@textcortex/zenocode 0.1.2

package/scripts/run-codecortex.mjs

@@ -0,0 +1,1081 @@
+#!/usr/bin/env node
+import { spawn } from "node:child_process";
+import { realpathSync } from "node:fs";
+import fs from "node:fs/promises";
+import os from "node:os";
+import path from "node:path";
+import process from "node:process";
+import readline from "node:readline/promises";
+import { fileURLToPath } from "node:url";
+import { padBinaryReplacement, patchOpenCodeVersionFooterText } from "./branding-patch.mjs";
+
+const currentFilePath = realpathSync(fileURLToPath(import.meta.url));
+const __dirname = path.dirname(currentFilePath);
+const appRoot = path.resolve(__dirname, "..");
+const runtimeDir =
+  process.env.ZENOCODE_HOME ||
+  process.env.CODECORTEX_HOME ||
+  path.join(os.homedir(), ".zenocode");
+const legacyRuntimeDir =
+  process.env.CODECORTEX_HOME || path.join(os.homedir(), ".codecortex");
+const runtimeCredentialsPath = path.join(runtimeDir, "credentials.json");
+const legacyRuntimeCredentialsPath = path.join(
+  legacyRuntimeDir,
+  "credentials.json",
+);
+const modelsPath = path.join(runtimeDir, "models.json");
+const configPath = path.join(runtimeDir, "opencode.jsonc");
+const localBaseUrlDefault = "http://127.0.0.1:8080";
+const cloudBaseUrlDefault = "https://api.textcortex.com";
+
+const providerID = "textcortex";
+const configuredOpencodePackage =
+  process.env.ZENOCODE_OPENCODE_PACKAGE ||
+  process.env.CODECORTEX_OPENCODE_PACKAGE ||
+  process.env.OPENCODE_PACKAGE ||
+  null;
+const defaultBrandedOpencodePackage = "@textcortex/zenocode-ai";
+const legacyBrandedOpencodePackage = "@textcortex/opencode-ai";
+const fallbackOpencodePackage = "opencode-ai";
+const opencodePackage = configuredOpencodePackage || defaultBrandedOpencodePackage;
+const opencodeBinaryPath =
+  process.env.ZENOCODE_OPENCODE_BIN_PATH ||
+  process.env.CODECORTEX_OPENCODE_BIN_PATH ||
+  "";
+const oauthInitiatePath = "/internal/v1/fastapi/codecortex/oauth2/initiate";
+const oauthTokenPath = "/internal/v1/fastapi/codecortex/oauth2/token";
+const defaultOrder = [
+  "kimi-k2-5-thinking",
+  "glm-5",
+  "gpt-5-2",
+  "gpt-5-1",
+  "gpt-5",
+  "claude-4-6-sonnet",
+  "gpt-5-mini",
+];
+const devCredentialFiles =
+  process.env.ZENOCODE_DEV_MODE === "1"
+    ? [
+        path.join(process.cwd(), "backend", ".credentials.json"),
+        path.join(process.cwd(), ".credentials.json"),
+      ]
+    : [];
+const credentialFiles = [
+  runtimeCredentialsPath,
+  legacyRuntimeCredentialsPath,
+  path.join(os.homedir(), ".credentials.json"),
+  ...devCredentialFiles,
+].filter((value, index, values) => values.indexOf(value) === index);
+const opencodeLogoSnippet = `var logo = {
+  left: ["                   ", "\\u2588\\u2580\\u2580\\u2588 \\u2588\\u2580\\u2580\\u2588 \\u2588\\u2580\\u2580\\u2588 \\u2588\\u2580\\u2580\\u2584", "\\u2588__\\u2588 \\u2588__\\u2588 \\u2588^^^ \\u2588__\\u2588", "\\u2580\\u2580\\u2580\\u2580 \\u2588\\u2580\\u2580\\u2580 \\u2580\\u2580\\u2580\\u2580 \\u2580~~\\u2580"],
+  right: ["             \\u2584     ", "\\u2588\\u2580\\u2580\\u2580 \\u2588\\u2580\\u2580\\u2588 \\u2588\\u2580\\u2580\\u2588 \\u2588\\u2580\\u2580\\u2588", "\\u2588___ \\u2588__\\u2588 \\u2588__\\u2588 \\u2588^^^", "\\u2580\\u2580\\u2580\\u2580 \\u2580\\u2580\\u2580\\u2580 \\u2580\\u2580\\u2580\\u2580 \\u2580\\u2580\\u2580\\u2580"]
+};
+var marks = "_^~";`;
+const zenocodeTextLogoSnippetCore = `var logo = {
+  left: ["                   ", "   Zenocode        ", "   Zenocode        ", "                   "],
+  right: ["                   ", "                   ", "                   ", "                   "]
+};
+var marks = "_^~";`;
+const zenocodeBanner = `
+   Z E N O C O D E
+`;
+const privateDirectoryMode = 0o700;
+const privateFileMode = 0o600;
+
+async function readJson(filePath) {
+  try {
+    return JSON.parse(await fs.readFile(filePath, "utf-8"));
