mini-coder 0.3.0 → 0.3.1

package/dist/mc.js

@@ -2,7 +2,7 @@
 // @bun
 
 // src/index.ts
-import * as c21 from "yoctocolors";
+import * as c20 from "yoctocolors";
 
 // src/agent/agent.ts
 import * as c11 from "yoctocolors";
@@ -13,7 +13,7 @@ import { SSEClientTransport } from "@modelcontextprotocol/sdk/client/sse.js";
 import { StdioClientTransport } from "@modelcontextprotocol/sdk/client/stdio.js";
 import { StreamableHTTPClientTransport } from "@modelcontextprotocol/sdk/client/streamableHttp.js";
 // src/internal/version.ts
-var PACKAGE_VERSION = "0.3.0";
+var PACKAGE_VERSION = "0.3.1";
 
 // src/mcp/client.ts
 async function connectMcpServer(config) {
@@ -70,7 +70,7 @@ async function connectMcpServer(config) {
 
 // src/session/db/connection.ts
 import { Database } from "bun:sqlite";
-import { existsSync, mkdirSync, unlinkSync } from "fs";
+import { existsSync, mkdirSync, renameSync } from "fs";
 import { homedir } from "os";
 import { join } from "path";
 function getConfigDir() {
@@ -201,27 +201,32 @@ function configureDb(db) {
   db.exec("PRAGMA foreign_keys=ON;");
   db.exec("PRAGMA busy_timeout=1000;");
 }
+function rotateDbFiles(dbPath, version) {
+  const backupBase = `${dbPath}.bak-v${version}-${Date.now()}`;
+  for (const suffix of ["", "-wal", "-shm"]) {
+    const path = `${dbPath}${suffix}`;
+    if (!existsSync(path))
+      continue;
+    renameSync(path, `${backupBase}${suffix}`);
+  }
+}
 function getDb() {
   if (!_db) {
     const dbPath = getDbPath();
+    const dbExists = existsSync(dbPath);
     let db = new Database(dbPath, { create: true });
     configureDb(db);
     const version = db.query("PRAGMA user_version").get()?.user_version ?? 0;
-    if (version !== DB_VERSION) {
+    if (dbExists && version !== DB_VERSION) {
       try {
         db.close();
       } catch {}
-      for (const path of [dbPath, `${dbPath}-wal`, `${dbPath}-shm`]) {
-        if (existsSync(path))
-          unlinkSync(path);
-      }
+      rotateDbFiles(dbPath, version);
       db = new Database(dbPath, { create: true });
       configureDb(db);
-      db.exec(SCHEMA);
-      db.exec(`PRAGMA user_version = ${DB_VERSION};`);
-    } else {
-      db.exec(SCHEMA);
     }
+    db.exec(SCHEMA);
+    db.exec(`PRAGMA user_version = ${DB_VERSION};`);
     _db = db;
   }
   return _db;
@@ -436,7 +441,7 @@ import { createGoogleGenerativeAI } from "@ai-sdk/google";
 import { createOpenAI } from "@ai-sdk/openai";
 import { createOpenAICompatible } from "@ai-sdk/openai-compatible";
 
-// src/session/oauth/anthropic.ts
+// src/session/oauth/openai.ts
 import { createServer } from "http";
 
 // src/session/oauth/pkce.ts
@@ -457,139 +462,18 @@ async function generatePKCE() {
   return { verifier, challenge };
 }
 
