chore(deps): update opencode to v1.14.48

[renovate]

This PR contains the following updates:

Package	Update	Change
anomalyco/opencode	patch	1.14.18 → 1.14.48

---

Release Notes

anomalyco/opencode (anomalyco/opencode)

v1.14.48

Compare Source

Core

Improvements

• Preserve original image attachments instead of resizing them before sending them to the model

v1.14.47

Compare Source

Core

Bugfixes

• Restored prompt editing keybindings in the TUI textarea, including aliases like esc and enter
• Model changes now persist reliably across session activity
• HTTP API schema validation errors now return a readable 400 response body

Improvements

• Scout can now materialize configured reference repositories up front so they are ready to search
• Large image attachments are now auto-resized before sending, with configurable size limits

TUI

• File and directory paths now render relative to the session directory when possible

v1.14.46

Compare Source

Core

Improvements

• Added a built-in customize-opencode skill so opencode config edits are less likely to break startup.

Bugfixes

• Fixed numeric HTTP API query parameters in the generated OpenAPI spec and SDK for session and file endpoints.
• Fixed boolean HTTP API query handling so SDK types and runtime validation stay aligned.
• Tolerated legacy stored numeric values in sessions, diffs, and retry events instead of failing to load old data.
• Fixed old sessions with negative token counts causing message loads and Desktop startup to fail.
• Fixed MCP tool discovery when a server publishes broken outputSchema references.
• Fixed workspace HTTP API query drift so workspace-routed endpoints expose the right query parameters in OpenAPI and the SDK.
• Fixed a Plan Mode security bypass where subagents could ignore parent-agent deny rules.

v1.14.45

Compare Source

Core

Bugfixes

• Provider configs and API responses now accept models marked as active.
• Read tool permission rules now match worktree-relative paths, so read allowlists and denylists apply correctly.
• Workspace-routed HTTP API endpoints no longer reject valid directory and workspace query params.

TUI

Bugfixes

• Startup errors now report every failed bootstrap request instead of only the first one.
• Opening a session no longer crashes when the messages request fails.

Desktop

Bugfixes

• Older migrated sessions with missing diff file details load again.
• Older migrated sessions with missing diff patches load again. (@​OpeOginni)

SDK

Bugfixes

• throwOnError: true now throws a real Error with the server message and preserves the response body in cause.

Extensions

Improvements

• TUI plugins using the deprecated api.command API keep working while you migrate to api.keymap.

Bugfixes

• Provider plugins can no longer mutate shared provider model state for the rest of the app.

Thank you to 1 community contributor:

• @​OpeOginni:
  • fix(sessions): allow optional patch field in diff for migrated sessions (#​26574)

v1.14.44

Compare Source

Core

Bugfixes

• Fixed upgrades failing for existing workspaces when adding the time_used field.

v1.14.43

Compare Source

Core

Bugfixes

• Keep provider and config API responses working when auth loaders add non-JSON options to providers.
• Include tool image attachments in ACP updates and session replays. (@​SteffenDE)

Thank you to 1 community contributor:

• @​SteffenDE:
  • fix(acp): include tool image attachments in updates (#​25128)

v1.14.42

Compare Source

Core

Improvements

• Added HTTP API response compression for large non-streaming responses.
• Added the Scout agent for repo research, docs lookup, and dependency-source inspection.
• Added workspace sync so adapter-backed workspaces can be discovered and registered automatically.
• Added an interactive split-footer mode for opencode run.
• Simplified TUI keybinding config into a flat keybind format.
• Made duplicate worktree names fall back to the parent directory for clearer labels.

