feat: Add OpenCode Zen backend and migrate to Kiro spec system

Major changes:
- Migrate from OpenSpec to Kiro spec-driven development system in AGENTS.md
- Add OpenCode Zen backend connector with full integration and unit tests
- Enhance OpenAI Codex connector with improved Droid compatibility
- Add models controller endpoints for backend model listing
- Improve translation service and streaming contracts
- Update test suite with better documentation coverage
- Add demo script for Droid codex translation
- Add utility script for checking redirects

Files changed: 22 modified, 7 new (1095 insertions, 513 deletions)

Author: Mateusz

AGENTS-OpenSpec.md

@@ -0,0 +1,72 @@
+<!-- OPENSPEC:START -->
+# OpenSpec Instructions
+
+These instructions are for AI assistants working in this project.
+
+Always open `@/openspec/AGENTS.md` when the request:
+
+- Mentions planning or proposals (words like proposal, spec, change, plan)
+- Introduces new capabilities, breaking changes, architecture shifts, or big performance/security work
+- Sounds ambiguous and you need the authoritative spec before coding
+
+Use `@/openspec/AGENTS.md` to learn:
+- How to create and apply change proposals
+- Spec format and conventions
+- Project structure and guidelines
+
+Keep this managed block so 'openspec update' can refresh the instructions.
+
+<!-- OPENSPEC:END -->
+
+## Agent Onboarding & Development Guidelines
+
+## Project Identity
+
+**Universal LLM Proxy** built with **FastAPI (Async)** using **Staged Initialization**.
+
+- **Core Features**: Traffic routing, failover, accounting, and byte-precise **CBOR wire captures**.
+- **Architecture**: Service-based (DI), Staged startup (`src/core/app/stages`), Adapter pattern for LLM backends.
+
+## Quick Start
+
+1. **Environment**: Windows-based. ALWAYS use `./.venv/Scripts/python.exe`.
+2. **Config**: `cp config/config.example.yaml config/config.yaml` (if missing).
+3. **Start**: `./.venv/Scripts/python.exe -m src.core.cli`
+4. **Onboarding**: Open `@README.md` for fundamenal project description.
+5. **Docs**: Check `docs/` for architecture deep-dives.
+
+## Key Architecture Paths
+
+| Path | Purpose |
+|------|---------|
+| `src/core/cli.py` | **Entry Point**. CLI args -> Config -> App Builder. |
+| `src/core/app/stages/` | **Startup Logic**. Infrastructure -> Services -> Backends -> Controllers. |
+| `src/connectors/` | **Backends**. Implementations for OpenAI, Gemini, Anthropic, etc. |
+| `src/core/simulation/` | **Debugging**. Traffic replay & inspection tools (`capture_reader.py`). |
+| `var/wire_captures_cbor/` | **Data**. Binary captures of all traffic (pair with `var/logs/`). |
+
+## Commands & Workflow
+
+**Rule**: Edit `pyproject.toml` for deps. **NO** manual `pip install`. **NO** emojis.
+
+| Action | Command |
+|--------|---------|
+| **Test (Fast)** | `./.venv/Scripts/python.exe -m pytest` (skips slow/integration) |
+| **Test (Full)** | `./.venv/Scripts/python.exe -m pytest -m "integration or unit"` |
+| **Lint/Fix** | `./.venv/Scripts/python.exe -m ruff --fix check .` |
+| **Format** | `./.venv/Scripts/python.exe -m black .` |
+| **Inspect** | `./.venv/Scripts/python.exe scripts/inspect_cbor_capture.py <file> --detect-issues` |
+
+## Quality & Testing Standards
+
+1. **TDD**: Write test -> Fail -> Code -> Pass.
+2. **Verify**: Run **directly related tests** first. Fix until green.
+3. **Regression**: Run full suite after multi-file changes.
+4. **Style**: PEP 8, Async/Await correctness, Exception Hierarchy (`LLMProxyError`).
+5. **Safety**: Never remove features without explicit request.
+
+## Common Pitfalls
+
+- **Async**: Use `await` for all I/O. Don't block the event loop.
+- **Paths**: Use `pathlib` or `/` forward slashes (Windows accepts them).
+- **Errors**: Don't use bare `except Exception`. Log with `exc_info=True`.