+  } catch (error) {
+    if (error?.code === "ENOENT") return null;
+    throw error;
+  }
+}
+
+async function ensurePrivateDirectory(dirPath) {
+  await fs.mkdir(dirPath, { recursive: true, mode: privateDirectoryMode });
+  if (process.platform !== "win32") {
+    await fs.chmod(dirPath, privateDirectoryMode);
+  }
+}
+
+export async function writePrivateJsonFile(filePath, payload) {
+  await ensurePrivateDirectory(path.dirname(filePath));
+  await fs.writeFile(
+    filePath,
+    `${JSON.stringify(payload, null, 2)}\n`,
+    { encoding: "utf-8", mode: privateFileMode },
+  );
+  if (process.platform !== "win32") {
+    await fs.chmod(filePath, privateFileMode);
+  }
+}
+
+function extractTokenFromCredentialPayload(parsed) {
+  if (!parsed) return null;
+  if (typeof parsed?.access_token === "string" && parsed.access_token) {
+    return parsed.access_token;
+  }
+  if (Array.isArray(parsed?.accounts)) {
+    const active = parsed.accounts.find((entry) => typeof entry?.access_token === "string" && entry.access_token);
+    if (active) return active.access_token;
+  }
+  if (Array.isArray(parsed)) {
+    const match = parsed.find((entry) => typeof entry?.access_token === "string" && entry.access_token);
+    if (match) return match.access_token;
+  }
+  return null;
+}
+
+function extractBaseUrlFromCredentialPayload(parsed) {
+  if (!parsed) return null;
+  if (typeof parsed?.base_url === "string" && parsed.base_url) {
+    return parsed.base_url;
+  }
+  if (Array.isArray(parsed?.accounts)) {
+    const active = parsed.accounts.find(
+      (entry) => typeof entry?.base_url === "string" && entry.base_url,
+    );
+    if (active) return active.base_url;
+  }
+  if (Array.isArray(parsed)) {
+    const match = parsed.find((entry) => typeof entry?.base_url === "string" && entry.base_url);
+    if (match) return match.base_url;
+  }
+  return null;
+}
+
+async function resolveToken() {
+  const envToken = process.env.TEXTCORTEX_API_KEY || process.env.TEXTCORTEX_API_TOKEN;
+  if (envToken) return envToken;
+
+  for (const filePath of credentialFiles) {
+    const parsed = await readJson(filePath);
+    const token = extractTokenFromCredentialPayload(parsed);
+    if (token) return token;
+  }
+
+  throw new Error(
+    [
+      "Missing API token.",
+      "Run `zenocode login` first,",
+      "or set TEXTCORTEX_API_KEY / TEXTCORTEX_API_TOKEN.",
+    ].join(" "),
+  );
+}
+
+async function resolveStoredBaseUrl() {
+  const runtimeCredentials =
+    (await readJson(runtimeCredentialsPath)) ||
+    (await readJson(legacyRuntimeCredentialsPath));
+  const baseUrl = extractBaseUrlFromCredentialPayload(runtimeCredentials);
+  return baseUrl || null;
+}
+
+export function chooseDefaults(models) {
+  const ids = Object.keys(models);
+  if (!ids.length) throw new Error("No models were returned by the backend.");
+  const model = defaultOrder.find((id) => ids.includes(id)) || ids[0];
+  const smallModel = ids.find((id) => id.includes("mini") || id.includes("haiku")) || model;
+  return { model, smallModel };
+}
+
+export function buildOpenCodeConfig({ baseUrl, providerID, model, smallModel }) {
+  return {
+    $schema: "https://opencode.ai/config.json",
+    enabled_providers: [providerID],
+    model: `${providerID}/${model}`,
+    small_model: `${providerID}/${smallModel}`,
+    provider: {
+      [providerID]: {
+        name: "Zenocode",
+        options: {
+          baseURL: new URL("/internal/v1/fastapi/codecortex/v1", baseUrl).toString(),
+        },
+      },
+      // Older fallback opencode-ai builds can load the Codex auth plugin when
+      // a local OpenAI OAuth session exists. They assume `database.openai`
+      // exists and crash on `provider.models` otherwise, so keep a harmless
+      // empty provider entry around even though Zenocode only enables
+      // `textcortex`.
