opencodekit 0.21.4 → 0.21.6

package/dist/template/.opencode/command/status.md

@@ -40,11 +40,12 @@ skill({ name: "beads" });
 
 ## Available Tools
 
-| Tool            | Use When              |
-| --------------- | --------------------- |
-| `br`            | Task status and stats |
-| `git`           | Git state and history |
-| `find_sessions` | Recent sessions       |
+| Tool            | Use When                                        |
+| --------------- | ----------------------------------------------- |
+| `br`            | Task status and stats                           |
+| `git`           | Git state and history                           |
+| `find_sessions` | Recent sessions                                 |
+| `portless`      | Optional read-only local URL state if installed |
 
 ## Phase 1: Gather State (Parallel)
 
@@ -62,6 +63,14 @@ git branch --show-current
 git log --oneline -5
 ```
 
+Optionally include Portless local URL state only if the binary is already installed:
+
+```bash
+if command -v portless >/dev/null 2>&1; then portless list; fi
+```
+
+Do not install Portless, start/stop proxies, trust CAs, sync hosts, prune/clean state, or expose LAN services from `/status`.
+
 ```typescript
 find_sessions({ query: "<project-name or recent-bead-keywords>", limit: 5 });
 ```

package/dist/template/.opencode/command/ui-review.md

@@ -13,6 +13,7 @@ model: proxypal/gemini-3-pro-preview
 skill({ name: "visual-analysis" }); // Analysis framework
 skill({ name: "accessibility-audit" }); // WCAG checklists
 skill({ name: "frontend-design" }); // Anti-patterns, design quality
+skill({ name: "ux-quality-gates" }); // IA, heuristics, forms, recovery, state coverage
 ```
 
 ## Input
@@ -33,31 +34,50 @@ Use the `visual-analysis` skill to perform deep analysis:
 - Visual properties (colors, typography, spacing, layout)
 - Design patterns and potential issues
 
-### 2. Score Categories
+### 2. Usability Heuristic Pass
 
-Rate each 1-10 with brief justification:
+Apply `ux-quality-gates` before visual scoring. Check:
+
+- System status is visible for async or multi-step work
+- Labels and navigation use user vocabulary, not implementation terms
+- Users can cancel, undo, go back, retry, or recover from failure
+- Controls, names, and layouts are consistent across the surface
+- Dangerous or invalid actions are prevented before they happen
+- Options and relationships are visible without relying on memory
+- High-volume workflows expose efficient paths where appropriate
+- Empty/loading/error/success states are present and useful
+
+Any failure that blocks task completion or recovery is **Critical**, even if the screen looks polished.
 
-| Category               | What to Evaluate                                               |
-| ---------------------- | -------------------------------------------------------------- |
-| **Typography**         | Hierarchy, readability, weight contrast, intentional choices   |
-| **Color**              | Palette cohesion, contrast, semantic usage, no AI slop         |
-| **Layout & Spacing**   | Visual hierarchy, consistency, alignment, white space          |
-| **Interactive States** | Hover, focus, active, disabled, loading coverage               |
-| **Accessibility**      | WCAG AA compliance (use `accessibility-audit` skill checklist) |
-| **Visual Polish**      | Consistency, attention to detail, motion, shadows, icons       |
+### 3. Score Categories
+
+Rate each 1-10 with brief justification:
 
-### 3. Conditional Reviews
+| Category                          | What to Evaluate                                               |
+| --------------------------------- | -------------------------------------------------------------- |
+| **Information Architecture**      | User vocabulary, scope clarity, relationships, navigation      |
+| **Task Flow & Recovery**          | Primary action, cancellation, undo/retry, error recovery       |
+| **Forms & Data Interaction**      | Labels, helper text, validation, selection, bulk actions       |
+| **Typography**                    | Hierarchy, readability, weight contrast, intentional choices   |
+| **Color**                         | Palette cohesion, contrast, semantic usage, no AI slop         |
+| **Layout & Spacing**              | Visual hierarchy, consistency, alignment, white space          |
+| **Interactive States**            | Hover, focus, active, disabled, loading/error/success coverage |
+| **Accessibility & Semantic HTML** | WCAG AA compliance, native semantics, keyboard/focus behavior  |
+| **Component Consistency**         | Shared token DNA: radius, height, border, shadow, states       |
+| **Visual Polish**                 | Consistency, attention to detail, motion, shadows, icons       |
+
+### 4. Conditional Reviews
 
 **If `--responsive`**: Check at 375px, 768px, 1280px, 1536px+. Flag touch targets, horizontal scroll, text sizing.
 
 **If `--dark-mode`**: Check contrast on dark backgrounds, adapted colors (not just inverted), shadow adjustments, focus visibility.
 
