Skip to content

fix(opencode): skip claude-auth on kimaki + upgrade.sh repair path for existing installs#53

Merged
chubes4 merged 2 commits into
mainfrom
repair-existing-installs
Apr 21, 2026
Merged

fix(opencode): skip claude-auth on kimaki + upgrade.sh repair path for existing installs#53
chubes4 merged 2 commits into
mainfrom
repair-existing-installs

Conversation

@chubes4
Copy link
Copy Markdown
Member

@chubes4 chubes4 commented Apr 20, 2026

Summary

Two related fixes. Both discovered while investigating why an agent on a live VPS (v0.2.0 install) kept spawning sub-sessions with `kimaki send --worktree` despite the `dm-context-filter` plugin being checked into main for months.

Root cause: the plugin was coded correctly but never activated on pre-v0.4.0 installs. `opencode.json` had no `"plugin"` key at all, and `upgrade.sh` had no path to repair that.

What this PR does

1. Closes #51 — conditional `opencode-claude-auth@latest`

`runtimes/opencode.sh` now skips `opencode-claude-auth@latest` when `CHAT_BRIDGE=kimaki`. Kimaki v0.6.0+ ships a built-in `AnthropicAuthPlugin` that handles the same concerns (OAuth, token refresh, request/response rewriting, multi-account rotation). Loading both plugins caused them to compete for the `anthropic` auth provider.

The plugin is still loaded unconditionally for cc-connect, telegram, and no-bridge setups — all of which still need it for Claude Max/Pro OAuth, billing headers, and system prompt relocation.

2. New `upgrade.sh` repair path for existing installs

Bootstrap gap: If `/opt/kimaki-config/` didn't exist, the kimaki sync path bailed with a soft warn and no recovery. That directory is entirely wp-coding-agents-owned (plugins, post-upgrade.sh, kill list) — no user state. `_sync_kimaki_config` now bootstraps it on demand. Non-kimaki dispatch paths untouched.

opencode.json drift gap: The upgrade never verified the `plugin` array against what current `setup.sh` would produce. Installs set up before v0.4.0 have no `plugin` entry at all; installs set up before the #51 fix above carry a stale `opencode-claude-auth@latest` that conflicts with kimaki's built-in plugin.

New Phase 2b: `check_opencode_json_drift`

  • Read-only by default. Compares the current `plugin` array against expected output for the detected `(RUNTIME, CHAT_BRIDGE, INSTALL_DATA_MACHINE)` combo.
  • Logs drift as a warning and surfaces it loudly in the summary.
  • Non-opencode runtimes (claude-code, studio-code) silently skip — they use different config mechanisms.

New flag `--repair-opencode-json` opts into a surgical rewrite:

  • Rewrites the `plugin` array to the expected state.
  • All other keys preserved.
  • Writes `opencode.json.backup.` alongside.
  • opencode.json moves from the "NEVER TOUCHED" list into a new "OPT-IN TOUCHES" block in the help output.

New helper `lib/repair-opencode-json.py` does the actual JSON work:

  • Standalone and testable. Returns JSON diagnostics on stdout.
  • Exit codes: 0 ok/skipped, 1 drift-or-repaired, 2 IO error.
  • Mirrors the expected-plugins logic from `runtimes/opencode.sh` — kept in sync via comments on both sides.

Testing

End-to-end on a v0.2.0 install (extrachill.com's VPS, which was missing everything):

```bash

Before manual fix:

$ cat /var/www/extrachill.com/opencode.json | jq .plugin
null # no plugin key at all
$ ls /opt/kimaki-config/
ls: cannot access '/opt/kimaki-config/': No such file or directory

Drift detection (before --repair):

$ ./upgrade.sh --dry-run
Phase 2b: opencode.json plugin array has drift — re-run with --repair-opencode-json to fix
{"status": "drift",
"missing": ["/opt/kimaki-config/plugins/dm-context-filter.ts",
"/opt/kimaki-config/plugins/dm-agent-sync.ts"],
"unexpected": ["opencode-claude-auth@latest"], ...}

Apply:

$ ./upgrade.sh --repair-opencode-json
Phase 2b: Repairing opencode.json plugin array...
opencode.json repaired (backup: opencode.json.backup.20260420-221244)
{"status": "repaired",
"before": ["opencode-claude-auth@latest"],
"after": ["/opt/kimaki-config/plugins/dm-context-filter.ts",
"/opt/kimaki-config/plugins/dm-agent-sync.ts"], ...}
```

Also tested:

  • Phase 2b correctly skips for non-opencode runtimes.
  • Phase 2b correctly reports `ok` when plugin array matches.
  • Expected-plugins logic correctly excludes `opencode-claude-auth@latest` when `CHAT_BRIDGE=kimaki` and includes it when `CHAT_BRIDGE=cc-connect`.

