }
 
@@ -987,6 +1020,88 @@ async function _collectPnpmDlxPnpmDirs(rootDir) {
   return pnpmDirs;
 }
 
+async function _collectNodeModulesDirs(rootDir) {
+  const queue = [{ dir: rootDir, depth: 0 }];
+  const nodeModulesDirs = [];
+
+  while (queue.length) {
+    const current = queue.shift();
+    const nodeModulesPath = path.join(current.dir, "node_modules");
+    if (await _pathExists(nodeModulesPath)) {
+      nodeModulesDirs.push(nodeModulesPath);
+    }
+
+    if (current.depth >= 3) continue;
+    let entries = [];
+    try {
+      entries = await fs.readdir(current.dir, { withFileTypes: true });
+    } catch {
+      continue;
+    }
+    for (const entry of entries) {
+      if (!entry.isDirectory()) continue;
+      if (entry.name === "node_modules") continue;
+      queue.push({ dir: path.join(current.dir, entry.name), depth: current.depth + 1 });
+    }
+  }
+
+  return nodeModulesDirs;
+}
+
+async function _collectOpencodeBinariesFromNodeModules(nodeModulesPath) {
+  const binaryName = process.platform === "win32" ? "opencode.exe" : "opencode";
+  const hiddenCachedBinaryName = ".opencode";
+  const candidates = [];
+
+  let topLevel = [];
+  try {
+    topLevel = await fs.readdir(nodeModulesPath, { withFileTypes: true });
+  } catch {
+    return candidates;
+  }
+
+  for (const moduleEntry of topLevel) {
+    if (!moduleEntry.isDirectory()) continue;
+
+    if (moduleEntry.name === openCodePackageName) {
+      const cachedPath = path.join(nodeModulesPath, openCodePackageName, "bin", hiddenCachedBinaryName);
+      if (await _pathExists(cachedPath)) candidates.push(cachedPath);
+      continue;
+    }
+
+    if (moduleEntry.name.startsWith("opencode-")) {
+      const binaryPath = path.join(nodeModulesPath, moduleEntry.name, "bin", binaryName);
+      if (await _pathExists(binaryPath)) candidates.push(binaryPath);
+      continue;
+    }
+
+    if (!moduleEntry.name.startsWith("@")) continue;
+    const scopePath = path.join(nodeModulesPath, moduleEntry.name);
+    let scopedPackages = [];
+    try {
+      scopedPackages = await fs.readdir(scopePath, { withFileTypes: true });
+    } catch {
+      continue;
+    }
+    for (const scopedPackage of scopedPackages) {
+      if (!scopedPackage.isDirectory()) continue;
+      const scopedNodeModulesPath = path.join(scopePath, scopedPackage.name);
+
+      if (scopedPackage.name === "opencode-ai") {
+        const cachedPath = path.join(scopedNodeModulesPath, "bin", hiddenCachedBinaryName);
+        if (await _pathExists(cachedPath)) candidates.push(cachedPath);
+        continue;
+      }
+
+      if (!scopedPackage.name.startsWith("opencode-")) continue;
+      const binaryPath = path.join(scopedNodeModulesPath, "bin", binaryName);
+      if (await _pathExists(binaryPath)) candidates.push(binaryPath);
+    }
+  }
+
+  return candidates;
+}
+
 async function _collectPnpmDlxOpencodeBinaries() {
   const dlxRoots = [
     path.join(os.homedir(), "Library", "Caches", "pnpm", "dlx"),
@@ -994,8 +1109,6 @@ async function _collectPnpmDlxOpencodeBinaries() {
     path.join(process.env.LOCALAPPDATA || "", "pnpm", "dlx"),
   ].filter(Boolean);
 
-  const binaryName = process.platform === "win32" ? "opencode.exe" : "opencode";
-  const hiddenCachedBinaryName = ".opencode";
   const candidates = [];
 
   for (const root of dlxRoots) {
@@ -1014,51 +1127,7 @@ async function _collectPnpmDlxOpencodeBinaries() {
         const nodeModulesPath = path.join(pnpmDir, entry.name, "node_modules");
         if (!(await _pathExists(nodeModulesPath))) continue;
 