+      openai: {
+        models: {},
+      },
+    },
+  };
+}
+
+function unwrapData(payload) {
+  if (payload && typeof payload === "object" && payload.data && typeof payload.data === "object") {
+    return payload.data;
+  }
+  return payload;
+}
+
+function extractErrorMessage(payload, fallbackMessage) {
+  if (payload && typeof payload === "object") {
+    const errorMessage = payload?.error?.message;
+    if (typeof errorMessage === "string" && errorMessage) return errorMessage;
+    if (typeof payload.message === "string" && payload.message) return payload.message;
+    if (typeof payload.detail === "string" && payload.detail) return payload.detail;
+    if (payload.detail && typeof payload.detail === "object") {
+      const detailMessage = payload.detail.message;
+      if (typeof detailMessage === "string" && detailMessage) return detailMessage;
+    }
+    try {
+      return JSON.stringify(payload);
+    } catch {
+      return fallbackMessage;
+    }
+  }
+  return fallbackMessage;
+}
+
+async function requestJson(url, init) {
+  const response = await fetch(url, init);
+  const text = await response.text();
+  let payload = null;
+  try {
+    payload = text ? JSON.parse(text) : null;
+  } catch {
+    payload = null;
+  }
+  return { response, payload, text };
+}
+
+async function prepareRuntime(baseUrl, token) {
+  const modelsUrl = new URL("/internal/v1/fastapi/codecortex/models/api.json", baseUrl).toString();
+  const { response, payload, text } = await requestJson(modelsUrl, {
+    headers: { Authorization: `Bearer ${token}`, Accept: "application/json" },
+  });
+
+  if (!response.ok) {
+    const body = payload ?? text;
+    const message = extractErrorMessage(payload, String(body || "request failed"));
+    if (response.status === 401 && message.includes("Email not confirmed")) {
+      throw new Error(
+        "Models fetch failed (401): Email is not confirmed for this account. Please verify the email address and try again.",
+      );
+    }
+    throw new Error(`Models fetch failed (${response.status}): ${message}`);
+  }
+
+  const provider = payload?.[providerID];
+  if (!provider?.models || typeof provider.models !== "object") {
+    throw new Error("Backend models response is missing textcortex provider data.");
+  }
+
+  const { model, smallModel } = chooseDefaults(provider.models);
+  const config = buildOpenCodeConfig({
+    baseUrl,
+    providerID,
+    model,
+    smallModel,
+  });
+
+  await fs.mkdir(runtimeDir, { recursive: true });
+  await fs.writeFile(modelsPath, `${JSON.stringify(payload, null, 2)}\n`, "utf-8");
+  await fs.writeFile(configPath, `${JSON.stringify(config, null, 2)}\n`, "utf-8");
+  return model;
+}
+
+function sleep(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+
+async function parseLoginArgs(args) {
+  const normalizedArgs = args[0] === "--" ? args.slice(1) : args;
+  let emailHint = process.env.TEXTCORTEX_LOGIN_EMAIL || null;
+  let launchBrowser = true;
+
+  for (let idx = 0; idx < normalizedArgs.length; idx += 1) {
+    const arg = normalizedArgs[idx];
+    if (arg === "--no-launch-browser") {
+      launchBrowser = false;
+      continue;
+    }
+    if (arg === "--email") {
+      emailHint = normalizedArgs[idx + 1] || null;
+      idx += 1;
+      continue;
+    }
+    if (arg.startsWith("--email=")) {
+      emailHint = arg.slice("--email=".length) || null;
+      continue;
+    }
+    if (arg === "--help" || arg === "-h") {
+      console.log("Zenocode login options:");
+      console.log("  --email <address>      Optional email hint for tenant/SSO routing");
+      console.log("  --no-launch-browser    Do not open browser automatically");
+      process.exit(0);
+    }
+  }
+
+  if (!emailHint && process.stdin.isTTY) {
+    const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
+    try {
+      const response = (await rl.question("Email for tenant routing (optional): ")).trim();
+      emailHint = response || null;
+    } finally {
+      rl.close();
+    }
+  }
+
+  return { emailHint, launchBrowser };
+}
+
+function isFetchFailedError(error) {
+  const message = error instanceof Error ? error.message : String(error);
+  return message.includes("fetch failed");
+}
+
+function isLoginRouteNotFoundError(error) {
+  const message = error instanceof Error ? error.message : String(error);
+  return message.includes("Login initiate failed (404)");
+}
+
+function _loginConnectivityHelp(baseUrl) {
+  return [
+    `Cannot reach Zenocode auth endpoint at ${baseUrl}.`,
+    "Run local backend FastAPI (`cd backend && uv run dev_fastapi`) or set TEXTCORTEX_BASE_URL to a reachable backend API.",
+  ].join(" ");
+}
+
+async function openBrowser(url) {
+  let cmd;
+  let args;
+  if (process.platform === "darwin") {
+    cmd = "open";
+    args = [url];
+  } else if (process.platform === "win32") {
+    cmd = "cmd";
+    args = ["/c", "start", "", url];
+  } else {
+    cmd = "xdg-open";
+    args = [url];
+  }
+
+  return new Promise((resolve) => {
+    try {
+      const child = spawn(cmd, args, { stdio: "ignore" });
+      child.on("error", () => resolve(false));
+      child.on("exit", (code) => resolve(code === 0));
+    } catch {
+      resolve(false);
+    }
+  });
+}
+
+async function initiateDeviceLogin(baseUrl, emailHint) {
+  const initiateUrl = new URL(oauthInitiatePath, baseUrl).toString();