Bugfixes

• Fixed HTTP API auth responses to match the previous wire format for empty authorize results and share errors.
• Returned structured validation errors from the HTTP API.
• Rejected invalid permission and question IDs in the HTTP API.
• Included auth challenges on typed HTTP API 401 responses.
• Fixed the HTTP API OpenAPI document route.
• Fixed detached sessions so they are claimed by the source project again.
• Forwarded SIGINT, SIGTERM, and SIGHUP correctly when running through the npm shim. (@​chubes4)
• Allowed skills without descriptions to load correctly.
• Required auth on effect HTTP API root routes. (@​RajvardhanPatil07)
• Kept tool ordering stable so tool lists stop reshuffling between runs.
• Made retry dialogs more specific to the provider and failure reason.
• Fixed Gemini reasoning controls so supported effort levels and small-mode defaults match the model.
• Fixed Anthropic Opus 4.5 reasoning effort options.
• Limited OpenAI deep research models to the reasoning level they actually support.
• Fixed GPT-5 reasoning variants so the exposed effort options match each model family.

TUI

Improvements

• Show retrying sessions as active in the project sidebar. (@​edemaine)

Bugfixes

• Fixed the sidebar message shown for language server state. (@​Polo123456789)
• Sorted the session picker by full last-updated time instead of day buckets. (@​Sleepful)
• Kept longer cleared prompts in draft history so they can be restored.

Desktop

Improvements

• Switched desktop updates to silent per-user install flow.

Thank you to 5 community contributors:

• @​edemaine:
  • feat(desktop): working indicator on project sidebar (#​26223)
• @​RajvardhanPatil07:
  • fix(server): require auth for effect root routes (#​26361)
• @​chubes4:
  • fix(cli): forward signals from npm shim (#​26259)
• @​Sleepful:
  • fix(tui): sort session picker by full updated timestamp (#​24725)
• @​Polo123456789:
  • fix(sidebar): fix logic and missleading message #​26469 (#​26470)

v1.14.41

Compare Source

Core

Bugfixes

• Restored formatter output handling so formatting still works when formatters write to stdout or stderr. (@​ferdinandyb)

Improvements

• Warping a session to another workspace can now carry over your uncommitted file changes.

TUI

Bugfixes

• Restored custom provider setup in /connect.

Desktop

Bugfixes

• Added a macOS Settings menu entry. (@​jessedi0n)

Improvements

• Moved the desktop app's local server into a separate utility process for more reliable startup and shutdown.

Extensions

Improvements

• ACP clients now restore the last model, mode, and effort when loading sessions, and can close sessions cleanly.

Thank you to 4 community contributors:

• @​carmithersh:
  • docs: add opencode-jfrog-plugin to ecosystem list for JFrog integration (#​26019)
• @​jessedi0n:
  • fix(desktop): add macOS settings menu entry (#​26081)
• @​ferdinandyb:
  • fix(format): restore stdout/stderr ignore for formatter processes (#​26037)
• @​YGoetschel:
  • fix: guard undefined contents in diff renderer to fix share viewer SSR crash (#​21763)

v1.14.40

Compare Source

Core

Improvements

• Support .well-known/opencode configs that point to a separate remote config file.

Bugfixes

• Preserve assistant text when replaying signed reasoning blocks. (@​edevil)
• Return consistent not-found errors for missing sessions.
• Apply CORS headers before auth so browser clients can reach legacy server endpoints.
• Fix serve, web, and ACP network options triggering runtime re-entry errors.
• Only show connected workspaces in warp flows, and carry the new directory into the session after warping.
• Restore web terminal CSP allowances.
• Sanitize invalid surrogate characters before provider transforms.
• Fix Cloudflare AI Gateway provider options for OpenAI-compatible models. (@​NathanDrake2406)
• Use the current workspace with /new, including local-project warps.
• Keep editor selection context stable until it is sent.
• Retry server_is_overloaded API errors automatically.
• Restore Mistral Medium 3.5 variants so model selection works correctly.
• Show compaction summaries before retained tail messages.

TUI

Bugfixes

• Keep the selected model when model data refreshes.
• Fix /agent create to use the /agents path. (@​OpeOginni)

Desktop

Improvements

• Allow trusted app windows to write to the clipboard without permission failures.