-// src/session/oauth/anthropic.ts
-var CLIENT_ID = "9d1c250a-e61b-44d9-88ed-5944d1962f5e";
-var AUTHORIZE_URL = "https://claude.ai/oauth/authorize";
-var TOKEN_URL = "https://platform.claude.com/v1/oauth/token";
+// src/session/oauth/openai.ts
+var CLIENT_ID = "app_EMoamEEZ73f0CkXaXp7hrann";
+var AUTHORIZE_URL = "https://auth.openai.com/oauth/authorize";
+var TOKEN_URL = "https://auth.openai.com/oauth/token";
 var CALLBACK_HOST = "127.0.0.1";
-var CALLBACK_PORT = 53692;
-var CALLBACK_PATH = "/callback";
+var CALLBACK_PORT = 1455;
+var CALLBACK_PATH = "/auth/callback";
 var REDIRECT_URI = `http://localhost:${CALLBACK_PORT}${CALLBACK_PATH}`;
-var SCOPES = "org:create_api_key user:profile user:inference user:sessions:claude_code user:mcp_servers user:file_upload";
+var SCOPES = "openid profile email offline_access";
 var LOGIN_TIMEOUT_MS = 5 * 60 * 1000;
 var SUCCESS_HTML = `<!doctype html>
 <html lang="en"><head><meta charset="utf-8"><title>Authenticated</title></head>
-<body><p>Authentication successful. Return to your terminal.</p></body></html>`;
-function startCallbackServer(expectedState) {
-  return new Promise((resolve2, reject) => {
-    let result = null;
-    let cancelled = false;
-    const server = createServer((req, res) => {
-      const url = new URL(req.url ?? "", "http://localhost");
-      if (url.pathname !== CALLBACK_PATH) {
-        res.writeHead(404).end("Not found");
-        return;
-      }
-      const code = url.searchParams.get("code");
-      const state = url.searchParams.get("state");
-      const error = url.searchParams.get("error");
-      if (error || !code || !state || state !== expectedState) {
-        res.writeHead(400).end("Authentication failed.");
-        return;
-      }
-      res.writeHead(200, { "Content-Type": "text/html" }).end(SUCCESS_HTML);
-      result = { code, state };
-    });
-    server.on("error", reject);
-    server.listen(CALLBACK_PORT, CALLBACK_HOST, () => {
-      resolve2({
-        server,
-        cancel: () => {
-          cancelled = true;
-        },
-        waitForCode: async () => {
-          const deadline = Date.now() + LOGIN_TIMEOUT_MS;
-          while (!result && !cancelled && Date.now() < deadline) {
-            await new Promise((r) => setTimeout(r, 100));
-          }
-          return result;
-        }
-      });
-    });
-  });
-}
-async function postTokenRequest(body, label) {
-  const res = await fetch(TOKEN_URL, {
-    method: "POST",
-    headers: {
-      "Content-Type": "application/json",
-      Accept: "application/json"
-    },
-    body: JSON.stringify(body),
-    signal: AbortSignal.timeout(30000)
-  });
-  if (!res.ok) {
-    const text = await res.text();
-    throw new Error(`${label} failed (${res.status}): ${text}`);
-  }
-  const data = await res.json();
-  return {
-    access: data.access_token,
-    refresh: data.refresh_token,
-    expires: Date.now() + data.expires_in * 1000 - 5 * 60 * 1000
-  };
-}
-function exchangeCode(code, state, verifier) {
-  return postTokenRequest({
-    grant_type: "authorization_code",
-    client_id: CLIENT_ID,
-    code,
-    state,
-    redirect_uri: REDIRECT_URI,
-    code_verifier: verifier
-  }, "Token exchange");
-}
-function refreshAnthropicToken(refreshToken) {
-  return postTokenRequest({
-    grant_type: "refresh_token",
-    client_id: CLIENT_ID,
-    refresh_token: refreshToken
-  }, "Token refresh");
-}
-async function loginAnthropic(callbacks) {
-  const { verifier, challenge } = await generatePKCE();
-  const cb = await startCallbackServer(verifier);
-  try {
-    const params = new URLSearchParams({
-      code: "true",
-      client_id: CLIENT_ID,
-      response_type: "code",
-      redirect_uri: REDIRECT_URI,
-      scope: SCOPES,
-      code_challenge: challenge,
-      code_challenge_method: "S256",
-      state: verifier
-    });
-    callbacks.onOpenUrl(`${AUTHORIZE_URL}?${params}`, "Complete login in your browser.");
-    const result = await cb.waitForCode();
-    if (!result)
-      throw new Error("Login cancelled or no code received");
-    callbacks.onProgress("Exchanging authorization code for tokens\u2026");
-    return exchangeCode(result.code, result.state, verifier);
-  } finally {
-    cb.server.close();
-  }
-}
-var anthropicOAuth = {
-  id: "anthropic",
-  name: "Anthropic (Claude Pro/Max)",
-  login: loginAnthropic,
-  refreshToken: refreshAnthropicToken
-};
-
-// src/session/oauth/openai.ts
-import { createServer as createServer2 } from "http";
-var CLIENT_ID2 = "app_EMoamEEZ73f0CkXaXp7hrann";
-var AUTHORIZE_URL2 = "https://auth.openai.com/oauth/authorize";
-var TOKEN_URL2 = "https://auth.openai.com/oauth/token";
-var CALLBACK_HOST2 = "127.0.0.1";
-var CALLBACK_PORT2 = 1455;
-var CALLBACK_PATH2 = "/auth/callback";
-var REDIRECT_URI2 = `http://localhost:${CALLBACK_PORT2}${CALLBACK_PATH2}`;
-var SCOPES2 = "openid profile email offline_access";
-var LOGIN_TIMEOUT_MS2 = 5 * 60 * 1000;
-var SUCCESS_HTML2 = `<!doctype html>
-<html lang="en"><head><meta charset="utf-8"><title>Authenticated</title></head>
 <body><p>OpenAI authentication successful. Return to your terminal.</p></body></html>`;
 function createState() {
   const bytes = new Uint8Array(16);
@@ -599,13 +483,13 @@ function createState() {
     hex += b.toString(16).padStart(2, "0");
   return hex;
 }
-function startCallbackServer2(expectedState) {
+function startCallbackServer(expectedState) {
   return new Promise((resolve2, reject) => {
     let result = null;
     let cancelled = false;
-    const server = createServer2((req, res) => {
+    const server = createServer((req, res) => {
       const url = new URL(req.url ?? "", "http://localhost");
-      if (url.pathname !== CALLBACK_PATH2) {
+      if (url.pathname !== CALLBACK_PATH) {
         res.writeHead(404).end("Not found");
         return;
       }
@@ -616,18 +500,18 @@ function startCallbackServer2(expectedState) {
         res.writeHead(400).end("Authentication failed.");
         return;
       }
-      res.writeHead(200, { "Content-Type": "text/html" }).end(SUCCESS_HTML2);
+      res.writeHead(200, { "Content-Type": "text/html" }).end(SUCCESS_HTML);
       result = { code };
     });
     server.on("error", reject);
-    server.listen(CALLBACK_PORT2, CALLBACK_HOST2, () => {
+    server.listen(CALLBACK_PORT, CALLBACK_HOST, () => {
       resolve2({
         server,
         cancel: () => {
           cancelled = true;
         },
         waitForCode: async () => {
-          const deadline = Date.now() + LOGIN_TIMEOUT_MS2;
+          const deadline = Date.now() + LOGIN_TIMEOUT_MS;
           while (!result && !cancelled && Date.now() < deadline) {
             await new Promise((r) => setTimeout(r, 100));
           }
@@ -637,8 +521,8 @@ function startCallbackServer2(expectedState) {
     });
   });
 }
-async function postTokenRequest2(body, label) {
-  const res = await fetch(TOKEN_URL2, {
+async function postTokenRequest(body, label) {
+  const res = await fetch(TOKEN_URL, {
     method: "POST",
     headers: {
       "Content-Type": "application/x-www-form-urlencoded"
@@ -657,32 +541,32 @@ async function postTokenRequest2(body, label) {
     expires: Date.now() + data.expires_in * 1000 - 5 * 60 * 1000
   };
 }
-function exchangeCode2(code, verifier) {
-  return postTokenRequest2(new URLSearchParams({
+function exchangeCode(code, verifier) {
+  return postTokenRequest(new URLSearchParams({
     grant_type: "authorization_code",
-    client_id: CLIENT_ID2,
+    client_id: CLIENT_ID,
     code,
     code_verifier: verifier,
-    redirect_uri: REDIRECT_URI2
+    redirect_uri: REDIRECT_URI
   }), "Token exchange");
 }
 function refreshOpenAIToken(refreshToken) {
-  return postTokenRequest2(new URLSearchParams({
+  return postTokenRequest(new URLSearchParams({
     grant_type: "refresh_token",
     refresh_token: refreshToken,
-    client_id: CLIENT_ID2
+    client_id: CLIENT_ID
   }), "Token refresh");
 }
 async function loginOpenAI(callbacks) {
   const { verifier, challenge } = await generatePKCE();
   const state = createState();
-  const cb = await startCallbackServer2(state);
+  const cb = await startCallbackServer(state);
   try {
     const params = new URLSearchParams({
       response_type: "code",
-      client_id: CLIENT_ID2,
-      redirect_uri: REDIRECT_URI2,
-      scope: SCOPES2,
+      client_id: CLIENT_ID,
+      redirect_uri: REDIRECT_URI,
+      scope: SCOPES,
       code_challenge: challenge,
       code_challenge_method: "S256",
       state,
@@ -690,12 +574,12 @@ async function loginOpenAI(callbacks) {
       codex_cli_simplified_flow: "true",
       originator: "mc"
     });
-    callbacks.onOpenUrl(`${AUTHORIZE_URL2}?${params}`, "Complete login in your browser.");
+    callbacks.onOpenUrl(`${AUTHORIZE_URL}?${params}`, "Complete login in your browser.");
     const result = await cb.waitForCode();
     if (!result)
       throw new Error("Login cancelled or no code received");
     callbacks.onProgress("Exchanging authorization code for tokens\u2026");
-    return exchangeCode2(result.code, verifier);
+    return exchangeCode(result.code, verifier);
   } finally {
     cb.server.close();
   }
@@ -722,7 +606,6 @@ var openaiOAuth = {
 