AGENTS.md

@@ -1,24 +1,27 @@
-<!-- OPENSPEC:START -->
-# OpenSpec Instructions
+<!-- KIRO-SPEC:START -->
+# Kiro Spec-Driven Development
 
-These instructions are for AI assistants working in this project.
+## When to Use Kiro Specs
 
-Always open `@/openspec/AGENTS.md` when the request:
+**Suggest spec workflow** when request involves: new features, breaking changes, architecture shifts, complex integrations, or unclear requirements needing structured analysis.
 
-- Mentions planning or proposals (words like proposal, spec, change, plan)
-- Introduces new capabilities, breaking changes, architecture shifts, or big performance/security work
-- Sounds ambiguous and you need the authoritative spec before coding
+**Code directly** for: quick fixes, simple bugs, trivial changes, or when user explicitly says "just code this".
 
-Use `@/openspec/AGENTS.md` to learn:
-- How to create and apply change proposals
-- Spec format and conventions
-- Project structure and guidelines
+## Kiro Commands (User-Triggered)
 
-Keep this managed block so 'openspec update' can refresh the instructions.
+When working on specs, the user will invoke `/kiro:*` commands. Follow the instructions provided in each command's context.
 
-<!-- OPENSPEC:END -->
+**Workflow order**: `spec-init` → `spec-requirements` → `spec-design` → `spec-tasks` → `spec-impl`
 
-## Agent Onboarding & Development Guidelines
+**Spec-driven rule**: When a spec exists at `.kiro/specs/{feature}/`, no code edits until `requirements.md` and `design.md` are approved (check `spec.json` for approval status). Every task in `tasks.md` must reference at least one acceptance criterion from requirements.
+
+**Key locations**:
+
+- Specs: `.kiro/specs/{feature-name}/` (requirements.md, design.md, tasks.md, research.md)
+- Steering (project memory): `.kiro/steering/` - load when generating specs
+- Templates: `.kiro/settings/templates/`
+- Rules: `.kiro/settings/rules/`
+<!-- KIRO-SPEC:END -->
 
 ## Project Identity
 
@@ -64,6 +67,11 @@ Keep this managed block so 'openspec update' can refresh the instructions.
 3. **Regression**: Run full suite after multi-file changes.
 4. **Style**: PEP 8, Async/Await correctness, Exception Hierarchy (`LLMProxyError`).
 5. **Safety**: Never remove features without explicit request.
+6. **Post-edit QA**: After each Python file edit, run:
+
+   ```powershell
+   ./.venv/Scripts/python.exe -m ruff check --fix <file> && ./.venv/Scripts/python.exe -m black <file> && ./.venv/Scripts/python.exe -m mypy <file>
+   ```
 
 ## Common Pitfalls
 

check_redirects.py

@@ -0,0 +1,23 @@
+
+import httpx
+import asyncio
+
+async def check_redirects():
+    url = "https://opencode.ai/zen/v1/models"
+    print(f"Checking URL: {url}")
+    async with httpx.AsyncClient() as client:
+        resp = await client.get(url, follow_redirects=False)
+        print(f"Status: {resp.status_code}")
+        if resp.is_redirect:
+            print(f"Redirect location: {resp.headers.get('location')}")
+        
+        # Also check POST endpoint
+        url_post = "https://opencode.ai/zen/v1/chat/completions"
+        print(f"Checking POST URL: {url_post}")
+        resp_post = await client.post(url_post, follow_redirects=False)
+        print(f"Status: {resp_post.status_code}")
+        if resp_post.is_redirect:
+            print(f"Redirect location: {resp_post.headers.get('location')}")
+
+if __name__ == "__main__":
+    asyncio.run(check_redirects())

data/test_suite_state.json

@@ -1,4 +1,4 @@
 {
-  "test_count": 7613,
+  "test_count": 7717,
   "last_updated": "1764197177.513252"
 }

