feat: file watcher in independent process for linux

[dfshfghj]

Issue for this PR

Closes #

Type of change

• Bug fix
• New feature
• Refactor / code improvement
• Documentation

What does this PR do?

linux平台由于inotify递归监听需要在每一个子目录建立watcher，容易超出/proc/sys/fs/inotify/max_user_watches上限导致进程终止，表现为打开大目录时闪退。因此file-watcher需要运行在独立进程中，考虑到bun多进程的复杂性以及性能开销，选择go写sidecar。
主要功能：支持linux平台的文件监听；判断当前活跃目录，不监听非活跃目录；

If you paste a large clearly AI generated description here your PR may be IGNORED or CLOSED!

How did you verify your code works?

bun typecheck
bun run test test/file/watcher.test.ts

Screenshots / recordings

If this is a UI change, please include a screenshot or recording.

Checklist

• I have tested my changes locally
• I have not included unrelated changes in this PR

If you do not follow this template your PR will be automatically rejected.

[github-actions]

CI/CD-related files cannot be changed in pull requests unless the author is listed in .github/cicd-admins.txt.

Violating files:

• .github/workflows/publish.yml
• .github/workflows/test.yml
• packages/app/src/context/file/tree-store.test.ts
• packages/app/src/context/file/watcher.test.ts
• packages/opencode/script/build.ts
• packages/opencode/test/file/ignore.test.ts
• packages/opencode/test/file/watcher.test.ts

This guard reads the protected list from .github/cicd-protected-files.txt.

[code-JDS]

/oc review

[code-JDS]

/oc review

[github-actions]

I have enough information from the diff to produce a thorough review. Let me summarize what I've seen and identify the key issues.

This PR adds a Go sidecar for file watching on Linux (to avoid inotify watch limit crashes), introduces an ActiveDirectory lease system so only active workspaces are watched, and refactors the FileWatcher to dynamically start/stop subscriptions based on lease activity.

Here is my review:

---

The PR implements a solid architecture for Linux file watching via a Go sidecar and active-directory lease scoping, but has a few issues worth addressing.

• Medium – Unrelated SDK changes: PostVoiceTranscribe types and client method in sdk.gen.ts / types.gen.ts are unrelated to file watching. The PR checklist claims no unrelated changes, but this voice endpoint was bundled in. It should be in a separate PR to keep the diff reviewable and avoid accidental regressions.

• Medium – Lease TTL 10x increase: server/lease.ts changes TTL from 30s (30,000) to 300s (300,000). This affects all lease-based cleanup—not just watchers. A disconnected client now holds resources (projects, watchers, etc.) alive for 5 minutes instead of 30 seconds. This may be intentional for the active-directory model, but it significantly delays cleanup on real disconnects and should be explicitly justified or split into a separate config.

• Medium-High – Go sidecar binary in auto-update packaging: A compiled Go binary (opencode-watcher) is a new platform-specific artifact. If the auto-update / release packaging pipeline doesn't include it, Linux users updating to this version will have broken file watching (or crash if requireSidecar() doesn't gracefully handle a missing binary). The .github/workflows/publish.yml changes weren't visible in the truncated diff—confirm the build step cross-compiles and packages the Go binary.

• Low – Removed inotify-limit test with no replacement: The old testLinux("skips worktree watcher when linux directory budget is exceeded") test is removed. The Go sidecar should handle this more gracefully, but no test covers the scenario where inotify limits are still exhausted even with per-directory watches. Consider adding a test that verifies the sidecar reports a fatal error and the parent process handles it correctly.

• User data / .db file impact: None. The changes are purely in file watching, lease management, and API routing. No schema, migration, storage path, or persistence logic is modified.

• Auto-update impact: The Go sidecar binary is a new required artifact on Linux. If it isn't included in the update payload, file watching breaks post-update. Verify the publish/release workflow builds and ships the binary.

[dfshfghj]

1.sdk为自动生成，出现PostVoiceTranscribe只说明之前的sdk没有即时同步，不是新功能；
2.由于浏览器行为，切到别的页面后ping变为每1min一次，30s TTL 会导致用户切到别的页面后后端意外退出，这不仅是针对文件监听的改动也是一个通用修复；
3.CD中已加 go build 的逻辑；