Bugfixes

• Ignore broken pipe (EPIPE) errors in desktop console logging.
• Stop auto-installing updates when quitting the app.
• Silence noisy browser API Sentry reports in production.
• Prevent sync bootstrap queries from failing during app startup.

Thank you to 6 community contributors:

• @​OpeOginni:
  • fix(TUI): update agent create target path from "/agent" to "/agents" (#​14427)
• @​NathanDrake2406:
  • fix(cf-ai-gateway): route provider options through openaiCompatible key (#​24432) (#​25573)
• @​imduchuyyy:
  • docs: update desktop app references from Tauri to Electron (#​25965)
• @​kill74:
  • docs: fix CLI attach section order (#​25749)
• @​zharinov:
  • fix(ui): preserve SVG tags in DOMPurify config for KaTeX math rendering (#​25866)
• @​edevil:
  • fix(provider): preserve assistant message content when reasoning blocks present (#​21370)

v1.14.39

Compare Source

Desktop

Bugfixes

• Respect HTTP_PROXY and related proxy environment variables in the desktop app.
• Return null instead of failing when the desktop app cannot read a stored value.

v1.14.38

Compare Source

Core

Bugfixes

• Embedded UI requests now work with arbitrary connect-src origins under the default CSP.

Desktop

Bugfixes

• Desktop now trusts system CA certificates for HTTPS connections.

v1.14.37

Compare Source

Core

Bugfixes

• Canceling a task now also cancels child subtask sessions.

Improvements

• Improved v2 session rendering with cleaner tool states, better compaction summaries, and more accurate timing.
• Warp a session into another workspace or back to the local project.

Desktop

Bugfixes

• Run the desktop migration on startup so existing installs transition correctly after the desktop packaging move.
• Stabilized the Windows titlebar when changing zoom levels.

v1.14.35

Compare Source

Core

Bugfixes

• Preserve diff patch boundaries so session diffs keep rendering correctly when file contents include diff --git text.

v1.14.34

Compare Source

Core

Improvements

• Add PTY connection tickets so authenticated terminal websockets work more reliably across clients.
• Add v2 session failure events so clients can detect and show failed runs.
• Improve shell command handling for Bash, PowerShell, and cmd sessions.

Bugfixes

• Return structured error bodies from the effect HTTP server instead of empty failures.
• Reload server auth environment variables correctly for each new HTTP listener.
• Stop worktree creation from hanging while bootstrap commands run.
• Fix Azure Anthropic model resolution when using the Anthropic SDK.
• Fix the web UI proxy so public manifest assets load and proxied responses do not break on transfer-encoding. (@​OpeOginni)
• Allow Codex Spark models when signing in with Codex OAuth. (@​Utkub24)
• Fix embedded UI serving from the standalone server build.
• Fix PTY websocket connections from Desktop when using the HttpApi server.
• Respect custom basic auth usernames in opencode clients.
• Prompt browsers for basic auth on protected server logins. (@​OpeOginni)
• Show real server error messages in the CLI and SDK instead of bare {}.
• Prevent large diffs from using unbounded memory.
• Fix v2 session API responses to encode optional fields correctly.
• Fix pagination Link headers to use the real request host.

TUI

Improvements

• Add debug info to print environment and diagnostic details.

Bugfixes

• Add a --username option for basic-auth server connections. (@​OpeOginni)
• Pass server auth through internal ACP connections.
• Show provider login errors from stderr instead of swallowing them.

Desktop

Bugfixes

• Prevent terminal reconnect loops after recovery failures.
• Preserve auth-token credentials when reopening the app.