docs/user_guide/backends/opencode-zen.md

@@ -0,0 +1,107 @@
+# OpenCode Zen Backend
+
+The `opencode-zen` backend allows the LLM Interactive Proxy to route requests through OpenCode's Zen gateway using the credentials managed by the OpenCode CLI. This integration provides seamless access to premium models like `anthropic/claude-sonnet-4` and `openai/gpt-4.1` for users who are already authenticated with the OpenCode CLI.
+
+## Prerequisites
+
+1. **OpenCode CLI Installed**: You must have the `opencode` CLI tool installed on your system.
+2. **Authenticated**: You must be logged in via the CLI.
+   ```bash
+   opencode auth login
+   ```
+   This command generates the `auth.json` file that this backend reads.
+
+## Configuration
+
+To use this backend, add it to your configuration (e.g., `config/config.yaml`) or rely on the default auto-discovery if enabled.
+
+### Basic Configuration
+
+```yaml
+backends:
+  opencode-zen:
+    enabled: true
+    # Optional: Custom API URL
+    # api_base_url: "https://opencode.ai/zen/v1"
+```
+
+### Environment Variables
+
+| Variable | Description | Default |
+|----------|-------------|---------|
+| `OPENCODE_AUTH_PATH` | Custom path to the `auth.json` file. | OS-specific default (see below) |
+| `OPENCODE_ZEN_API_URL` | Override the gateway API endpoint. | `https://opencode.ai/zen/v1` |
+
+## Credential Locations
+
+The backend automatically detects the `auth.json` file created by the OpenCode CLI in standard locations:
+
+| Platform | Default Path |
+|----------|--------------|
+| **Windows** | `%LOCALAPPDATA%\opencode\auth.json` |
+| **Linux** | `$XDG_DATA_HOME/opencode/auth.json` or `~/.local/share/opencode/auth.json` |
+| **macOS** | `$XDG_DATA_HOME/opencode/auth.json` or `~/.local/share/opencode/auth.json` |
+
+If your credentials are stored elsewhere, use the `OPENCODE_AUTH_PATH` environment variable or `credentials_path` in config.
+
+## Supported Models
+
+The backend dynamically fetches the list of available models from the OpenCode Zen gateway. As of the latest check, the following models are supported:
+
+### Anthropic
+- `anthropic/claude-opus-4-5`
+- `anthropic/claude-opus-4-1`
+- `anthropic/claude-sonnet-4-5`
+- `anthropic/claude-sonnet-4`
+- `anthropic/claude-3-5-haiku`
+- `anthropic/claude-haiku-4-5`
+
+### OpenAI
+- `openai/gpt-5.1`
+- `openai/gpt-5`
+- `openai/gpt-5.1-codex-max`
+- `openai/gpt-5.1-codex`
+- `openai/gpt-5-codex`
+- `openai/gpt-5-nano`
+
+### Google
+- `google/gemini-3-pro`
+
+### Other Vendors
+- `qwen/qwen3-coder`
+- `zhipuai/glm-4.6`
+- `moonshot/kimi-k2`
+- `moonshot/kimi-k2-thinking`
+- `xai/grok-code`
+- `deepmind/alpha-gd4`
+- `misc/big-pickle`
+
+When sending requests, you can use either the plain model name (e.g., `claude-sonnet-4`) or prefix it with the vendor (e.g., `opencode-zen:claude-sonnet-4`) to ensure routing to this specific backend. Note that the backend normalized the model names, so `anthropic/claude-sonnet-4` is accessed via `opencode-zen:claude-sonnet-4`.
+
+## Usage Example
+
+Once configured, you can send requests using the proxy:
+
+```bash
+curl http://localhost:8080/v1/chat/completions \
+  -H "Content-Type: application/json" \
+  -d '{
+    "model": "opencode-zen:anthropic/claude-sonnet-4",
+    "messages": [{"role": "user", "content": "Hello!"}]
+  }'
+```
+
+## Troubleshooting
+
+### "OpenCode credentials not found"
+- Ensure you have run `opencode auth login`.
+- Verify the file exists at the expected path for your OS.
+- If using a custom path, check `OPENCODE_AUTH_PATH`.
+
+### "OpenCode OAuth token is expired"
+- The backend automatically reloads the credentials file if the token is expired.
+- If the error persists, the refresh token might also be invalid. Run `opencode auth login` again to refresh your session.
+
+### "Backend is not functional"
+- Check the application logs for specific initialization errors.
+- Ensure the `auth.json` file is valid JSON and contains the `opencode` provider key with OAuth credentials.