-        let topLevel = [];
-        try {
-          topLevel = await fs.readdir(nodeModulesPath, { withFileTypes: true });
-        } catch {
-          continue;
-        }
-
-        for (const moduleEntry of topLevel) {
-          if (!moduleEntry.isDirectory()) continue;
-
-          if (moduleEntry.name === "opencode-ai") {
-            const cachedPath = path.join(nodeModulesPath, "opencode-ai", "bin", hiddenCachedBinaryName);
-            if (await _pathExists(cachedPath)) candidates.push(cachedPath);
-            continue;
-          }
-
-          if (moduleEntry.name.startsWith("opencode-")) {
-            const binaryPath = path.join(nodeModulesPath, moduleEntry.name, "bin", binaryName);
-            if (await _pathExists(binaryPath)) candidates.push(binaryPath);
-            continue;
-          }
-
-          if (!moduleEntry.name.startsWith("@")) continue;
-          const scopePath = path.join(nodeModulesPath, moduleEntry.name);
-          let scopedPackages = [];
-          try {
-            scopedPackages = await fs.readdir(scopePath, { withFileTypes: true });
-          } catch {
-            continue;
-          }
-          for (const scopedPackage of scopedPackages) {
-            if (!scopedPackage.isDirectory()) continue;
-            const scopedNodeModulesPath = path.join(scopePath, scopedPackage.name);
-
-            if (scopedPackage.name === "opencode-ai") {
-              const cachedPath = path.join(scopedNodeModulesPath, "bin", hiddenCachedBinaryName);
-              if (await _pathExists(cachedPath)) candidates.push(cachedPath);
-              continue;
-            }
-
-            if (!scopedPackage.name.startsWith("opencode-")) continue;
-            const binaryPath = path.join(scopedNodeModulesPath, "bin", binaryName);
-            if (await _pathExists(binaryPath)) candidates.push(binaryPath);
-          }
-        }
+        candidates.push(...await _collectOpencodeBinariesFromNodeModules(nodeModulesPath));
       }
     }
   }
@@ -1066,6 +1135,44 @@ async function _collectPnpmDlxOpencodeBinaries() {
   return [...new Set(candidates)];
 }
 
+async function _collectNpxOpencodeBinaries() {
+  const npxRoots = [
+    path.join(os.homedir(), ".npm", "_npx"),
+    path.join(process.env.LOCALAPPDATA || "", "npm-cache", "_npx"),
+  ].filter(Boolean);
+  const candidates = [];
+
+  for (const root of npxRoots) {
+    if (!(await _pathExists(root))) continue;
+    const nodeModulesDirs = await _collectNodeModulesDirs(root);
+    for (const nodeModulesDir of nodeModulesDirs) {
+      candidates.push(...await _collectOpencodeBinariesFromNodeModules(nodeModulesDir));
+    }
+  }
+
+  return [...new Set(candidates)];
+}
+
+function _buildPackageWarmupArgs(packageName, runner) {
+  if (runner.command === _runnerCommand("pnpm")) {
+    return ["dlx", packageName, "--version"];
+  }
+  if (runner.command === _runnerCommand("npx")) {
+    return ["--yes", packageName, "--version"];
+  }
+  return null;
+}
+
+async function _collectRunnerOpencodeBinaries(runner) {
+  if (runner.command === _runnerCommand("pnpm")) {
+    return _collectPnpmDlxOpencodeBinaries();
+  }
+  if (runner.command === _runnerCommand("npx")) {
+    return _collectNpxOpencodeBinaries();
+  }
+  return [];
+}
+
 async function _adHocSignBinary(binaryPath) {
   if (process.platform !== "darwin") return;
   try {
@@ -1131,9 +1238,6 @@ async function _ensurePatchedOpencodeDlxBinaries(packageName, runner, options) {
   if (!shouldPatchOpencodeRuntimePackage(packageName)) {
     return null;
   }
-  if (runner.command !== _runnerCommand("pnpm")) {
-    return null;
-  }
   if (
     process.env.ZENOCODE_DISABLE_OPENCODE_LOGO_PATCH === "1" ||
     process.env.CODECORTEX_DISABLE_OPENCODE_LOGO_PATCH === "1"
@@ -1141,19 +1245,18 @@ async function _ensurePatchedOpencodeDlxBinaries(packageName, runner, options) {
     return null;
   }
 