 // src/session/oauth/auth-storage.ts
 var PROVIDERS = new Map([
-  [anthropicOAuth.id, anthropicOAuth],
   [openaiOAuth.id, openaiOAuth]
 ]);
 function getOAuthProviders() {
@@ -752,10 +635,10 @@ function isAuthError(err) {
   return /\b(401|403)\b/.test(err.message);
 }
 function isLoggedIn(provider) {
-  return getStoredToken(provider) !== null;
+  return PROVIDERS.has(provider) && getStoredToken(provider) !== null;
 }
 function listLoggedInProviders() {
-  return getDb().query("SELECT provider FROM oauth_tokens ORDER BY provider").all().map((r) => r.provider);
+  return getDb().query("SELECT provider FROM oauth_tokens ORDER BY provider").all().map((r) => r.provider).filter((provider) => PROVIDERS.has(provider));
 }
 async function login(providerId, callbacks) {
   const provider = PROVIDERS.get(providerId);
@@ -1321,31 +1204,16 @@ async function fetchCodexOAuthModels(token) {
     return null;
   }
 }
-async function getAnthropicAuth() {
-  const envKey = process.env.ANTHROPIC_API_KEY;
-  if (envKey)
-    return { key: envKey, oauth: false };
-  if (isLoggedIn("anthropic")) {
-    const token = await getAccessToken("anthropic");
-    if (token)
-      return { key: token, oauth: true };
-  }
-  return null;
-}
 async function fetchAnthropicModels() {
-  const auth = await getAnthropicAuth();
-  if (!auth)
+  const key = process.env.ANTHROPIC_API_KEY;
+  if (!key)
     return null;
-  const headers = {
-    "anthropic-version": "2023-06-01"
-  };
-  if (auth.oauth) {
-    headers.Authorization = `Bearer ${auth.key}`;
-    headers["anthropic-beta"] = "oauth-2025-04-20";
-  } else {
-    headers["x-api-key"] = auth.key;
-  }
-  const payload = await fetchJson(`${ANTHROPIC_BASE}/v1/models`, { headers }, 6000);
+  const payload = await fetchJson(`${ANTHROPIC_BASE}/v1/models`, {
+    headers: {
+      "anthropic-version": "2023-06-01",
+      "x-api-key": key
+    }
+  }, 6000);
   return processModelsList(payload, "data", "id", (item, modelId) => {
     const displayName = typeof item.display_name === "string" && item.display_name.trim().length > 0 ? item.display_name : modelId;
     return {
@@ -1452,10 +1320,8 @@ function hasAnyEnvKey(env, keys) {
 }
 function getRemoteProvidersFromEnv(env) {
   const providers = REMOTE_PROVIDER_ENV_KEYS.filter((entry) => hasAnyEnvKey(env, entry.envKeys)).map((entry) => entry.provider);
-  for (const p of ["anthropic", "openai"]) {
-    if (!providers.includes(p) && isLoggedIn(p)) {
-      providers.push(p);
-    }
+  if (!providers.includes("openai") && isLoggedIn("openai")) {
+    providers.push("openai");
   }
   return providers;
 }
@@ -1660,27 +1526,6 @@ var SUPPORTED_PROVIDERS = [
   "ollama"
 ];
 var ZEN_BASE2 = "https://opencode.ai/zen/v1";
-var OAUTH_STRIP_BETAS = new Set;
-function createOAuthFetch(accessToken) {
-  const oauthFetch = async (input, init) => {
-    let opts = init;
-    if (opts?.headers) {
-      const h = new Headers(opts.headers);
-      const beta = h.get("anthropic-beta");
-      if (beta) {
-        const filtered = beta.split(",").filter((b) => !OAUTH_STRIP_BETAS.has(b)).join(",");
-        h.set("anthropic-beta", filtered);
-      }
-      h.delete("x-api-key");
-      h.set("authorization", `Bearer ${accessToken}`);
-      h.set("user-agent", "claude-cli/2.1.75");
-      h.set("x-app", "cli");
-      opts = { ...opts, headers: Object.fromEntries(h.entries()) };
-    }
-    return fetch(input, opts);
-  };
-  return oauthFetch;
-}
 function requireEnv(name) {
   const value = process.env[name];
   if (!value)
@@ -1815,30 +1660,8 @@ async function resolveOpenAIModel(modelId) {
   return modelId.startsWith("gpt-") ? directProviders.openai().responses(modelId) : directProviders.openai()(modelId);
 }
 var OPENAI_CODEX_BASE_URL = "https://chatgpt.com/backend-api/codex";
-var oauthAnthropicCache = null;
 var oauthOpenAICache = null;
-function createOAuthAnthropicProvider(token) {
-  return createAnthropic({
-    apiKey: "",
-    fetch: createOAuthFetch(token),
-    headers: {
-      "anthropic-beta": "claude-code-20250219,oauth-2025-04-20"
-    }
-  });
-}
 async function resolveAnthropicModel(modelId) {
-  if (isLoggedIn("anthropic")) {
-    const token = await getAccessToken("anthropic");
-    if (token) {
-      if (!oauthAnthropicCache || oauthAnthropicCache.token !== token) {
-        oauthAnthropicCache = {
-          token,
-          provider: createOAuthAnthropicProvider(token)
-        };
-      }
-      return oauthAnthropicCache.provider(modelId);
-    }
-  }
   return directProviders.anthropic()(modelId);
 }
 var PROVIDER_MODEL_RESOLVERS = {
@@ -1863,16 +1686,11 @@ async function resolveModel(modelString) {
   }
   return PROVIDER_MODEL_RESOLVERS[provider](modelId);
 }
-function isAnthropicOAuth() {
-  return isLoggedIn("anthropic");
-}
 function discoverConnectedProviders() {
   const result = [];
   if (process.env.OPENCODE_API_KEY)
     result.push({ name: "zen", via: "env" });
-  if (isLoggedIn("anthropic"))
-    result.push({ name: "anthropic", via: "oauth" });
-  else if (process.env.ANTHROPIC_API_KEY)
+  if (process.env.ANTHROPIC_API_KEY)
     result.push({ name: "anthropic", via: "env" });
   if (isLoggedIn("openai"))
     result.push({ name: "openai", via: "oauth" });
@@ -1887,7 +1705,7 @@ function discoverConnectedProviders() {
 function autoDiscoverModel() {
   if (process.env.OPENCODE_API_KEY)
     return "zen/claude-sonnet-4-6";
-  if (process.env.ANTHROPIC_API_KEY || isLoggedIn("anthropic"))
+  if (process.env.ANTHROPIC_API_KEY)
     return "anthropic/claude-sonnet-4-6";
   if (process.env.OPENAI_API_KEY || isLoggedIn("openai"))
     return "openai/gpt-5.4";
@@ -3061,6 +2879,10 @@ function renderReadSkillResult(result, _opts) {
   if (!r || typeof r !== "object")
     return false;
   if (!r.skill) {
+    if (typeof r.note === "string" && r.note.trim().length > 0) {
+      writeln(`${G.info} ${c4.dim("skill")}  ${c4.dim(r.note.trim())}`);
+      return true;
+    }
     writeln(`${G.info} ${c4.dim("skill")}  ${c4.dim("(not found)")}`);
     return true;
   }
@@ -3068,6 +2890,9 @@ function renderReadSkillResult(result, _opts) {
     label: "skill",
     verboseOutput: _opts?.verboseOutput === true
   });
+  if (typeof r.note === "string" && r.note.trim().length > 0) {
+    writeln(c4.dim(r.note.trim()));
+  }
   return true;
 }
 function renderWebSearchResult(result, opts) {
@@ -5062,11 +4887,34 @@ function getMessageDiagnostics(messages) {
     }
   };
 }
+function collectPrunableToolNames(messages) {
+  const names = new Set;
+  for (const message of messages) {
+    if (!Array.isArray(message.content))
+      continue;
+    for (const part of message.content) {
+      if (!isRecord(part))
+        continue;
+      const partRecord = part;
+      const toolName = partRecord.toolName;
+      if (typeof toolName !== "string" || toolName.length === 0)
+        continue;
+      if (toolName === "readSkill")
+        continue;
+      names.add(toolName);
+    }
+  }
+  return [...names].sort((a, b) => a.localeCompare(b));
+}
+function buildToolCallPruning(messages, type) {
+  const tools = collectPrunableToolNames(messages);
+  return tools.length === 0 ? "none" : [{ type, tools }];
+}
 function applyContextPruning(messages) {
   return pruneMessages({
     messages,
     reasoning: "before-last-message",
-    toolCalls: "before-last-40-messages",
+    toolCalls: buildToolCallPruning(messages, "before-last-40-messages"),
     emptyMessages: "remove"
   });
 }
@@ -5075,7 +4923,7 @@ function applyStepPruning(messages, initialMessageCount) {
   return pruneMessages({
     messages,
     reasoning: "none",
-    toolCalls: `before-last-${40 + newMessageCount}-messages`,
+    toolCalls: buildToolCallPruning(messages, `before-last-${40 + newMessageCount}-messages`),
     emptyMessages: "remove"
   });
 }
@@ -5256,26 +5104,10 @@ function prepareTurnMessages(input) {
       diagnostics: getMessageDiagnostics(compacted)
     });
   }
-  let finalMessages = compacted;
-  let finalSystemPrompt = systemPrompt;
-  if (isAnthropicModelFamily(modelString) && isAnthropicOAuth()) {
-    const ccIdentity = "You are Claude Code, Anthropic's official CLI for Claude.";
-    const systemMessages = [
-      { role: "system", content: ccIdentity }
-    ];
-    if (finalSystemPrompt) {
-      systemMessages.push({
-        role: "system",
-        content: finalSystemPrompt
-      });
-      finalSystemPrompt = undefined;
-    }
-    finalMessages = [...systemMessages, ...finalMessages];
-  }
   const wasPruned = postStats.messageCount < preStats.messageCount;
   return {
-    messages: finalMessages,
-    systemPrompt: finalSystemPrompt,
+    messages: compacted,
+    systemPrompt,
     pruned: wasPruned,
     prePruneMessageCount: preStats.messageCount,
     prePruneTotalBytes: preStats.totalBytes,
@@ -5725,6 +5557,12 @@ Guidelines:
 - Make parallel tool calls when the lookups are independent \u2014 this speeds up multi-file investigation.
 - Before starting work, scan the skills list below. If there is even a small chance a skill applies to your task, load it with \`readSkill\` and follow its instructions before writing code or responding. Skills are mandatory when they match \u2014 not optional references.
 - Keep it simple: DRY, KISS, YAGNI. Avoid unnecessary complexity.
+- Apply Rob Pike's 5 Rules of Programming:
+  1. You can't tell where a program is going to spend its time. Bottlenecks occur in surprising places, so don't try to second guess and put in a speed hack until you've proven that's where the bottleneck is.
+  2. Measure. Don't tune for speed until you've measured, and even then don't unless one part of the code overwhelms the rest.
+  3. Fancy algorithms are slow when n is small, and n is usually small. Fancy algorithms have big constants. Until you know that n is frequently going to be big, don't get fancy. (Even if n does get big, use Rule 2 first.)
+  4. Fancy algorithms are buggier than simple ones, and they're much harder to implement. Use simple algorithms as well as simple data structures.
+  5. Data dominates. If you've chosen the right data structures and organized things well, the algorithms will almost always be self-evident. Data structures, not algorithms, are central to programming.
 
