OpenCode hoisted tools fail permission ask with InstanceRef not provided

[Suknna]

Summary

AFT hoisted OpenCode tools fail during the permission ask step with InstanceRef not provided. This affects at least glob and apply_patch when @cortexkit/aft-opencode is registered with default hoisting enabled.

Environment

• OS: macOS darwin arm64
• OpenCode: 1.15.1
• AFT CLI: 0.26.0
• AFT binary: 0.26.0
• @cortexkit/aft-opencode: 0.26.0
• @opencode-ai/plugin in the cached AFT package: 1.15.0
• effect in the cached AFT package: 4.0.0-beta.66
• Plugin config: @cortexkit/aft-opencode@latest registered in OpenCode config, default hoist_builtin_tools behavior

Symptoms

Calling hoisted glob returns:

{"success":false,"code":"permission_denied","message":"InstanceRef not provided","error":"InstanceRef not provided"}

Calling hoisted apply_patch fails similarly and displays:

InstanceRef not provided

bash still works in the same session, so this appears specific to the AFT hoisted tool permission path rather than a complete OpenCode session failure.

Expected Behavior

Hoisted glob should return matching files, and hoisted apply_patch should apply a valid patch or return a patch-specific error. Permission checks should not fail with InstanceRef not provided.

Actual Behavior

The tools fail before reaching their underlying operation. The error is wrapped as an AFT permission denial for glob, and apply_patch surfaces the same message.

Relevant OpenCode Log Excerpt

From ~/.local/share/opencode/log/2026-05-17T110508.log:

INFO  service=lsp.client serverID=markdown initialized
ERROR service=default e=InstanceRef not provided rejection
INFO  service=lsp.client serverID=markdown path=<redacted>/AGENTS.md workspace/didChangeWatchedFiles
INFO  service=lsp.client serverID=markdown path=<redacted>/AGENTS.md textDocument/didOpen
INFO  service=lsp.client serverID=markdown path=<redacted>/AGENTS.md count=0 textDocument/publishDiagnostics
INFO  service=snapshot cwd=<redacted> tracking
INFO  service=session.prompt status=started resolveTools

From a later session log:

INFO  service=lsp.client serverID=markdown initialized
INFO  service=lsp.client serverID=markdown path=<redacted>/AGENTS.md workspace/didChangeWatchedFiles
ERROR service=default e=InstanceRef not provided rejection
INFO  service=lsp.client serverID=markdown path=<redacted>/AGENTS.md textDocument/didOpen
INFO  service=session.prompt status=started resolveTools

AFT Doctor Output

AFT CLI v0.26.0, AFT binary 0.26.0
OpenCode
  host: 1.15.1
  plugin registered: yes
  storage: <redacted>/storage/plugin/aft
  log: <redacted>/aft-plugin.log
Everything looks good.

Local Source Trace

In the cached @cortexkit/aft-opencode package:

• glob calls askGlobPermission(context, globPattern, ...) before callBridge(..., "glob", ...).
• apply_patch calls runAsk(context.ask({ permission: "edit", patterns: relPaths, always: ["*"], metadata: {} })) before checkpoint/patch execution.
• runAsk is implemented as await Effect.runPromise(maybe).
• Permission ask failures are wrapped by permissionDeniedResponse(message), matching the observed glob response shape.

That makes the likely failing point context.ask(...) / Effect.runPromise(...), not the Rust bridge, search index, or patch parser.

Workaround

Disabling hoisting should avoid replacing OpenCode built-in tools while keeping AFT-prefixed tools available:

["@cortexkit/aft-opencode@latest", {
  "hoist_builtin_tools": false
}]

Question

Is OpenCode 1.15.1 expected to work with AFT 0.26.0 hoisted tool permission checks? If yes, what additional diagnostic would help identify why context.ask is missing the expected instance reference?

[ualtinok]

This is unfortunately a bug in Opencode side that we don't have a way to circumvent. (anomalyco/opencode#25694)

Workaround: keep using 1.14.51 until Opencode fixes the bug.