-  let binaryCandidates = await _collectPnpmDlxOpencodeBinaries();
-  if (!binaryCandidates.length) {
-    // Warm cache so we have a concrete binary to patch.
-    try {
-      await runChild(runner.command, ["dlx", packageName, "--version"], {
+  const warmupArgs = _buildPackageWarmupArgs(packageName, runner);
+  try {
+    if (warmupArgs) {
+      await runChild(runner.command, warmupArgs, {
         ...options,
         stdio: "ignore",
       });
-    } catch {
-      // ignore warm-up failures and continue with best effort patching
     }
-    binaryCandidates = await _collectPnpmDlxOpencodeBinaries();
+  } catch {
+    // ignore warm-up failures and continue with best effort patching
   }
+  const binaryCandidates = await _collectRunnerOpencodeBinaries(runner);
 
   if (!binaryCandidates.length) {
     return null;
@@ -1186,6 +1289,22 @@ export function buildPackageLauncherChildOptions(options, pinnedRuntimePath) {
   };
 }
 
+export function buildPackageLauncherInvocation({ runner, args, pinnedRuntimePath }) {
+  if (pinnedRuntimePath) {
+    return {
+      command: pinnedRuntimePath,
+      args,
+      usePinnedRuntime: true,
+    };
+  }
+
+  return {
+    command: runner.command,
+    args: runner.args,
+    usePinnedRuntime: false,
+  };
+}
+
 async function runPackageLauncher(packageName, args, options) {
   const runners = [
     { command: _runnerCommand("pnpm"), args: ["dlx", packageName, ...args] },
@@ -1203,9 +1322,17 @@ async function runPackageLauncher(packageName, args, options) {
         }
       }
 
-      const childOptions = buildPackageLauncherChildOptions(options, pinnedRuntimePath);
+      const invocation = buildPackageLauncherInvocation({
+        runner,
+        args,
+        pinnedRuntimePath,
+      });
+      const childOptions = buildPackageLauncherChildOptions(
+        options,
+        invocation.usePinnedRuntime ? null : pinnedRuntimePath,
+      );
 
-      const result = await runChild(runner.command, runner.args, childOptions);
+      const result = await runChild(invocation.command, invocation.args, childOptions);
       if (result.signal) {
         process.kill(process.pid, result.signal);
         return;
@@ -1351,10 +1478,11 @@ export async function runRuntimeWithSessionRecovery({
 }
 
 async function packageExistsOnNpm(packageName) {
+  const packageSpecName = packageNameFromSpecifier(packageName);
   const controller = new AbortController();
   const timeout = setTimeout(() => controller.abort(), 4_000);
   try {
-    const response = await fetch(`https://registry.npmjs.org/${encodeURIComponent(packageName)}`, {
+    const response = await fetch(`https://registry.npmjs.org/${encodeURIComponent(packageSpecName)}`, {
       method: "GET",
       headers: { Accept: "application/json" },
       signal: controller.signal,
@@ -1412,6 +1540,11 @@ function shouldRenderBanner(args) {
   return !args.some((arg) => suppressFlags.has(arg));
 }
 
+export function shouldBypassZenocodePreparation(args) {
+  const metadataFlags = new Set(["--help", "-h", "--version", "-v", "completion"]);
+  return metadataFlags.has(args[0]);
+}
+
 function maybeRenderBanner(args) {
   if (!shouldRenderBanner(args)) {
     return;
@@ -1578,7 +1711,7 @@ async function main() {
   }
 
   const preferLocalhost = hasLocalBaseUrlFlag(passthrough);
-  const runtimeArgs = stripLocalBaseUrlFlags(passthrough);
+  let runtimeArgs = stripLocalBaseUrlFlags(passthrough);
   const storedBaseUrl = await resolveStoredBaseUrl();
   const baseUrl = resolveTextCortexBaseUrl({
     envBaseUrl: process.env.TEXTCORTEX_BASE_URL,
@@ -1596,7 +1729,7 @@ async function main() {
       runtimeArgs.slice(1),
       { preferLocalhost },
     );
-    return;
+    runtimeArgs = [];
   }
 
   if (subcommand === "logout") {
@@ -1605,6 +1738,15 @@ async function main() {
   }
 