 # File editing with mc-edit
 \`mc-edit\` applies one exact-text replacement per invocation. It fails deterministically if the old text is missing or matches more than once.
@@ -6097,7 +5935,7 @@ var ShellSchema = z3.object({
   timeout: z3.number().int().min(1000).nullable().describe("Timeout in milliseconds. If omitted, the command runs until it exits."),
   env: z3.record(z3.string(), z3.string()).nullable().describe("Additional environment variables to set")
 });
-var MAX_OUTPUT_BYTES = 1e4;
+var MAX_OUTPUT_BYTES = 24000;
 async function runShellCommand(input, options) {
   const cwd = input.cwd ?? process.cwd();
   const timeout = input.timeout ?? undefined;
@@ -6415,51 +6253,8 @@ ${c12.bold("Examples:")}`);
   writeln(`  mc -l                        ${c12.dim("# list sessions")}`);
 }
 
-// src/cli/bootstrap.ts
-import { existsSync as existsSync5, mkdirSync as mkdirSync2, writeFileSync } from "fs";
-import { homedir as homedir6 } from "os";
-import { join as join7 } from "path";
-import * as c13 from "yoctocolors";
-var REVIEW_SKILL_CONTENT = `---
-name: review
-description: "Review recent changes for correctness, code quality, and performance. Use when the user asks to review, check, or audit recent code changes, diffs, or pull requests."
-context: fork
----
-
-Review recent changes and provide actionable feedback.
-
-## Steps
-
-1. Identify the changes to review \u2014 check \`git diff\`, \`git log\`, and staged files.
-2. Read the changed files and understand the intent behind each change.
-3. Evaluate each change against the criteria below.
-4. Output a concise summary with only the issues found. If nothing is wrong, say so.
-
-## Review criteria
-
-- **Correctness** \u2014 Are the changes aligned with their stated goal? Do they introduce bugs or regressions?
-- **Code quality** \u2014 Is there duplicate, dead, or overly complex code? Are abstractions appropriate?
-- **Performance** \u2014 Are there unnecessary allocations, redundant I/O, or algorithmic concerns?
-- **Edge cases** \u2014 Are boundary conditions and error paths handled?
-
-## Guidelines
-
-- Never flag style choices as bugs \u2014 don't be a zealot.
-- Never flag false positives \u2014 verify before raising an issue.
-- Keep feedback actionable: say what's wrong and suggest a fix.
-`;
-function bootstrapGlobalDefaults() {
-  const skillDir = join7(homedir6(), ".agents", "skills", "review");
-  const skillPath = join7(skillDir, "SKILL.md");
-  if (!existsSync5(skillPath)) {
-    mkdirSync2(skillDir, { recursive: true });
-    writeFileSync(skillPath, REVIEW_SKILL_CONTENT, "utf-8");
-    writeln(`${c13.green("\u2713")} created ${c13.dim("~/.agents/skills/review/SKILL.md")} ${c13.dim("(edit it to customise your reviews)")}`);
-  }
-}
-
 // src/cli/file-refs.ts
-import { join as join8 } from "path";
+import { join as join7 } from "path";
 async function resolveFileRefs(text, cwd) {
   const atPattern = /@([\w./\-_]+)/g;
   let result = text;
@@ -6469,7 +6264,7 @@ async function resolveFileRefs(text, cwd) {
     const ref = match[1];
     if (!ref)
       continue;
-    const filePath = ref.startsWith("/") ? ref : join8(cwd, ref);
+    const filePath = ref.startsWith("/") ? ref : join7(cwd, ref);
     if (isImageFilename(ref)) {
       const attachment = await loadImageFile(filePath);
       if (attachment) {
@@ -6491,25 +6286,25 @@ ${content}
 }
 
 // src/cli/input-loop.ts
-import * as c20 from "yoctocolors";
+import * as c19 from "yoctocolors";
 
 // src/cli/commands.ts
 import { randomBytes } from "crypto";
-import { unlinkSync as unlinkSync2, writeFileSync as writeFileSync2 } from "fs";
+import { unlinkSync, writeFileSync } from "fs";
 import { tmpdir } from "os";
-import { join as join9 } from "path";
-import * as c19 from "yoctocolors";
+import { join as join8 } from "path";
+import * as c18 from "yoctocolors";
 
 // src/cli/commands-help.ts
-import * as c14 from "yoctocolors";
+import * as c13 from "yoctocolors";
 function renderEntries(entries) {
   for (const [label, description] of entries) {
-    writeln(`  ${c14.cyan(label.padEnd(28))} ${c14.dim(description)}`);
+    writeln(`  ${c13.cyan(label.padEnd(28))} ${c13.dim(description)}`);
   }
 }
 function renderHelpCommand(ctx) {
   writeln();
-  writeln(`  ${c14.dim("session")}`);
+  writeln(`  ${c13.dim("session")}`);
   renderEntries([
     ["/session [id]", "list sessions or switch to one"],
     ["/new", "start a fresh session"],
@@ -6517,7 +6312,7 @@ function renderHelpCommand(ctx) {
     ["/exit", "quit"]
   ]);
   writeln();
-  writeln(`  ${c14.dim("model + context")}`);
+  writeln(`  ${c13.dim("model + context")}`);
   renderEntries([
     ["/model [id]", "list or switch models"],
     ["/reasoning [on|off]", "toggle reasoning display"],
@@ -6525,12 +6320,12 @@ function renderHelpCommand(ctx) {
     ["/mcp list", "list MCP servers"],
     ["/mcp add <n> <t> [u]", "add an MCP server"],
     ["/mcp remove <name>", "remove an MCP server"],
-    ["/login [provider]", "login via OAuth (e.g. anthropic)"],
+    ["/login [provider]", "login via OAuth (e.g. openai)"],
     ["/logout <provider>", "clear OAuth tokens"],
     ["/help", "show this help"]
   ]);
   writeln();
-  writeln(`  ${c14.dim("prompt")}`);
+  writeln(`  ${c13.dim("prompt")}`);
   renderEntries([
     ["ask normally", "send a prompt to the current agent"],
     ["!cmd", "run a shell command and keep the result in context"],
@@ -6540,44 +6335,44 @@ function renderHelpCommand(ctx) {
   const skills = loadSkillsIndex(ctx.cwd);
   if (skills.size > 0) {
     writeln();
-    writeln(`  ${c14.dim("skills")}`);
+    writeln(`  ${c13.dim("skills")}`);
     for (const skill of skills.values()) {
-      const source = skill.source === "local" ? c14.dim("local") : c14.dim("global");
+      const source = skill.source === "local" ? c13.dim("local") : c13.dim("global");
       const desc = truncateText(skill.description, 80);
-      writeln(`  ${c14.green(`/${skill.name}`.padEnd(28))} ${c14.dim(desc)} ${c14.dim("\xB7")} ${source}`);
+      writeln(`  ${c13.green(`/${skill.name}`.padEnd(28))} ${c13.dim(desc)} ${c13.dim("\xB7")} ${source}`);
     }
   }
   writeln();
-  writeln(`  ${c14.dim("keys")}  ${c14.dim("esc")} cancel response  ${c14.dim("\xB7")}  ${c14.dim("ctrl+c / ctrl+d")} exit  ${c14.dim("\xB7")}  ${c14.dim("ctrl+r")} history search  ${c14.dim("\xB7")}  ${c14.dim("\u2191\u2193")} history`);
+  writeln(`  ${c13.dim("keys")}  ${c13.dim("esc")} cancel response  ${c13.dim("\xB7")}  ${c13.dim("ctrl+c / ctrl+d")} exit  ${c13.dim("\xB7")}  ${c13.dim("ctrl+r")} history search  ${c13.dim("\xB7")}  ${c13.dim("\u2191\u2193")} history`);
   writeln();
 }
 