-### 4. Report Findings
+### 5. Report Findings
 
 Group by severity:
 
-- **Critical (Must Fix)**: Accessibility failures, broken interactions
-- **Warning (Should Fix)**: AI slop patterns, inconsistent spacing, missing states
+- **Critical (Must Fix)**: Accessibility failures, broken interactions, dead-end errors, unsafe destructive actions
+- **Warning (Should Fix)**: AI slop patterns, inconsistent spacing, missing states, confusing IA/naming
 - **Info (Nice to Have)**: Polish opportunities
 
 For each finding: location, impact, and recommended fix.
@@ -85,7 +105,7 @@ observation({
 
 ## Related Commands
 
-| Need                 | Command   |
-| -------------------- | --------- |
-| Design from scratch  | `/design` |
-| Ship implementation  | `/ship`   |
+| Need                | Command   |
+| ------------------- | --------- |
+| Design from scratch | `/design` |
+| Ship implementation | `/ship`   |

package/dist/template/.opencode/command/ui-slop-check.md

@@ -15,16 +15,17 @@ Run a focused anti-slop audit against changed UI files using the frontend-design
 skill({ name: "frontend-design" }); // Anti-pattern taxonomy + design references
 skill({ name: "visual-analysis" }); // Structured visual/code analysis workflow
 skill({ name: "accessibility-audit" }); // Keyboard/focus/contrast checks
+skill({ name: "ux-quality-gates" }); // UX correctness gates beyond visual slop
 ```
 
 ## Parse Arguments
 
-| Argument        | Default | Description                                                   |
-| --------------- | ------- | ------------------------------------------------------------- |
-| `[path\|auto]`  | `auto`  | Specific file/dir to audit, or auto-detect changed UI files   |
-| `--staged`      | false   | Audit staged changes only (`git diff --cached`)               |
-| `--since=<ref>` | `HEAD`  | Compare against ref (`main`, `HEAD~1`, commit SHA)            |
-| `--full-report` | false   | Include all categories even when no issues found              |
+| Argument        | Default | Description                                                 |
+| --------------- | ------- | ----------------------------------------------------------- |
+| `[path\|auto]`  | `auto`  | Specific file/dir to audit, or auto-detect changed UI files |
+| `--staged`      | false   | Audit staged changes only (`git diff --cached`)             |
+| `--since=<ref>` | `HEAD`  | Compare against ref (`main`, `HEAD~1`, commit SHA)          |
+| `--full-report` | false   | Include all categories even when no issues found            |
 
 ## Phase 1: Resolve Target Files
 
@@ -96,12 +97,34 @@ Evaluate each target file (or rendered screenshot if provided) against these che
 - Error copy includes what happened + why + how to fix
 - Empty states include guidance + next action
 - Terminology is consistent (avoid mixed synonyms for same action)
+- User-facing labels avoid implementation terms, database names, and internal acronyms
 
-### F) Accessibility Safety Nets
+### F) UX Quality Gates
+
+- One dominant filled primary action per view/section
+- Destructive actions require explicit confirm or undo, with specific entity/count in copy
+- No placeholder-as-label form fields
+- Form errors are associated with controls (`aria-describedby`, `aria-invalid`, `role="alert"`)
+- Submit/loading states prevent double-submit without layout shift
+- Empty, loading, error, and success states exist where async/data flows exist
+- Error toasts/banners persist long enough and include retry/undo/support where applicable
+- Data-heavy UI distinguishes empty state from filtered no-results state
+- Bulk actions show selected count and confirm destructive scope
+
+### G) Accessibility Safety Nets
 
 - Keyboard-visible focus treatment (`:focus-visible`)
 - Contrast baseline expectations (WCAG AA)
 - Touch targets reasonable (44x44 context where applicable)
+- Native semantic elements are used before ARIA patches (`button`, `a`, `form`, landmarks)
+- Heading structure has one logical `h1` per page/screen context
+
+### H) Component Family Consistency
+
+- Buttons and inputs in the same form share height, radius, border, and focus treatment
+- Focus, error, disabled, and loading states use the same token logic across components
+- No one-off radius/shadow/border width unless documented as a system-level exception
+- Semantic color roles are consistent: success, warning, destructive, info, primary
 
 ## Phase 3: Severity and Scoring
 

package/dist/template/.opencode/command/verify.md

@@ -13,6 +13,7 @@ Check implementation against PRD before shipping.
 ```typescript
 skill({ name: "beads" });
 skill({ name: "verification-before-completion" });
+// If local web/browser verification needs stable URLs: skill({ name: "portless" });
 ```
 
 ## Parse Arguments
@@ -105,6 +106,8 @@ Follow the [Verification Protocol](../skill/verification-before-completion/refer
 1. **Parallel**: typecheck + lint (simultaneously)
 2. **Sequential** (after parallel passes): test, then build (ship only)
 
+For browser/manual local-web requirements, load the [portless](../skill/portless/SKILL.md) skill when stable named URLs would improve verification. Use only read-only Portless commands unless the user explicitly approves local networking changes; a reachable Portless URL supplements, but never replaces, typecheck/lint/test/build evidence.
+
 Report results with mode column:
 
 ```text

package/dist/template/.opencode/plugin/copilot-auth.ts

@@ -84,6 +84,21 @@ function normalizeDomain(url: string): string {
 	return url.replace(/^https?:\/\//, "").replace(/\/$/, "");
 }
 