+  const body = emailHint ? { email_hint: emailHint } : {};
+  const { response, payload, text } = await requestJson(initiateUrl, {
+    method: "POST",
+    headers: { "Content-Type": "application/json", Accept: "application/json" },
+    body: JSON.stringify(body),
+  });
+
+  if (!response.ok) {
+    const message = extractErrorMessage(payload, text || "request failed");
+    throw new Error(`Login initiate failed (${response.status}): ${message}`);
+  }
+
+  const data = unwrapData(payload);
+  if (!data || typeof data !== "object") {
+    throw new Error("Login initiate failed: invalid response payload.");
+  }
+
+  const deviceCode = typeof data.device_code === "string" ? data.device_code : null;
+  const userCode = typeof data.user_code === "string" ? data.user_code : null;
+  const verificationUrl = typeof data.verification_url_complete === "string" ? data.verification_url_complete : null;
+  const interval = Number.isFinite(Number(data.interval)) ? Number(data.interval) : 5;
+  const expiresIn = Number.isFinite(Number(data.expires_in)) ? Number(data.expires_in) : 600;
+
+  if (!deviceCode || !userCode || !verificationUrl) {
+    throw new Error("Login initiate failed: incomplete device authorization payload.");
+  }
+
+  return { deviceCode, userCode, verificationUrl, interval, expiresIn };
+}
+
+async function pollDeviceToken(baseUrl, deviceCode, intervalSeconds, expiresInSeconds) {
+  const deadline = Date.now() + Math.max(expiresInSeconds, 1) * 1000;
+  const pollUrl = new URL(oauthTokenPath, baseUrl).toString();
+
+  while (Date.now() <= deadline) {
+    const { response, payload, text } = await requestJson(pollUrl, {
+      method: "POST",
+      headers: { "Content-Type": "application/json", Accept: "application/json" },
+      body: JSON.stringify({ device_code: deviceCode }),
+    });
+
+    if (response.status === 200) {
+      const data = unwrapData(payload);
+      if (!data?.access_token || !data?.refresh_token) {
+        throw new Error("Token endpoint returned incomplete credentials.");
+      }
+      return data;
+    }
+
+    if (response.status === 428) {
+      await sleep(Math.max(intervalSeconds, 1) * 1000);
+      continue;
+    }
+
+    const message = extractErrorMessage(payload, text || "request failed");
+    throw new Error(`Login token exchange failed (${response.status}): ${message}`);
+  }
+
+  throw new Error("Device code expired. Please run login again.");
+}
+
+async function saveRuntimeCredentials(baseUrl, tokenData) {
+  const payload = {
+    base_url: baseUrl,
+    access_token: tokenData.access_token,
+    refresh_token: tokenData.refresh_token,
+    auth_id: tokenData.auth_id || null,
+    email: tokenData.email || null,
+    expires_at: tokenData.expires_at || null,
+    updated_at: new Date().toISOString(),
+  };
+  await writePrivateJsonFile(runtimeCredentialsPath, payload);
+}
+
+async function runLoginCommand(baseUrl, args) {
+  const { emailHint, launchBrowser } = await parseLoginArgs(args);
+  let resolvedBaseUrl = baseUrl;
+  let login;
+  try {
+    login = await initiateDeviceLogin(resolvedBaseUrl, emailHint);
+  } catch (error) {
+    if (
+      !process.env.TEXTCORTEX_BASE_URL &&
+      resolvedBaseUrl === localBaseUrlDefault &&
+      isFetchFailedError(error)
+    ) {
+      resolvedBaseUrl = cloudBaseUrlDefault;
+      console.log(
+        `Local backend not reachable at ${localBaseUrlDefault}. Falling back to ${cloudBaseUrlDefault}.`,
+      );
+      try {
+        login = await initiateDeviceLogin(resolvedBaseUrl, emailHint);
+      } catch (fallbackError) {
+        if (
+          isFetchFailedError(fallbackError) ||
+          isLoginRouteNotFoundError(fallbackError)
+        ) {
+          throw new Error(_loginConnectivityHelp(resolvedBaseUrl));
+        }
+        throw fallbackError;
+      }
+    } else {
+      if (isFetchFailedError(error) || isLoginRouteNotFoundError(error)) {
+        throw new Error(_loginConnectivityHelp(resolvedBaseUrl));
+      }
+      throw error;
+    }
+  }
+
+  console.log("\nComplete authorization in your browser:");
+  console.log(`  ${login.verificationUrl}`);
+  console.log(`User code: ${login.userCode}\n`);
+
+  if (launchBrowser) {
+    const launched = await openBrowser(login.verificationUrl);
+    if (!launched) {
+      console.log("Unable to open a browser automatically. Open the URL above manually.");
+    } else {
+      console.log("Opened browser for authentication.");
+    }
+  }
+
+  const tokenData = await pollDeviceToken(
+    resolvedBaseUrl,
+    login.deviceCode,
+    login.interval,
+    login.expiresIn,
+  );
+  await saveRuntimeCredentials(resolvedBaseUrl, tokenData);
+
+  const account = tokenData.email || tokenData.auth_id || "unknown";
+  console.log(`Login successful for ${account}.`);
+  console.log(`Credentials saved to ${runtimeCredentialsPath}`);
+}
+
+async function runLogoutCommand() {
+  try {
+    await fs.unlink(runtimeCredentialsPath);
+    console.log("Zenocode credentials removed.");
+  } catch (error) {
+    if (error?.code === "ENOENT") {
+      console.log("No local Zenocode credentials found.");
+      return;
+    }
+    throw error;
+  }
+}
+
+async function runChild(command, args, options) {
+  return new Promise((resolve, reject) => {
+    try {
+      const child = spawn(command, args, options);
+      child.on("error", reject);