 // src/cli/commands-login.ts
-import * as c15 from "yoctocolors";
+import * as c14 from "yoctocolors";
 function renderLoginHelp() {
   writeln();
-  writeln(`  ${c15.dim("usage:")}`);
-  writeln(`    /login                 ${c15.dim("show login status")}`);
-  writeln(`    /login <provider>      ${c15.dim("login via OAuth")}`);
-  writeln(`    /logout <provider>     ${c15.dim("clear saved tokens")}`);
+  writeln(`  ${c14.dim("usage:")}`);
+  writeln(`    /login                 ${c14.dim("show login status")}`);
+  writeln(`    /login <provider>      ${c14.dim("login via OAuth")}`);
+  writeln(`    /logout <provider>     ${c14.dim("clear saved tokens")}`);
   writeln();
-  writeln(`  ${c15.dim("providers:")}`);
+  writeln(`  ${c14.dim("providers:")}`);
   for (const p of getOAuthProviders()) {
-    const status = isLoggedIn(p.id) ? c15.green("logged in") : c15.dim("not logged in");
-    writeln(`    ${c15.cyan(p.id.padEnd(20))} ${p.name} ${c15.dim("\xB7")} ${status}`);
+    const status = isLoggedIn(p.id) ? c14.green("logged in") : c14.dim("not logged in");
+    writeln(`    ${c14.cyan(p.id.padEnd(20))} ${p.name} ${c14.dim("\xB7")} ${status}`);
   }
   writeln();
 }
 function renderStatus() {
   const loggedIn = listLoggedInProviders();
   if (loggedIn.length === 0) {
-    writeln(`${PREFIX.info} ${c15.dim("no OAuth logins \u2014 use")} /login <provider>`);
+    writeln(`${PREFIX.info} ${c14.dim("no OAuth logins \u2014 use")} /login <provider>`);
     return;
   }
   for (const id of loggedIn) {
     const provider = getOAuthProvider(id);
     const name = provider?.name ?? id;
-    writeln(`${PREFIX.success} ${c15.cyan(id)} ${c15.dim(name)}`);
+    writeln(`${PREFIX.success} ${c14.cyan(id)} ${c14.dim(name)}`);
   }
 }
 async function handleLoginCommand(ctx, args) {
@@ -6598,7 +6393,7 @@ async function handleLoginCommand(ctx, args) {
   if (isLoggedIn(providerId)) {
     const token = await getAccessToken(providerId);
     if (token) {
-      writeln(`${PREFIX.success} already logged in to ${c15.cyan(provider.name)}`);
+      writeln(`${PREFIX.success} already logged in to ${c14.cyan(provider.name)}`);
       return;
     }
   }
@@ -6609,7 +6404,7 @@ async function handleLoginCommand(ctx, args) {
         ctx.stopSpinner();
         writeln(`${PREFIX.info} ${instructions}`);
         writeln();
-        writeln(`  ${c15.cyan(url)}`);
+        writeln(`  ${c14.cyan(url)}`);
         writeln();
         let open = "xdg-open";
         if (process.platform === "darwin")
@@ -6621,12 +6416,12 @@ async function handleLoginCommand(ctx, args) {
       },
       onProgress: (msg) => {
         ctx.stopSpinner();
-        writeln(`${PREFIX.info} ${c15.dim(msg)}`);
+        writeln(`${PREFIX.info} ${c14.dim(msg)}`);
         ctx.startSpinner("exchanging tokens");
       }
     });
     ctx.stopSpinner();
-    writeln(`${PREFIX.success} logged in to ${c15.cyan(provider.name)}`);
+    writeln(`${PREFIX.success} logged in to ${c14.cyan(provider.name)}`);
   } catch (err) {
     ctx.stopSpinner();
     writeln(`${PREFIX.error} login failed: ${err.message}`);
@@ -6638,16 +6433,21 @@ function handleLogoutCommand(_ctx, args) {
     writeln(`${PREFIX.error} usage: /logout <provider>`);
     return;
   }
+  const provider = getOAuthProvider(providerId);
+  if (!provider) {
+    writeln(`${PREFIX.error} unknown provider "${providerId}" \u2014 available: ${getOAuthProviders().map((p) => p.id).join(", ")}`);
+    return;
+  }
   if (!isLoggedIn(providerId)) {
-    writeln(`${PREFIX.info} ${c15.dim("not logged in to")} ${providerId}`);
+    writeln(`${PREFIX.info} ${c14.dim("not logged in to")} ${providerId}`);
     return;
   }
   logout(providerId);
-  writeln(`${PREFIX.success} logged out of ${c15.cyan(providerId)}`);
+  writeln(`${PREFIX.success} logged out of ${c14.cyan(provider.id)}`);
 }
 
 // src/cli/commands-mcp.ts
-import * as c16 from "yoctocolors";
+import * as c15 from "yoctocolors";
 async function handleMcpCommand(ctx, args) {
   const parts = args.trim().split(/\s+/);
   const sub = parts[0] ?? "list";
@@ -6655,15 +6455,15 @@ async function handleMcpCommand(ctx, args) {
     case "list": {
       const servers = listMcpServers();
       if (servers.length === 0) {
-        writeln(c16.dim("  no MCP servers configured"));
-        writeln(c16.dim("  /mcp add <name> http <url>  \xB7  /mcp add <name> stdio <cmd> [args...]"));
+        writeln(c15.dim("  no MCP servers configured"));
+        writeln(c15.dim("  /mcp add <name> http <url>  \xB7  /mcp add <name> stdio <cmd> [args...]"));
         return;
       }
       writeln();
       for (const s of servers) {
         const detailText = s.url ?? s.command ?? "";
-        const detail = detailText ? c16.dim(`  ${detailText}`) : "";
-        writeln(`  ${c16.yellow("\u2699")} ${c16.bold(s.name)}  ${c16.dim(s.transport)}${detail}`);
+        const detail = detailText ? c15.dim(`  ${detailText}`) : "";
+        writeln(`  ${c15.yellow("\u2699")} ${c15.bold(s.name)}  ${c15.dim(s.transport)}${detail}`);
       }
       return;
     }
@@ -6708,9 +6508,9 @@ async function handleMcpCommand(ctx, args) {
       }
       try {
         await ctx.connectMcpServer(name);
-        writeln(`${PREFIX.success} mcp server ${c16.cyan(name)} added and connected`);
+        writeln(`${PREFIX.success} mcp server ${c15.cyan(name)} added and connected`);
       } catch (e) {
-        writeln(`${PREFIX.success} mcp server ${c16.cyan(name)} saved  ${c16.dim(`(connection failed: ${String(e)})`)}`);
+        writeln(`${PREFIX.success} mcp server ${c15.cyan(name)} saved  ${c15.dim(`(connection failed: ${String(e)})`)}`);
       }
       return;
     }
@@ -6722,17 +6522,17 @@ async function handleMcpCommand(ctx, args) {
         return;
       }
       deleteMcpServer(name);
-      writeln(`${PREFIX.success} mcp server ${c16.cyan(name)} removed`);
+      writeln(`${PREFIX.success} mcp server ${c15.cyan(name)} removed`);
       return;
     }
     default:
       writeln(`${PREFIX.error} unknown: /mcp ${sub}`);
-      writeln(c16.dim("  subcommands: list \xB7 add \xB7 remove"));
+      writeln(c15.dim("  subcommands: list \xB7 add \xB7 remove"));
   }
 }
 