Commits

  1. `fix(opencode): skip opencode-claude-auth when CHAT_BRIDGE=kimaki (closes Support multi-account Anthropic OAuth across all chat bridge and runtime combos #51)`
  2. `feat(upgrade): repair existing installs — bootstrap /opt/kimaki-config + opencode.json drift detection`

Why two concerns in one PR

They're tightly coupled: the drift detection in #2 hardcodes the expected-plugins logic that #1 changes. Shipping them separately would either (a) leave #1 without a way to repair existing installs, or (b) leave #2 with an incorrect expected-plugins baseline. Easier to review together.

chubes4 added 2 commits April 20, 2026 22:13
@chubes4
fix(opencode): skip opencode-claude-auth when CHAT_BRIDGE=kimaki (closes
5301c02 
 #51)

Kimaki v0.6.0+ ships a built-in AnthropicAuthPlugin that handles OAuth
login, token refresh, request/response rewriting, and multi-account
rotation. Loading opencode-claude-auth@latest alongside it causes both
plugins to compete for the anthropic auth provider in OpenCode.

runtimes/opencode.sh now skips opencode-claude-auth@latest when
CHAT_BRIDGE=kimaki. It remains unconditional for cc-connect, telegram,
and no-bridge setups (all of which still need the plugin to handle
Claude Max/Pro OAuth, billing headers, and system prompt relocation).
@chubes4
feat(upgrade): repair existing installs — bootstrap /opt/kimaki-confi…
46d6dcf 
…g + opencode.json drift detection

Two gaps in upgrade.sh caused installs that predate v0.4.0 (or the #51
fix) to remain permanently broken even when upgrade.sh ran clean:

1. Bootstrap gap: if /opt/kimaki-config/ doesn't exist, the kimaki sync
   path bailed with a soft warn and no recovery. That directory is
   entirely wp-coding-agents-owned (plugins, post-upgrade.sh, kill list)
   with no user state to preserve — safe to create on demand.

2. opencode.json drift gap: the upgrade never verified the 'plugin'
   array against what current setup.sh would produce. Installs set up
   before v0.4.0 have no 'plugin' entry at all; installs set up before
   the #51 fix carry a stale opencode-claude-auth@latest that now
   conflicts with kimaki's built-in AnthropicAuthPlugin.

Changes:

* _sync_kimaki_config (VPS branch) now bootstraps /opt/kimaki-config/
  when missing instead of bailing. Non-kimaki dispatch paths untouched.

* New Phase 2b: check_opencode_json_drift. Read-only by default —
  compares the current 'plugin' array against expected output for the
  detected (RUNTIME, CHAT_BRIDGE, INSTALL_DATA_MACHINE) combo. Logs
  drift as a warning and surfaces it in the summary.

* New flag --repair-opencode-json opts into a surgical rewrite of the
  'plugin' array. All other keys preserved. A .backup.<ts> is written
  alongside. opencode.json moves out of the 'NEVER TOUCHED' list into
  a new 'OPT-IN TOUCHES' block in the help output.

* New helper lib/repair-opencode-json.py does the actual JSON work.
  Standalone and testable; returns JSON diagnostics on stdout. Exit
  codes: 0 ok / skipped, 1 drift-or-repaired, 2 IO error. Mirrors the
  expected-plugins logic in runtimes/opencode.sh — kept in sync via
  comments.

Tested end-to-end on a v0.2.0 install (this server) that predated both
features: drift detected correctly, --repair-opencode-json rewrote the
plugin array to the expected state, backup verified.
@chubes4 chubes4 merged commit 580e301 into main Apr 21, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Support multi-account Anthropic OAuth across all chat bridge and runtime combos

1 participant

@chubes4