+      child.on("exit", (code, signal) => resolve({ code, signal }));
+    } catch (error) {
+      reject(error);
+    }
+  });
+}
+
+async function runBrandedBinary(args, options) {
+  const result = await runChild(opencodeBinaryPath, args, options);
+  if (result.signal) {
+    process.kill(process.pid, result.signal);
+    return;
+  }
+  process.exit(result.code ?? 0);
+}
+
+function _runnerCommand(command) {
+  return process.platform === "win32" ? `${command}.cmd` : command;
+}
+
+function _runtimeBrandedBinaryPath() {
+  const binaryName = process.platform === "win32" ? "opencode-runtime.exe" : "opencode-runtime";
+  return path.join(runtimeDir, "bin", binaryName);
+}
+
+function shouldPatchOpencodeRuntimePackage(packageName) {
+  return (
+    packageName.endsWith("/opencode-ai") ||
+    packageName.endsWith("/zenocode-ai") ||
+    packageName === "opencode-ai"
+  );
+}
+
+function _buildPaddedLogoSnippet(coreSnippet) {
+  return padBinaryReplacement(opencodeLogoSnippet, coreSnippet);
+}
+
+function _buildZenocodeLogoSnippet() {
+  return _buildPaddedLogoSnippet(zenocodeTextLogoSnippetCore);
+}
+
+async function _pathExists(pathToCheck) {
+  try {
+    await fs.access(pathToCheck);
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+async function _collectPnpmDlxPnpmDirs(rootDir) {
+  const queue = [{ dir: rootDir, depth: 0 }];
+  const pnpmDirs = [];
+
+  while (queue.length) {
+    const current = queue.shift();
+    const nodeModulesPnpm = path.join(current.dir, "node_modules", ".pnpm");
+    if (await _pathExists(nodeModulesPnpm)) {
+      pnpmDirs.push(nodeModulesPnpm);
+    }
+
+    if (current.depth >= 3) continue;
+    let entries = [];
+    try {
+      entries = await fs.readdir(current.dir, { withFileTypes: true });
+    } catch {
+      continue;
+    }
+    for (const entry of entries) {
+      if (!entry.isDirectory()) continue;
+      if (entry.name === "node_modules") continue;
+      queue.push({ dir: path.join(current.dir, entry.name), depth: current.depth + 1 });
+    }
+  }
+
+  return pnpmDirs;
+}
+
+async function _collectPnpmDlxOpencodeBinaries() {
+  const dlxRoots = [
+    path.join(os.homedir(), "Library", "Caches", "pnpm", "dlx"),
+    path.join(os.homedir(), ".cache", "pnpm", "dlx"),
+    path.join(process.env.LOCALAPPDATA || "", "pnpm", "dlx"),
+  ].filter(Boolean);
+
+  const binaryName = process.platform === "win32" ? "opencode.exe" : "opencode";
+  const hiddenCachedBinaryName = ".opencode";
+  const candidates = [];
+
+  for (const root of dlxRoots) {
+    if (!(await _pathExists(root))) continue;
+    const pnpmDirs = await _collectPnpmDlxPnpmDirs(root);
+    for (const pnpmDir of pnpmDirs) {
+      let entries = [];
+      try {
+        entries = await fs.readdir(pnpmDir, { withFileTypes: true });
+      } catch {
+        continue;
+      }
+
+      for (const entry of entries) {
+        if (!entry.isDirectory()) continue;
+        const nodeModulesPath = path.join(pnpmDir, entry.name, "node_modules");
+        if (!(await _pathExists(nodeModulesPath))) continue;
+
+        let topLevel = [];
+        try {
+          topLevel = await fs.readdir(nodeModulesPath, { withFileTypes: true });
+        } catch {
+          continue;
+        }
+
+        for (const moduleEntry of topLevel) {
+          if (!moduleEntry.isDirectory()) continue;
+
+          if (moduleEntry.name === "opencode-ai") {
+            const cachedPath = path.join(nodeModulesPath, "opencode-ai", "bin", hiddenCachedBinaryName);
+            if (await _pathExists(cachedPath)) candidates.push(cachedPath);
+            continue;
+          }
+
+          if (moduleEntry.name.startsWith("opencode-")) {
+            const binaryPath = path.join(nodeModulesPath, moduleEntry.name, "bin", binaryName);
+            if (await _pathExists(binaryPath)) candidates.push(binaryPath);
+            continue;
+          }
+
+          if (!moduleEntry.name.startsWith("@")) continue;
+          const scopePath = path.join(nodeModulesPath, moduleEntry.name);
+          let scopedPackages = [];
+          try {
+            scopedPackages = await fs.readdir(scopePath, { withFileTypes: true });
+          } catch {
+            continue;
+          }
+          for (const scopedPackage of scopedPackages) {
+            if (!scopedPackage.isDirectory()) continue;
+            const scopedNodeModulesPath = path.join(scopePath, scopedPackage.name);
+
+            if (scopedPackage.name === "opencode-ai") {
+              const cachedPath = path.join(scopedNodeModulesPath, "bin", hiddenCachedBinaryName);
+              if (await _pathExists(cachedPath)) candidates.push(cachedPath);
+              continue;
+            }
+
+            if (!scopedPackage.name.startsWith("opencode-")) continue;
+            const binaryPath = path.join(scopedNodeModulesPath, "bin", binaryName);
+            if (await _pathExists(binaryPath)) candidates.push(binaryPath);
+          }
+        }
+      }
+    }
+  }
+
+  return [...new Set(candidates)];
+}
+
+async function _adHocSignBinary(binaryPath) {
+  if (process.platform !== "darwin") return;
+  try {
+    await runChild("codesign", ["--force", "--sign", "-", binaryPath], {
+      stdio: "ignore",
+    });
+  } catch {
+    // If ad-hoc signing fails, keep going; runtime may still work on systems that do not enforce signatures.