 // src/cli/commands-model.ts
-import * as c17 from "yoctocolors";
+import * as c16 from "yoctocolors";
 import { select } from "yoctoselect";
 var THINKING_EFFORTS = ["low", "medium", "high", "xhigh"];
 function parseThinkingEffort(value) {
@@ -6752,21 +6552,21 @@ function renderModelUpdatedMessage(ctx, modelId, effortArg) {
   if (effortArg) {
     if (effortArg === "off") {
       ctx.setThinkingEffort(null);
-      writeln(`${PREFIX.success} model \u2192 ${c17.cyan(modelId)} ${c17.dim("(thinking disabled)")}`);
+      writeln(`${PREFIX.success} model \u2192 ${c16.cyan(modelId)} ${c16.dim("(thinking disabled)")}`);
       return;
     }
     const effort = parseThinkingEffort(effortArg);
     if (effort) {
       ctx.setThinkingEffort(effort);
-      writeln(`${PREFIX.success} model \u2192 ${c17.cyan(modelId)} ${c17.dim(`(\u2726 ${effort})`)}`);
+      writeln(`${PREFIX.success} model \u2192 ${c16.cyan(modelId)} ${c16.dim(`(\u2726 ${effort})`)}`);
       return;
     }
-    writeln(`${PREFIX.success} model \u2192 ${c17.cyan(modelId)}`);
-    writeln(`${PREFIX.error} unknown effort level ${c17.cyan(effortArg)} (use low, medium, high, xhigh, off)`);
+    writeln(`${PREFIX.success} model \u2192 ${c16.cyan(modelId)}`);
+    writeln(`${PREFIX.error} unknown effort level ${c16.cyan(effortArg)} (use low, medium, high, xhigh, off)`);
     return;
   }
-  const effortTag = ctx.thinkingEffort ? c17.dim(` (\u2726 ${ctx.thinkingEffort})`) : "";
-  writeln(`${PREFIX.success} model \u2192 ${c17.cyan(modelId)}${effortTag}`);
+  const effortTag = ctx.thinkingEffort ? c16.dim(` (\u2726 ${ctx.thinkingEffort})`) : "";
+  writeln(`${PREFIX.success} model \u2192 ${c16.cyan(modelId)}${effortTag}`);
 }
 async function handleModelSet(ctx, args) {
   const parts = args.trim().split(/\s+/).filter(Boolean);
@@ -6779,7 +6579,7 @@ async function handleModelSet(ctx, args) {
     const snapshot = await fetchAvailableModels();
     const match = findModelIdByAlias(idArg, snapshot.models.map((model) => model.id));
     if (!match) {
-      writeln(`${PREFIX.error} unknown model ${c17.cyan(idArg)}  ${c17.dim("\u2014 run /models for the full list")}`);
+      writeln(`${PREFIX.error} unknown model ${c16.cyan(idArg)}  ${c16.dim("\u2014 run /models for the full list")}`);
       return;
     }
     modelId = match;
@@ -6799,7 +6599,7 @@ function handleModelEffort(ctx, effortArg) {
     return;
   }
   ctx.setThinkingEffort(effort);
-  writeln(`${PREFIX.success} thinking effort \u2192 ${c17.cyan(effort)}`);
+  writeln(`${PREFIX.success} thinking effort \u2192 ${c16.cyan(effort)}`);
 }
 async function handleModelSelect(ctx) {
   ctx.startSpinner("fetching models");
@@ -6807,20 +6607,20 @@ async function handleModelSelect(ctx) {
   ctx.stopSpinner();
   if (snapshot.models.length === 0) {
     writeln(`${PREFIX.error} No models found. Check your API keys or Ollama connection.`);
-    writeln(c17.dim("  Set OPENCODE_API_KEY for Zen, or start Ollama for local models."));
+    writeln(c16.dim("  Set OPENCODE_API_KEY for Zen, or start Ollama for local models."));
     return;
   }
   if (snapshot.stale) {
     const lastSync = snapshot.lastSyncAt ? new Date(snapshot.lastSyncAt).toLocaleString() : "never";
     const refreshTag = snapshot.refreshing ? " (refreshing in background)" : "";
-    writeln(c17.dim(`  model metadata is stale (last sync: ${lastSync})${refreshTag}`));
+    writeln(c16.dim(`  model metadata is stale (last sync: ${lastSync})${refreshTag}`));
   }
   const items = snapshot.models.map((model) => {
     const isCurrent = ctx.currentModel === model.id;
-    const freeTag = model.free ? c17.green(" free") : "";
-    const contextTag = model.context ? c17.dim(` ${Math.round(model.context / 1000)}k`) : "";
-    const currentTag = isCurrent ? c17.cyan(" \u25C0") : "";
-    const providerTag = c17.dim(` [${model.provider}]`);
+    const freeTag = model.free ? c16.green(" free") : "";
+    const contextTag = model.context ? c16.dim(` ${Math.round(model.context / 1000)}k`) : "";
+    const currentTag = isCurrent ? c16.cyan(" \u25C0") : "";
+    const providerTag = c16.dim(` [${model.provider}]`);
     return {
       label: `${model.displayName}${freeTag}${contextTag}${currentTag}${providerTag}`,
       value: model.id,
@@ -6853,7 +6653,7 @@ async function handleModelCommand(ctx, args) {
 }
 
 // src/cli/commands-session.ts
-import * as c18 from "yoctocolors";
+import * as c17 from "yoctocolors";
 import { select as select2 } from "yoctoselect";
 async function handleSessionCommand(ctx, args) {
   const id = args.trim();
@@ -6862,15 +6662,15 @@ async function handleSessionCommand(ctx, args) {
     const ok2 = ctx.switchSession(id);
     ctx.stopSpinner();
     if (ok2) {
-      writeln(`${PREFIX.success} switched to session ${c18.cyan(id)} (${c18.cyan(ctx.currentModel)})`);
+      writeln(`${PREFIX.success} switched to session ${c17.cyan(id)} (${c17.cyan(ctx.currentModel)})`);
     } else {
-      writeln(`${PREFIX.error} session ${c18.cyan(id)} not found`);
+      writeln(`${PREFIX.error} session ${c17.cyan(id)} not found`);
     }
     return;
   }
   const sessions = listSessions(50);
   if (sessions.length === 0) {
-    writeln(`${PREFIX.info} ${c18.dim("no sessions found")}`);
+    writeln(`${PREFIX.info} ${c17.dim("no sessions found")}`);
     return;
   }
   const items = sessions.map((s) => {
@@ -6879,7 +6679,7 @@ async function handleSessionCommand(ctx, args) {
     const cwd = tildePath(s.cwd);
     const date = new Date(s.updated_at).toLocaleDateString();
     return {
-      label: `${c18.dim(s.id)}  ${title}  ${c18.cyan(model)}  ${c18.dim(cwd)}  ${c18.dim(date)}`,
+      label: `${c17.dim(s.id)}  ${title}  ${c17.cyan(model)}  ${c17.dim(cwd)}  ${c17.dim(date)}`,
       value: s.id,
       filterText: `${s.id} ${s.title} ${s.model} ${s.cwd}`
     };
@@ -6895,9 +6695,9 @@ async function handleSessionCommand(ctx, args) {
     return;
   const ok = ctx.switchSession(picked);
   if (ok) {
-    writeln(`${PREFIX.success} switched to session ${c18.cyan(picked)} (${c18.cyan(ctx.currentModel)})`);
+    writeln(`${PREFIX.success} switched to session ${c17.cyan(picked)} (${c17.cyan(ctx.currentModel)})`);
   } else {
-    writeln(`${PREFIX.error} session ${c18.cyan(picked)} not found`);
+    writeln(`${PREFIX.error} session ${c17.cyan(picked)} not found`);
   }
 }
 
@@ -6907,9 +6707,9 @@ async function handleUndo(ctx) {
   try {
     const ok = await ctx.undoLastTurn();
     if (ok) {
-      writeln(`${PREFIX.success} ${c19.dim("last conversation turn removed")}`);
+      writeln(`${PREFIX.success} ${c18.dim("last conversation turn removed")}`);
     } else {
-      writeln(`${PREFIX.info} ${c19.dim("nothing to undo")}`);
+      writeln(`${PREFIX.info} ${c18.dim("nothing to undo")}`);
     }
   } finally {
     ctx.stopSpinner();
@@ -6967,7 +6767,7 @@ async function handleCommand(command, args, ctx) {
         if (loaded2) {
           const srcPath = skill.source === "local" ? `.agents/skills/${skill.name}/SKILL.md` : `~/.agents/skills/${skill.name}/SKILL.md`;
           if (skill.context === "fork") {
-            writeln(`${PREFIX.info} ${c19.cyan(skill.name)} ${c19.dim(`[${srcPath}] (forked subagent)`)}`);
+            writeln(`${PREFIX.info} ${c18.cyan(skill.name)} ${c18.dim(`[${srcPath}] (forked subagent)`)}`);
             writeln();
             const subagentPrompt = args ? `${loaded2.content}
 
@@ -6975,7 +6775,7 @@ ${args}` : loaded2.content;
             const result = await runForkedSkill(skill.name, subagentPrompt, ctx.cwd);
             return { type: "inject-user-message", text: result };
           }
-          writeln(`${PREFIX.info} ${c19.cyan(skill.name)} ${c19.dim(`[${srcPath}]`)}`);
+          writeln(`${PREFIX.info} ${c18.cyan(skill.name)} ${c18.dim(`[${srcPath}]`)}`);
           writeln();
           const prompt = args ? `${loaded2.content}
 
@@ -6983,16 +6783,16 @@ ${args}` : loaded2.content;
           return { type: "inject-user-message", text: prompt };
         }
       }
-      writeln(`${PREFIX.error} unknown: /${command}  ${c19.dim("\u2014 /help for commands")}`);
+      writeln(`${PREFIX.error} unknown: /${command}  ${c18.dim("\u2014 /help for commands")}`);
       return { type: "unknown", command };
     }
   }
 }
 async function runForkedSkill(skillName, prompt, cwd) {
-  const tmpFile = join9(tmpdir(), `mc-fork-${randomBytes(8).toString("hex")}.md`);
-  writeFileSync2(tmpFile, prompt, "utf8");
+  const tmpFile = join8(tmpdir(), `mc-fork-${randomBytes(8).toString("hex")}.md`);
+  writeFileSync(tmpFile, prompt, "utf8");
   try {
-    writeln(`${PREFIX.info} ${c19.dim("running subagent\u2026")}`);
+    writeln(`${PREFIX.info} ${c18.dim("running subagent\u2026")}`);
     const proc = Bun.spawn([process.execPath, Bun.main], {
       cwd,
       stdin: Bun.file(tmpFile),
@@ -7017,24 +6817,24 @@ ${stderr.trim()}`;
 ${output}`;
   } finally {
     try {
-      unlinkSync2(tmpFile);
+      unlinkSync(tmpFile);
     } catch {}
   }
 }
 function handleBooleanToggleCommand(opts) {
   const mode = opts.args.trim().toLowerCase();
   if (!mode) {
-    writeln(`${PREFIX.success} ${opts.label} ${opts.current ? c19.green("on") : c19.dim("off")}`);
+    writeln(`${PREFIX.success} ${opts.label} ${opts.current ? c18.green("on") : c18.dim("off")}`);
     return;
   }
   if (mode === "on") {
     opts.set(true);
-    writeln(`${PREFIX.success} ${opts.label} ${c19.green("on")}`);
+    writeln(`${PREFIX.success} ${opts.label} ${c18.green("on")}`);
     return;
   }
   if (mode === "off") {
     opts.set(false);
-    writeln(`${PREFIX.success} ${opts.label} ${c19.dim("off")}`);
+    writeln(`${PREFIX.success} ${opts.label} ${c18.dim("off")}`);
     return;
   }
   writeln(`${PREFIX.error} usage: ${opts.usage}`);
@@ -7118,14 +6918,14 @@ async function runInputLoop(opts) {
     }
     switch (input.type) {
       case "eof":
-        reporter.writeText(c20.dim("Goodbye."));
+        reporter.writeText(c19.dim("Goodbye."));
         return;
       case "interrupt":
         continue;
       case "command": {
         const result = await handleCommand(input.command, input.args, cmdCtx);
         if (result.type === "exit") {
-          reporter.writeText(c20.dim("Goodbye."));
+          reporter.writeText(c19.dim("Goodbye."));
           return;
         }
         if (result.type === "inject-user-message") {
@@ -7232,13 +7032,12 @@ async function main() {
     if (last) {
       sessionId = last.id;
     } else {
-      writeln(c21.dim("No previous session found, starting fresh."));
+      writeln(c20.dim("No previous session found, starting fresh."));
     }
   } else if (args.sessionId) {
     sessionId = args.sessionId;
   }
   const model = args.model ?? getPreferredModel() ?? autoDiscoverModel();
-  bootstrapGlobalDefaults();
   if (!prompt) {
     renderBanner(model, args.cwd);
   }

package/docs/KNOWN_ISSUES.md

@@ -4,6 +4,7 @@
 
 - AI SDK expands `claude-3-5-haiku` → dated variant that Zen doesn't serve (404).
 - Shell tool: model can `tmux kill-session` the host tmux session if names collide (e.g. audit skill creates session named "audit" matching the user's). Not a code bug — the skill/model just picks a conflicting name. Mitigate via skill wording or session name prefixing.
+- Shell tool output truncation only stops reading stdout/stderr; it does not terminate the underlying process yet. Commands that emit a lot of output and then keep running can still block until they exit or hit timeout.
 
 ## Features
 

package/docs/design-decisions.md

@@ -20,7 +20,7 @@ A coding agent runs dozens of shell commands per task. Requiring approval for ea
 
 ### Isolation is a separate concern
 
-Sandboxing is a real need, but it belongs at the OS/container level — not inside the agent. Tools like [nono](https://nono.sh/) provide proper filesystem and network isolation that the LLM cannot circumvent. This is defense in depth done right: the agent runs unrestricted inside a sandbox that enforces actual boundaries.
+Sandboxing is a real need, but it belongs at the OS/container level — not inside the agent. Tools like [Anthropic Sandbox Runtime (`srt`)](https://github.com/anthropic-experimental/sandbox-runtime) and [nono](https://nono.sh/) provide proper filesystem and network isolation that the LLM cannot circumvent. This is defense in depth done right: the agent runs unrestricted inside a sandbox that enforces actual boundaries.
 
 ### Our approach
 

package/docs/mini-coder.1.md

@@ -73,14 +73,11 @@ _prompt_
 `/mcp remove` _name_
 : Remove MCP server.
 
-`/review`
-: Review recent changes (global skill, auto-created at first run).
-
 `/login`
 : Show OAuth login status.
 
 `/login` _provider_
-: Login via OAuth (opens browser for device flow). Currently supports `anthropic` and `openai` (`openai` uses the Codex / ChatGPT Plus/Pro flow).
+: Login via OAuth (opens browser for device flow). Currently supports `openai`.
 
 `/logout` _provider_
 : Clear saved OAuth tokens.
@@ -169,15 +166,13 @@ Skills are reusable instruction files at `.agents/skills/<name>/SKILL.md`.
 `description`
 : Help text.
 
-Skills are never auto-loaded. Load explicitly:
+Skills are auto discovered. To load explicitly:
 
 - `/skill-name` in prompts (injects body as a user message).
 - **listSkills** / **readSkill** tools at runtime.
 
 Local discovery walks up from cwd to the git worktree root.
 
-A default **review** skill is created at `~/.agents/skills/review/SKILL.md` on first run if it doesn't exist. It can be customized or shadowed locally.
-
 ## CONFIGURATION
 
 Config roots: `.agents/`, `.claude/` — local (repo) or global (`~/`).
@@ -216,7 +211,7 @@ Config roots: `.agents/`, `.claude/` — local (repo) or global (`~/`).
 ## FILES
 
 `~/.config/mini-coder/`
-: App data directory (sessions.db, api.log, errors.log).
+: App data directory (sessions.db, with tables for error and other logs).
 
 `.agents/` or `.claude/`
 : Config directories for skills and context files.

package/docs/superpowers/plans/2026-03-30-anthropic-oauth-removal.md

@@ -0,0 +1,61 @@
+# Anthropic OAuth Removal Implementation Plan
+
+> **For agentic workers:** REQUIRED SUB-SKILL: Use superpowers:subagent-driven-development (recommended) or superpowers:executing-plans to implement this plan task-by-task. Steps use checkbox (`- [ ]`) syntax for tracking.
+
+**Goal:** Remove Claude Code subscription OAuth support without affecting Anthropic API-key access or Zen Claude models.
+
+**Architecture:** Delete the Anthropic OAuth provider registration and stop consulting Anthropic OAuth state in discovery/model-info paths. Preserve all direct `ANTHROPIC_API_KEY` behavior and Anthropic-family handling needed by Zen and direct API use.
+
+**Tech Stack:** Bun, TypeScript, bun:test, SQLite-backed auth storage, AI SDK providers.
+
+---
+
+### Task 1: Track the work and lock the user-facing contract
+
+**Files:**
+
+- Modify: `TODO.md`
+- Reference: `docs/superpowers/specs/2026-03-30-anthropic-oauth-removal-design.md`
+
+- [ ] **Step 1: Update TODO.md with active work item**
+- [ ] **Step 2: Keep TODO.md current as tasks complete**
+
+### Task 2: Write failing tests for Anthropic OAuth removal
+
+**Files:**
+
+- Modify: `src/llm-api/providers-resolve.test.ts`
+- Modify: `src/llm-api/model-info.test.ts`
+- Create: `src/session/oauth/auth-storage.test.ts`
+
+- [ ] **Step 1: Add a test asserting OAuth providers list only OpenAI**
+- [ ] **Step 2: Add tests asserting Anthropic discovery requires `ANTHROPIC_API_KEY`**
+- [ ] **Step 3: Run focused tests to verify they fail for the expected reason**
+
+### Task 3: Remove Anthropic OAuth registration and discovery usage
+
+**Files:**
+
+- Delete: `src/session/oauth/anthropic.ts`
+- Modify: `src/session/oauth/auth-storage.ts`
+- Modify: `src/llm-api/providers.ts`
+- Modify: `src/llm-api/model-info.ts`
+- Modify: `src/llm-api/model-info-fetch.ts`
+
+- [ ] **Step 1: Remove the Anthropic OAuth provider from auth storage**
+- [ ] **Step 2: Remove Anthropic OAuth-based provider discovery/autodiscovery**
+- [ ] **Step 3: Remove Anthropic OAuth-based model list fetching**
+- [ ] **Step 4: Run the focused tests and make them pass**
+
+### Task 4: Update CLI/docs and finish verification
+
+**Files:**
+
+- Modify: `src/cli/commands-help.ts`
+- Modify: `docs/mini-coder.1.md`
+- Modify: `TODO.md`
+
+- [ ] **Step 1: Remove Anthropic OAuth mentions from help/manpage**
+- [ ] **Step 2: Run formatting if needed**
+- [ ] **Step 3: Run focused tests, then broader verification commands**
+- [ ] **Step 4: Clear the completed TODO item**

package/docs/superpowers/specs/2026-03-30-anthropic-oauth-removal-design.md

@@ -0,0 +1,47 @@
+# Anthropic OAuth Removal Design
+
+## Goal
+
+Remove Claude Code subscription OAuth support from mini-coder while preserving:
+
+- direct Anthropic API key support via `ANTHROPIC_API_KEY`
+- Anthropic-family models served through Opencode Zen (`zen/claude-*`)
+
+## Approved behavior
+
+- `anthropic` is removed completely from the user-facing OAuth surface.
+- `/login anthropic` is no longer supported and behaves like any unknown provider.
+- `/logout anthropic` is no longer documented or advertised as a supported path.
+- Existing saved Anthropic OAuth rows in SQLite are ignored; no migration or cleanup is required.
+- Anthropic remains available through `ANTHROPIC_API_KEY`.
+- Zen-backed Claude models remain available and unchanged.
+
+## Approach
+
+Use a narrow OAuth-only removal:
+
+1. Remove the Anthropic OAuth provider module and provider registration.
+2. Stop consulting Anthropic OAuth state during provider discovery and model-info refresh visibility.
+3. Keep direct Anthropic provider resolution via `ANTHROPIC_API_KEY`.
+4. Keep Anthropic-family request handling and Zen backend routing unchanged.
+5. Update tests and docs to match the new OAuth surface.
+
+## Files in scope
+
+- `src/session/oauth/anthropic.ts` — delete
+- `src/session/oauth/auth-storage.ts` — unregister Anthropic OAuth
+- `src/llm-api/providers.ts` — stop treating Anthropic OAuth as connected
+- `src/llm-api/model-info.ts` — stop treating Anthropic OAuth as a refresh/visibility source
+- `src/llm-api/model-info-fetch.ts` — stop fetching Anthropic models via OAuth tokens
+- `src/cli/commands-help.ts` — remove Anthropic OAuth example text
+- `docs/mini-coder.1.md` — document OpenAI-only OAuth support
+- tests around provider discovery/model info — update to be deterministic and Anthropic-OAuth-free
+
+## Risks and mitigations
+
+- Risk: accidentally breaking direct Anthropic API-key support.
+  - Mitigation: keep direct provider resolver and add/update tests that verify `ANTHROPIC_API_KEY` still wins.
+- Risk: accidentally breaking Zen Claude behavior.
+  - Mitigation: avoid touching Anthropic-family routing/caching code used for Zen.
+- Risk: stale Anthropic OAuth tokens still affecting behavior.
+  - Mitigation: remove all Anthropic OAuth checks from discovery and model fetching paths.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mini-coder",
-  "version": "0.3.0",
+  "version": "0.3.1",
   "description": "A small, fast CLI coding agent",
   "module": "src/index.ts",
   "type": "module",