Thank you to 4 community contributors:

• @​PanAchy:
  • chore(opencode): exclude .map files from CLI binary build (#​25500)
• @​OpeOginni:
  • fix(httpapi): add basic auth challenge for browser login
  • fix(auth): add username option for basic auth in RunCommand (#​25600)
  • fix(opencode): strip transfer-encoding in UI proxy and allow public manifest assets (#​25698)
• @​Utkub24:
  • fix: allow Codex Spark with Codex OAuth (#​25640)
• @​cgilly2fast:
  • chore(docs): rename firmware provider to frogbot (#​25453)

v1.14.33

Compare Source

Core

• Fix issue with custom agents in plugins not loading

Thank you to 3 community contributors:

• @​jerome-benoit:
  • fix(nix): remove stale packages/shared filter (#​24930)
• @​OpeOginni:
  • docs: CLI docs for current commands and flags (#​25399)
• @​HyeokjaeLee:
  • fix(instance): restore InstanceBootstrap init parameter for non-Effec… (#​25449)

v1.14.32

Compare Source

Core

• Shell mode in the prompt stays editable, so backspace, cursor movement, and other editing keys work again.
• Fixed HTTP API workspace adapters losing instance context, which could break workspace create, sync, and routing flows.
• Fixed experimental workspace creation requests that omit extra.
• Fixed OpenAPI parameter schemas so generated clients match the public API.
• Unsupported image formats now fall back to text reads instead of being sent as image attachments. (@​zeke)
• Agents can use the global temp directory without extra permission prompts.
• Fixed Bedrock sessions that include reasoning content when switching models.
• Session archive timestamps now reject non-finite values, avoiding invalid JSON in API payloads.

TUI

• Reduced startup theme flashing when using the system theme.
• The animated logo now avoids subpixel rendering on terminals without truecolor support.

Thank you to 2 community contributors:

• @​luojiyin1987:
  • fix: correct documentation typos (#​25260)
• @​zeke:
  • fix(read): prevent unsupported image formats from being sending to provider (#​21114)

v1.14.31

Compare Source

Core

• Azure setup now prompts for the resource name when needed and saves it with the API key.
• Task child sessions now preserve parent external_dir and deny permissions. (@​remorses)
• Invalid remote MCP URLs now fail with a clear error instead of breaking setup.

Desktop

• Restoring saved messages no longer crashes the app when a model is missing.

Thank you to 1 community contributor:

• @​remorses:
  • fix(opencode): preserve external_dir and deny parent permissions in task child sessions (#​23290)

v1.14.30

Compare Source

Core

• Fixed missing sessions in Desktop caused by path mismatches, including recovery for existing stored data.
• Fixed Azure Responses defaults to avoid reasoning item ordering errors.
• Improved DeepSeek compatibility with providers that vary model naming.
• Added Mistral Medium 3.5 with reasoning support. (@​rubdos)
• Made instruction precedence more predictable by applying global instructions before project and skill instructions.
• Reconnected editor context when switching to a session in another directory.
• Fixed forked sessions so compacted history stays intact. (@​spark4862)
• Reduced memory growth in long-running bash tool usage.
• Sessions now filter to the current path by default, with a setting to show the whole project.
• Kept GitHub Copilot model variants in sync with the latest API capabilities.
• Fixed Zed selections with UTF-8 text so editor context uses the right ranges.

TUI

• Added a quick toggle for paste summaries.
• Invalid custom themes no longer crash the TUI on startup.

Thank you to 3 community contributors:

• @​Vect0rM:
  • docs: add Atomic Chat provider section (#​23069)
• @​spark4862:
  • fix(session): remap compaction tail_start_id when forking (#​24898)
• @​rubdos:
  • feat: add Mistral Medium 3.5 with reasoning support (#​24996)

v1.14.29

Compare Source

Core

• Sessions now keep a relative workspace path.
• Moonshot and Kimi tool schemas are sanitized to avoid rejected tool calls.
• MCP OAuth errors now match the native API more closely.
• Provider OAuth authorize errors now match the native API more closely.
• Shell cancellations now finish cleanly instead of leaving aborted commands in a bad state.
• Creating a session over HTTP now works with an empty request body.
• Workspace HTTP API routes are now mounted through the bridge.
• Tool streaming now defaults off for non-Anthropic models when using the Anthropic SDK.
• DeepSeek OpenAI-compatible setups now keep reasoning_content interleaved by default.
• The experimental LSP tool now forwards the workspace symbol query.
• Google Vertex now defaults tool call streaming off.