   maybeRenderBanner(runtimeArgs);
+  if (shouldBypassZenocodePreparation(runtimeArgs)) {
+    const launchPackage = await resolveLaunchPackage();
+    await runPackageLauncher(launchPackage, runtimeArgs, {
+      cwd: process.cwd(),
+      env: { ...process.env },
+    });
+    return;
+  }
+
   const tokenResolution = await resolveTokenWithAutoLogin(baseUrl, runtimeArgs, {
     preferLocalhost,
   });
@@ -1626,6 +1768,7 @@ async function main() {
       ...process.env,
       OPENCODE_MODELS_PATH: modelsPath,
       OPENCODE_CONFIG: configPath,
+      OPENCODE_TUI_CONFIG: tuiConfigPath,
       TEXTCORTEX_API_KEY: token,
     },
   };

package/scripts/run-zenocode.test.mjs

@@ -11,32 +11,56 @@ import {
 } from "./branding-patch.mjs";
 import {
   buildOpenCodeConfig,
+  buildPackageLauncherInvocation,
   buildPackageLauncherChildOptions,
   canRecoverRuntimeSessionFromTranscript,
   buildZenocodeBanner,
   chooseDefaults,
   hasLocalBaseUrlFlag,
+  packageNameFromSpecifier,
   resolveLoginBaseUrl,
   resolveLoginSuccessIdentifier,
   resolveTextCortexBaseUrl,
   runRuntimeWithSessionRecovery,
+  shouldBypassZenocodePreparation,
   shouldFallbackLoginToCloud,
   writePrivateJsonFile,
 } from "./run-zenocode.mjs";
 
-test("chooseDefaults prefers kimi k2.5 thinking for Zenocode", () => {
+test("chooseDefaults prefers MiniMax M3 thinking for Zenocode", () => {
   const defaults = chooseDefaults({
-    "glm-5": {},
-    "kimi-k2-5-thinking": {},
+    "glm-5-1": {},
+    "kimi-k2-6": {},
+    "minimax-m3-thinking": {},
     "gpt-5-2": {},
   });
 
   assert.deepEqual(defaults, {
-    model: "kimi-k2-5-thinking",
-    smallModel: "kimi-k2-5-thinking",
+    model: "minimax-m3-thinking",
+    smallModel: "minimax-m3-thinking",
   });
 });
 
+test("packageNameFromSpecifier strips npm versions without breaking scopes", () => {
+  assert.equal(packageNameFromSpecifier("opencode-ai@1.17.6"), "opencode-ai");
+  assert.equal(
+    packageNameFromSpecifier("@textcortex/zenocode-ai@1.17.6"),
+    "@textcortex/zenocode-ai",
+  );
+  assert.equal(
+    packageNameFromSpecifier("@textcortex/zenocode-ai"),
+    "@textcortex/zenocode-ai",
+  );
+});
+
+test("shouldBypassZenocodePreparation skips auth for runtime metadata commands", () => {
+  assert.equal(shouldBypassZenocodePreparation(["--version"]), true);
+  assert.equal(shouldBypassZenocodePreparation(["completion", "zsh"]), true);
+  assert.equal(shouldBypassZenocodePreparation(["run"]), false);
+  assert.equal(shouldBypassZenocodePreparation(["run", "implement", "completion"]), false);
+  assert.equal(shouldBypassZenocodePreparation(["run", "--help"]), false);
+});
+
 test("resolveTextCortexBaseUrl defaults to the cloud API for packaged usage", () => {
   assert.equal(
     resolveTextCortexBaseUrl({
@@ -128,12 +152,14 @@ test("buildOpenCodeConfig includes an openai stub for fallback runtime auth plug
   const config = buildOpenCodeConfig({
     baseUrl: "http://127.0.0.1:8080",
     providerID: "textcortex",
-    model: "kimi-k2-5-thinking",
-    smallModel: "kimi-k2-5-thinking",
+    model: "minimax-m3-thinking",
+    smallModel: "gpt-5-2",
   });
 
   assert.deepEqual(config.enabled_providers, ["textcortex"]);
-  assert.equal(config.model, "textcortex/kimi-k2-5-thinking");
+  assert.equal(config.model, "textcortex/minimax-m3-thinking");
+  assert.equal(config.small_model, "textcortex/gpt-5-2");
+  assert.equal(config.theme, "system");
   assert.ok(config.provider.openai);
   assert.deepEqual(config.provider.openai.models, {});
 });
@@ -155,6 +181,40 @@ test("buildPackageLauncherChildOptions keeps fallback package launchers attached
   });
 });
 
+test("buildPackageLauncherInvocation runs pinned runtimes directly", () => {
+  const invocation = buildPackageLauncherInvocation({
+    runner: {
+      command: "npx",
+      args: ["--yes", "opencode-ai@1.17.6", "--version"],
+    },
+    args: ["--version"],
+    pinnedRuntimePath: "/tmp/zenocode-runtime",
+  });
+
+  assert.deepEqual(invocation, {
+    command: "/tmp/zenocode-runtime",
+    args: ["--version"],
+    usePinnedRuntime: true,
+  });
+});
+
+test("buildPackageLauncherInvocation uses package runners without a pinned runtime", () => {
+  const invocation = buildPackageLauncherInvocation({
+    runner: {
+      command: "pnpm",
+      args: ["dlx", "opencode-ai@1.17.6", "--version"],
+    },
+    args: ["--version"],
+    pinnedRuntimePath: null,
+  });
+
+  assert.deepEqual(invocation, {
+    command: "pnpm",
+    args: ["dlx", "opencode-ai@1.17.6", "--version"],
+    usePinnedRuntime: false,
+  });
+});
+
 test("buildZenocodeBanner renders block logo art instead of plain text", () => {
   const banner = buildZenocodeBanner();
 
@@ -509,7 +569,7 @@ test("prepare-only refreshes stored Zenocode credentials when the access token h
 
     if (
       req.method === "GET" &&
-      req.url === "/internal/v1/fastapi/zenocode/models/api.json"
+      req.url === "/internal/v2/fastapi/zenocode/models/api.json"
     ) {
       modelAuthHeader = req.headers.authorization || null;
       if (modelAuthHeader === "Bearer expired-access") {
@@ -523,8 +583,10 @@ test("prepare-only refreshes stored Zenocode credentials when the access token h
         JSON.stringify({
           textcortex: {
             models: {
+              "minimax-m3-thinking": {},
+              "kimi-k2-6": {},
               "kimi-k2-5-thinking": {},
-              "glm-5": {},
+              "glm-5-1": {},
             },
           },
         }),
@@ -579,6 +641,175 @@ test("prepare-only refreshes stored Zenocode credentials when the access token h
   const savedCredentials = JSON.parse(await fs.readFile(credentialsPath, "utf-8"));
   assert.equal(savedCredentials.access_token, "fresh-access");
   assert.equal(savedCredentials.refresh_token, "fresh-refresh");
+
+  const savedConfig = JSON.parse(
+    await fs.readFile(path.join(zenocodeHome, "opencode.jsonc"), "utf-8"),
+  );
+  assert.equal(savedConfig.model, "textcortex/minimax-m3-thinking");
+});
+
+test("login launches the runtime immediately with system TUI theming", async (t) => {
+  const tempDir = await fs.mkdtemp(path.join(os.tmpdir(), "zenocode-login-"));
+  const zenocodeHome = path.join(tempDir, ".zenocode");
+  const runtimeLogPath = path.join(tempDir, "runtime-log.json");
+  const fakeRuntimePath = path.join(tempDir, "fake-opencode");
+  const scriptPath = new URL("./run-zenocode.mjs", import.meta.url);
+
+  t.after(async () => {
+    await fs.rm(tempDir, { recursive: true, force: true });
+  });
+
+  await fs.mkdir(zenocodeHome, { recursive: true });
+  await fs.writeFile(
+    fakeRuntimePath,
+    `#!/usr/bin/env node
+const fs = require("node:fs/promises");
+
+async function main() {
+  const payload = {
+    args: process.argv.slice(2),
+    env: {
+      OPENCODE_CONFIG: process.env.OPENCODE_CONFIG,
+      OPENCODE_TUI_CONFIG: process.env.OPENCODE_TUI_CONFIG,
+      TEXTCORTEX_API_KEY: process.env.TEXTCORTEX_API_KEY,
+    },
+  };
+  await fs.writeFile(process.env.RUNTIME_LOG_PATH, JSON.stringify(payload), "utf-8");
+}
+
+main().catch((error) => {
+  console.error(error instanceof Error ? error.message : String(error));
+  process.exit(1);
+});
+`,
+    "utf-8",
+  );
+  await fs.chmod(fakeRuntimePath, 0o755);
+
+  const server = http.createServer((req, res) => {
+    if (
+      req.method === "POST" &&
+      req.url === "/internal/v2/fastapi/zenocode/oauth2/initiate"
+    ) {
+      res.writeHead(200, { "Content-Type": "application/json" });
+      res.end(
+        JSON.stringify({
+          data: {
+            device_code: "device-code",
+            user_code: "ABCD-1234",
+            verification_url_complete: "https://textcortex.example/verify",
+            interval: 0,
+            expires_in: 30,
+          },
+        }),
+      );
+      return;
+    }
+
+    if (
+      req.method === "POST" &&
+      req.url === "/internal/v2/fastapi/zenocode/oauth2/token"
+    ) {
+      res.writeHead(200, { "Content-Type": "application/json" });
+      res.end(
+        JSON.stringify({
+          data: {
+            access_token: "fresh-access",
+            refresh_token: "fresh-refresh",
+            auth_id: "auth_123",
+          },
+        }),
+      );
+      return;
+    }
+
+    if (
+      req.method === "GET" &&
+      req.url === "/internal/v2/fastapi/zenocode/models/api.json"
+    ) {
+      res.writeHead(200, { "Content-Type": "application/json" });
+      res.end(
+        JSON.stringify({
+          textcortex: {
+            models: {
+              "minimax-m3-thinking": {},
+              "kimi-k2-6": {},
+              "kimi-k2-5-thinking": {},
+              "glm-5-1": {},
+            },
+          },
+        }),
+      );
+      return;
+    }
+
+    res.writeHead(404, { "Content-Type": "application/json" });
+    res.end(JSON.stringify({ detail: "not found" }));
+  });
+
+  await new Promise((resolve) => server.listen(0, "127.0.0.1", resolve));
+  const address = server.address();
+  const baseUrl = `http://127.0.0.1:${address.port}`;
+
+  t.after(async () => {
+    await new Promise((resolve, reject) =>
+      server.close((error) => (error ? reject(error) : resolve())),
+    );
+  });
+
+  const result = await new Promise((resolve, reject) => {
+    const child = spawn(
+      process.execPath,
+      [
+        scriptPath.pathname,
+        "login",
+        "--email",
+        "person@example.com",
+        "--no-launch-browser",
+      ],
+      {
+        cwd: tempDir,
+        env: {
+          ...process.env,
+          ZENOCODE_HOME: zenocodeHome,
+          ZENOCODE_NO_BANNER: "1",
+          ZENOCODE_OPENCODE_BIN_PATH: fakeRuntimePath,
+          TEXTCORTEX_BASE_URL: baseUrl,
+          RUNTIME_LOG_PATH: runtimeLogPath,
+        },
+        stdio: ["ignore", "pipe", "pipe"],
+      },
+    );
+    let stdout = "";
+    let stderr = "";
+    child.stdout.on("data", (chunk) => {
+      stdout += String(chunk);
+    });
+    child.stderr.on("data", (chunk) => {
+      stderr += String(chunk);
+    });
+    child.on("error", reject);
+    child.on("exit", (code, signal) => resolve({ code, signal, stdout, stderr }));
+  });
+
+  assert.equal(result.code, 0);
+  assert.match(result.stdout, /Login successful for auth_123/);
+  assert.match(result.stdout, /Zenocode config ready at/);
+
+  const runtimeInvocation = JSON.parse(await fs.readFile(runtimeLogPath, "utf-8"));
+  assert.deepEqual(runtimeInvocation.args, []);
+  assert.equal(runtimeInvocation.env.TEXTCORTEX_API_KEY, "fresh-access");
+
+  const opencodeConfig = JSON.parse(
+    await fs.readFile(runtimeInvocation.env.OPENCODE_CONFIG, "utf-8"),
+  );
+  assert.equal(opencodeConfig.theme, "system");
+  assert.equal(opencodeConfig.model, "textcortex/minimax-m3-thinking");
+
+  const tuiConfig = JSON.parse(
+    await fs.readFile(runtimeInvocation.env.OPENCODE_TUI_CONFIG, "utf-8"),
+  );
+  assert.equal(tuiConfig.theme, "system");
 });
 
 test("logout removes runtime credentials and blocks shared fallback credentials", async (t) => {