+const DEFAULT_COPILOT_API_BASE = "https://api.githubcopilot.com";
+
+function toCopilotMessagesBase(url: string | undefined): string {
+	const base = (url?.trim() || DEFAULT_COPILOT_API_BASE)
+		.replace(/\/+$/, "")
+		.replace(/\/v1$/, "");
+	return `${base}/v1`;
+}
+
+function isClaudeCopilotModel(modelId: string, model: any): boolean {
+	return [modelId, model?.id, model?.api?.id]
+		.filter((value): value is string => typeof value === "string")
+		.some((value) => value.toLowerCase().includes("claude"));
+}
+
 function getUrls(domain: string) {
 	return {
 		DEVICE_CODE_URL: `https://${domain}/login/device/code`,
@@ -565,7 +580,7 @@ export const CopilotAuthPlugin: Plugin = async ({ client: sdk, directory }) => {
 					: undefined;
 
 				if (provider && provider.models) {
-					for (const [_modelId, model] of Object.entries(provider.models)) {
+					for (const [modelId, model] of Object.entries(provider.models)) {
 						model.cost = {
 							input: 0,
 							output: 0,
@@ -575,9 +590,18 @@ export const CopilotAuthPlugin: Plugin = async ({ client: sdk, directory }) => {
 							},
 						};
 
-						// Route all Copilot models through the local file-based SDK.
-						// OpenCode's built-in github-copilot model loader will automatically
-						// choose sdk.responses(model) for GPT-5+ and sdk.chat(model) otherwise.
+						// OpenCode 1.14.33 routes Copilot Claude models through the
+						// Anthropic Messages API when Copilot /models reports /v1/messages.
+						// Keep that route: the local OpenAI-compatible SDK calls
+						// /chat/completions, which returns 404 for current Claude models.
+						if (isClaudeCopilotModel(modelId, model)) {
+							model.api.npm = "@ai-sdk/anthropic";
+							model.api.url = toCopilotMessagesBase(baseURL ?? model.api.url);
+							continue;
+						}
+
+						// Route OpenAI-compatible Copilot models through the local file-based
+						// SDK so GPT/Gemini keep the reasoning_opaque and Responses fixes.
 						model.api.npm = localCopilotSdk;
 					}
 				}
@@ -872,45 +896,40 @@ export const CopilotAuthPlugin: Plugin = async ({ client: sdk, directory }) => {
 							const toolSource = modifiedBody || body;
 							if (Array.isArray(toolSource?.tools)) {
 								let toolsChanged = false;
-								const sanitizedTools = toolSource.tools.map(
-									(tool: any) => {
-										if (!tool || typeof tool !== "object") return tool;
-
-										let result = tool;
-
-										// Strip top-level non-standard fields from tool object
-										if (
-											"custom" in result ||
-											"eager_input_streaming" in result
-										) {
-											toolsChanged = true;
-											const {
-												custom: _custom,
-												eager_input_streaming: _eis,
-												...clean
-											} = result;
-											result = clean;
-										}
+								const sanitizedTools = toolSource.tools.map((tool: any) => {
+									if (!tool || typeof tool !== "object") return tool;
+
+									let result = tool;
+
+									// Strip top-level non-standard fields from tool object
+									if ("custom" in result || "eager_input_streaming" in result) {
+										toolsChanged = true;
+										const {
+											custom: _custom,
+											eager_input_streaming: _eis,
+											...clean
+										} = result;
+										result = clean;
+									}
 
-										// Also check nested function object (Chat Completions format)
-										if (
-											result.function &&
-											typeof result.function === "object" &&
-											("custom" in result.function ||
-												"eager_input_streaming" in result.function)
-										) {
-											toolsChanged = true;
-											const {
-												custom: _c,
-												eager_input_streaming: _e,
-												...cleanFn
-											} = result.function;
-											result = { ...result, function: cleanFn };
-										}
+									// Also check nested function object (Chat Completions format)
+									if (
+										result.function &&
+										typeof result.function === "object" &&
+										("custom" in result.function ||
+											"eager_input_streaming" in result.function)
+									) {
+										toolsChanged = true;
+										const {
+											custom: _c,
+											eager_input_streaming: _e,
+											...cleanFn
+										} = result.function;
+										result = { ...result, function: cleanFn };
+									}
 
-										return result;
-									},
-								);
+									return result;
+								});
 
 								if (toolsChanged) {
 									modifiedBody = {
@@ -1248,6 +1267,12 @@ export const CopilotAuthPlugin: Plugin = async ({ client: sdk, directory }) => {
 		"chat.params": async (input: any, output: any) => {
 			if (!input.model?.providerID?.includes("github-copilot")) return;
 
+			// Copilot rejects eager tool streaming on Anthropic Messages routing.
+			if (input.model?.api?.npm === "@ai-sdk/anthropic") {
+				output.options ??= {};
+				output.options.toolStreaming = false;
+			}
+
 			// GPT models don't support maxOutputTokens through the Copilot proxy
 			if (input.model?.api?.id?.includes("gpt")) {
 				output.maxOutputTokens = undefined;