TUI

• Zed context polling stays responsive.
• Pressing Enter in dialogs now triggers the dialog instead of leaking through. (@​CasualDeveloper)
• File context is clearer, can be turned off, and clears after sending.
• opencode agent create now writes a valid permissions.deny config. (@​21pounder)

Desktop

• Per-workspace icon overrides now stay applied for subdirectories in the same repo.
• Sync state loading is more reliable for MCP, LSP, and workspace refreshes.

Thank you to 3 community contributors:

• @​21pounder:
  • fix(opencode): agent create generates permissions field with deny ins… (#​24482)
• @​SeashoreShi:
  • docs: fix duplicated word in CLI env var table (#​24614)
• @​CasualDeveloper:
  • fix(tui): consume Enter in dialog useKeyboard handlers (#​23390)

v1.14.28

Compare Source

Core

• Fixed issue with opencode upgrade failing for bun installs unless in a directory with package.json

v1.14.27

Compare Source

Core

• Added a configurable default shell for terminals and agent shell commands, with a Desktop setting to manage it.
• Reduced extra terminal noise while creating TUI workspaces.

TUI

• Hid provider connection checks until onboarding is complete.
• Restored the default toast timeout when no custom duration is provided. (@​OpeOginni)

Thank you to 1 community contributor:

• @​OpeOginni:
  • fix(tui): update toast duration handling to use default value (#​23395)

v1.14.26

Compare Source

Core

• Fixed config parsing to preserve permission rule order.
• Fixed OpenRouter DeepSeek reasoning output handling.
• Sent an opencode/<version> User-Agent header with HTTP requests.

TUI

• Added Zed editor selection support for editor context.
• Show a /connect tip when no models are configured.
• Fixed editor lock detection to ignore locks from unrelated workspaces. (@​jjjermiah)

Thank you to 2 community contributors:

• @​ariane-emory:
  • fix: correct typo in comment (#​24420)
• @​jjjermiah:
  • fix(editor): reject lock files with no workspace match for cwd (#​24323)

v1.14.25

Compare Source

Core

• Fixed permission config preserving rule order and exposes full IntelliSense for tool permission keys
• LSP permission prompts now include request details like the operation, file, and cursor position
• Shell commands keep the correct working directory after login shell startup files run
• Added Roslyn LSP support for Razor, .cshtml, and C# script files
• GPT-5.5 with OpenAI OAuth now uses the correct context limits to avoid compaction issues

Thank you to 2 community contributors:

• @​altendky:
  • fix(opencode): clarify git amend condition to require verifying commit landed (#​19937)
• @​b0o:
  • fix(build): add prettier to devDependencies (#​23255)

v1.14.24

Compare Source

Core

• Fixed DeepSeek assistant messages so reasoning is always included, avoiding provider formatting failures.
• Fixed inherited model configs so interleaved-capability models keep working when that field falls back to an existing model. (@​07akioni)
• Added an experimental HTTP API endpoint for MCP server status.
• Added experimental HTTP API endpoints to list files, read file contents, and check project file status.

Thank you to 1 community contributor:

• @​07akioni:
  • fix: use existingModel as fallback for interleaved field (#​24172)

v1.14.23

Compare Source

Core

• Respect custom .npmrc registry settings when checking package versions and updates.

TUI

• Render all non-synthetic text in a user message instead of showing only the first text block.

v1.14.22

Compare Source

Core

• Respect .npmrc settings during npm installs.
• Let projects store a custom icon override so the chosen icon persists correctly.