+  }
+}
+
+function _patchLogoSnippetText(text) {
+  const replacement = _buildZenocodeLogoSnippet();
+  if (!replacement || text.includes(replacement)) {
+    return { patched: false, text };
+  }
+
+  const patchTargets = [opencodeLogoSnippet].filter(Boolean);
+  let logoOffset = -1;
+  for (const target of patchTargets) {
+    logoOffset = text.indexOf(target);
+    if (logoOffset !== -1) break;
+  }
+  if (logoOffset === -1) {
+    return { patched: false, text };
+  }
+
+  const nextText = `${text.slice(0, logoOffset)}${replacement}${text.slice(logoOffset + replacement.length)}`;
+  return { patched: true, text: nextText };
+}
+
+async function _patchOpencodeBinaryBranding(binaryPath) {
+  let buffer;
+  try {
+    buffer = await fs.readFile(binaryPath);
+  } catch {
+    return false;
+  }
+
+  const originalLength = buffer.length;
+  let text = buffer.toString("latin1");
+  let patched = false;
+
+  const logoPatch = _patchLogoSnippetText(text);
+  if (logoPatch.patched) {
+    text = logoPatch.text;
+    patched = true;
+  }
+
+  const footerPatch = patchOpenCodeVersionFooterText(text);
+  if (footerPatch.patched) {
+    text = footerPatch.text;
+    patched = true;
+  }
+
+  if (!patched) {
+    return false;
+  }
+
+  buffer = Buffer.from(text, "latin1");
+  if (buffer.length !== originalLength) {
+    return false;
+  }
+
+  await fs.writeFile(binaryPath, buffer);
+  if (process.platform !== "win32") {
+    await fs.chmod(binaryPath, 0o755);
+  }
+  await _adHocSignBinary(binaryPath);
+  return true;
+}
+
+async function _preparePinnedRuntimeBinary(binaryCandidates) {
+  if (!binaryCandidates.length) return null;
+  const runtimeBinaryPath = _runtimeBrandedBinaryPath();
+  const stats = await Promise.all(binaryCandidates.map(async (binaryPath) => ({
+    binaryPath,
+    mtimeMs: (await fs.stat(binaryPath)).mtimeMs,
+  })));
+  stats.sort((a, b) => b.mtimeMs - a.mtimeMs);
+
+  await fs.mkdir(path.dirname(runtimeBinaryPath), { recursive: true });
+  await fs.copyFile(stats[0].binaryPath, runtimeBinaryPath);
+  if (process.platform !== "win32") {
+    await fs.chmod(runtimeBinaryPath, 0o755);
+  }
+  await _patchOpencodeBinaryBranding(runtimeBinaryPath);
+  await _adHocSignBinary(runtimeBinaryPath);
+  return runtimeBinaryPath;
+}
+
+async function _ensurePatchedOpencodeDlxBinaries(packageName, runner, options) {
+  if (!shouldPatchOpencodeRuntimePackage(packageName)) {
+    return null;
+  }
+  if (runner.command !== _runnerCommand("pnpm")) {
+    return null;
+  }
+  if (
+    process.env.ZENOCODE_DISABLE_OPENCODE_LOGO_PATCH === "1" ||
+    process.env.CODECORTEX_DISABLE_OPENCODE_LOGO_PATCH === "1"
+  ) {
+    return null;
+  }
+
+  let binaryCandidates = await _collectPnpmDlxOpencodeBinaries();
+  if (!binaryCandidates.length) {
+    // Warm cache so we have a concrete binary to patch.
+    try {
+      await runChild(runner.command, ["dlx", packageName, "--version"], {
+        ...options,
+        stdio: "ignore",
+      });
+    } catch {
+      // ignore warm-up failures and continue with best effort patching
+    }
+    binaryCandidates = await _collectPnpmDlxOpencodeBinaries();
+  }
+
+  if (!binaryCandidates.length) {
+    return null;
+  }
+
+  let patchedCount = 0;
+  for (const binaryPath of binaryCandidates) {
+    const patched = await _patchOpencodeBinaryBranding(binaryPath);
+    if (patched) patchedCount += 1;
+  }
+
+  if (patchedCount > 0) {
+    console.log(`Patched Zenocode branding in ${patchedCount} OpenCode runtime ${patchedCount > 1 ? "binaries" : "binary"}.`);
+  }
+
+  return _preparePinnedRuntimeBinary(binaryCandidates);
+}
+
+async function runPackageLauncher(packageName, args, options) {
+  const runners = [
+    { command: _runnerCommand("pnpm"), args: ["dlx", packageName, ...args] },
+    { command: _runnerCommand("npx"), args: ["--yes", packageName, ...args] },
+  ];
+  const missingRunners = [];
+
+  for (const runner of runners) {
+    try {
+      let pinnedRuntimePath = await _ensurePatchedOpencodeDlxBinaries(packageName, runner, options);
+      if (!pinnedRuntimePath && shouldPatchOpencodeRuntimePackage(packageName)) {
+        const existingPinnedPath = _runtimeBrandedBinaryPath();
+        if (await _pathExists(existingPinnedPath)) {
+          pinnedRuntimePath = existingPinnedPath;
+        }
+      }
+
+      const childOptions = {
+        ...options,
+        env: {
+          ...(options.env || {}),
+          ...(pinnedRuntimePath ? { OPENCODE_BIN_PATH: pinnedRuntimePath } : {}),
+        },
+      };
+
+      const result = await runChild(runner.command, runner.args, childOptions);
+      if (result.signal) {
+        process.kill(process.pid, result.signal);
+        return;
+      }
+      process.exit(result.code ?? 0);
+      return;
+    } catch (error) {
+      if (error?.code === "ENOENT") {
+        missingRunners.push(runner.command);
+        continue;
+      }
+      throw error;
+    }
+  }
+
+  throw new Error(
+    `No package runner found (${missingRunners.join(", ")}). Install pnpm or npm, or set ZENOCODE_OPENCODE_BIN_PATH/CODECORTEX_OPENCODE_BIN_PATH.`,
+  );
+}
+
+async function packageExistsOnNpm(packageName) {
+  const controller = new AbortController();
+  const timeout = setTimeout(() => controller.abort(), 4_000);
+  try {
+    const response = await fetch(`https://registry.npmjs.org/${encodeURIComponent(packageName)}`, {
+      method: "GET",
+      headers: { Accept: "application/json" },
+      signal: controller.signal,
+    });
+    return response.ok;
+  } catch {
+    return false;
+  } finally {
+    clearTimeout(timeout);
+  }
+}
+
+async function resolveLaunchPackage() {
+  if (configuredOpencodePackage) {
+    return configuredOpencodePackage;
+  }
+
+  const brandedAvailable = await packageExistsOnNpm(defaultBrandedOpencodePackage);
+  if (brandedAvailable) {
+    return defaultBrandedOpencodePackage;
+  }
+
+  const legacyBrandedAvailable = await packageExistsOnNpm(
+    legacyBrandedOpencodePackage,
+  );
+  if (legacyBrandedAvailable) {
+    console.warn(
+      `Package ${defaultBrandedOpencodePackage} was not found on npm. Falling back to ${legacyBrandedOpencodePackage}.`,
+    );
+    return legacyBrandedOpencodePackage;
+  }
+
+  console.warn(
+    `Package ${defaultBrandedOpencodePackage} was not found on npm. Falling back to ${fallbackOpencodePackage}.`,
+  );
+  return fallbackOpencodePackage;
+}
+
+function shouldRenderBanner(args) {
+  if (
+    process.env.ZENOCODE_NO_BANNER === "1" ||
+    process.env.CODECORTEX_NO_BANNER === "1"
+  ) {
+    return false;
+  }
+  if (
+    !process.stdout.isTTY &&
+    process.env.ZENOCODE_FORCE_BANNER !== "1" &&
+    process.env.CODECORTEX_FORCE_BANNER !== "1"
+  ) {
+    return false;
+  }
+
+  const suppressFlags = new Set(["--help", "-h", "--version", "-v", "completion"]);
+  return !args.some((arg) => suppressFlags.has(arg));
+}
+
+function maybeRenderBanner(args) {
+  if (!shouldRenderBanner(args)) {
+    return;
+  }
+  console.log(`${zenocodeBanner}\n`);
+}
+
+function isMissingTokenError(error) {
+  const message = error instanceof Error ? error.message : String(error);
+  return message.includes("Missing API token");
+}
+
+function isExpiredSessionError(error) {
+  const message = error instanceof Error ? error.message : String(error);
+  if (!message.includes("Models fetch failed (401)")) return false;
+  return /token has expired|expired token|token expired/i.test(message);
+}
+
+function canAutoLogin(args) {
+  if (
+    process.env.ZENOCODE_AUTO_LOGIN === "0" ||
+    process.env.CODECORTEX_AUTO_LOGIN === "0"
+  ) {
+    return false;
+  }
+  if (!process.stdin.isTTY || !process.stdout.isTTY) return false;
+  if (process.env.CI === "1" || process.env.CI === "true") return false;
+
+  const suppressFlags = new Set(["--help", "-h", "--version", "-v", "completion"]);
+  if (args.some((arg) => suppressFlags.has(arg))) return false;
+  return true;
+}
+
+function shouldAttemptAutoLogin(error, args) {
+  if (!isMissingTokenError(error)) return false;
+  return canAutoLogin(args);
+}
+
+async function resolveTokenWithAutoLogin(baseUrl, args) {
+  try {
+    const token = await resolveToken();
+    return { token, baseUrl };
+  } catch (error) {
+    if (!shouldAttemptAutoLogin(error, args)) {
+      throw error;
+    }
+
+    console.log("No local Zenocode credentials found. Starting login flow...\n");
+    const loginArgs =
+      process.env.ZENOCODE_AUTO_LOGIN_NO_BROWSER === "1" ||
+      process.env.CODECORTEX_AUTO_LOGIN_NO_BROWSER === "1"
+        ? ["--no-launch-browser"]
+        : [];
+    await runLoginCommand(baseUrl, loginArgs);
+    const token = await resolveToken();
+    const persistedBaseUrl = process.env.TEXTCORTEX_BASE_URL || (await resolveStoredBaseUrl()) || baseUrl;
+    return { token, baseUrl: persistedBaseUrl };
+  }
+}
+
+async function prepareRuntimeWithAutoLogin(baseUrl, token, args) {
+  try {
+    const model = await prepareRuntime(baseUrl, token);
+    return { model, token, baseUrl };
+  } catch (error) {
+    if (!isExpiredSessionError(error)) {
+      throw error;
+    }
+    if (!canAutoLogin(args)) {
+      throw new Error("Zenocode session expired. Run `zenocode login` and try again.");
+    }
+
+    console.log("Zenocode session expired. Starting login flow...\n");
+    const loginArgs =
+      process.env.ZENOCODE_AUTO_LOGIN_NO_BROWSER === "1" ||
+      process.env.CODECORTEX_AUTO_LOGIN_NO_BROWSER === "1"
+        ? ["--no-launch-browser"]
+        : [];
+    await runLoginCommand(baseUrl, loginArgs);
+    const refreshedToken = await resolveToken();
+    const refreshedBaseUrl = process.env.TEXTCORTEX_BASE_URL || (await resolveStoredBaseUrl()) || baseUrl;
+    const model = await prepareRuntime(refreshedBaseUrl, refreshedToken);
+    return { model, token: refreshedToken, baseUrl: refreshedBaseUrl };
+  }
+}
+
+async function main() {
+  const args = process.argv.slice(2);
+  const prepareOnly = args.includes("--prepare-only");
+  const passthrough = args.filter((arg) => arg !== "--prepare-only");
+
+  // `pnpm run <script> -- ...` can forward a leading `--`; drop it so subcommands
+  // like `run` / `models` / `login` are parsed here first.
+  if (passthrough[0] === "--") {
+    passthrough.shift();
+  }
+
+  const storedBaseUrl = await resolveStoredBaseUrl();
+  const baseUrl = process.env.TEXTCORTEX_BASE_URL || storedBaseUrl || localBaseUrlDefault;
+  const subcommand = passthrough[0];
+
+  if (subcommand === "login") {
+    await runLoginCommand(baseUrl, passthrough.slice(1));
+    return;
+  }
+
+  if (subcommand === "logout") {
+    await runLogoutCommand();
+    return;
+  }
+
+  maybeRenderBanner(passthrough);
+  const tokenResolution = await resolveTokenWithAutoLogin(baseUrl, passthrough);
+  const runtime = await prepareRuntimeWithAutoLogin(
+    tokenResolution.baseUrl,
+    tokenResolution.token,
+    passthrough,
+  );
+  const token = runtime.token;
+  const model = runtime.model;
+  console.log(`Zenocode config ready at ${configPath}`);
+  console.log(`Default model: ${model}`);
+  if (prepareOnly) return;
+
+  const childOptions = {
+    cwd: process.cwd(),
+    stdio: "inherit",
+    env: {
+      ...process.env,
+      OPENCODE_MODELS_PATH: modelsPath,
+      OPENCODE_CONFIG: configPath,
+      TEXTCORTEX_API_KEY: token,
+    },
+  };
+
+  if (opencodeBinaryPath) {
+    await runBrandedBinary(passthrough, childOptions);
+    return;
+  }
+
+  const launchPackage = await resolveLaunchPackage();
+  await runPackageLauncher(launchPackage, passthrough, childOptions);
+}
+
+const resolveExecutablePath = (value) => {
+  try {
+    return realpathSync(value);
+  } catch {
+    return path.resolve(value);
+  }
+};
+
+if (process.argv[1] && resolveExecutablePath(process.argv[1]) === currentFilePath) {
+  main().catch((error) => {
+    console.error(error instanceof Error ? error.message : String(error));
+    process.exit(1);
+  });
+}