Desktop

• Fix session views and nested session items not getting stuck with stale state when switching between sessions.

v1.14.21

Compare Source

Core

• Support pull diagnostics from LSP servers that use them, including C# and Kotlin.
• Fix project detection and caching for bare Git repos and worktrees. (@​StevenTCramer)
• Improve session compaction so long threads keep more useful context when older history is summarized.
• Preserve UTF-8 BOMs when files are edited, patched, or rewritten through tools.
• Use Roslyn Language Server for C# support instead of csharp-ls. (@​jmbryan4)
• Add the high reasoning variant for supported Mistral Small models. (@​rubdos)
• Hide unsupported variants for Kimi models that do not expose them.

TUI

• Fail fast when opening an invalid or missing session instead of starting the TUI in a broken state.
• Skip upgrade checks when auto-update is disabled. (@​rahuliyer95)

Desktop

• Keep project avatar previews consistent between the sidebar and edit dialog.
• Improve project icon overrides so uploaded icons and color fallbacks behave correctly in the edit dialog.
• Improve Linux desktop metadata for app listings and categorization. (@​NN708)

Thank you to 6 community contributors:

• @​rahuliyer95:
  • fix(tui): don't check for version upgrades if it's disabled by the user (#​20089)
• @​github-actions[bot]:
  • Update VOUCHED list
• @​rubdos:
  • feat: add Mistral Small reasoning variant support (issue #​19479) (#​23735)
• @​jmbryan4:
  • feat: replace csharp-ls with roslyn-language-server (#​14463)
• @​NN708:
  • fix(desktop): update desktop file and MetaInfo file (#​14933)
• @​StevenTCramer:
  • fix(project): use git common dir for bare repo project cache (#​19054)

v1.14.20

Compare Source

Core

• Fixed a system theme regression in the TUI.
• Added GET /config to the experimental HTTP API.
• Fixed local dynamic imports on Windows when running under Node, improving plugin and tool loading.

TUI

• Fixed permission replies using remote workspaces so they are sent to the correct workspace.

Desktop

• Stopped prompt controls from replaying their fade-in animation on every render.
• Added a setting to hide the session progress bar while the agent is working.
• Fixed the Select Server dialog layout so the server list and actions size correctly. (@​OpeOginni)
• Fixed synced project updates so desktop project state changes apply reliably.
• Fixed sidebar project avatars to fall back to icon.url when no override is set. (@​ysm-dev)

SDK

• Fixed the WorkspaceAdaptor.create type to include the env parameter. (@​jamesmurdza)

Thank you to 4 community contributors:

• @​heimoshuiyu:
  • fix(ui): use parentID matching instead of positional scan for assistant messages (#​23093)
• @​ysm-dev:
  • fix(app): fall back to icon.url in sidebar avatar (#​18747)
• @​jamesmurdza:
  • fix(plugin): add env parameter to WorkspaceAdaptor.create type (#​23235)
• @​OpeOginni:
  • fix(desktop): adjust layout properties in DialogSelectServer component (#​23589)

v1.14.19

Compare Source

Core

• Prevented compiled binaries from failing on startup because of a circular session schema dependency.
• Renamed the compaction setting to preserve_recent_tokens for the budget that keeps recent turns verbatim.
• Preserved concurrent edits to the same file instead of letting parallel edits overwrite each other.
• Fixed managed installs on Windows and added bundled ripgrep support for Windows ARM64.
• Added NVIDIA as a built-in provider option, including connection docs and required attribution headers. (@​anniesurla)
• Kept recent conversation turns verbatim during session compaction so follow-up work keeps more local context.
• Fell back to summarizing the full conversation when preserved recent turns include too much media to fit safely.

Desktop

• Reduced loading flicker when opening projects and bringing prompt controls online.
• Added a separate terminal font setting and bundled JetBrainsMono Nerd Font Mono.

Thank you to 1 community contributor:

• @​anniesurla:
  • feat(provider): add NVIDIA to popular providers, docs, and attribution headers (#​22927)

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 03e75e0

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR