feat: add devtools audit visibility (#301)

* feat: add devtools audit visibility * fix: add parens for openwork base url fallback
2026-04-25 17:15:34 +02:00 · 2026-01-28 16:25:53 -08:00
parent bbe42b7da7
commit 0df8c4df46
8 changed files with 458 additions and 17 deletions
--- a/.opencode/skills/openwork-debug/SKILL.md
+++ b/.opencode/skills/openwork-debug/SKILL.md
@@ -0,0 +1,59 @@
+---
+name: openwork-debug
+description: Debug OpenWork sidecars, config, and audit trail
+---
+
+## Credential check
+
+Set these before running the HTTP checks:
+
+- `OPENWORK_SERVER_URL`
+- `OPENWORK_SERVER_TOKEN`
+- `OPENWORK_WORKSPACE_ID` (optional; use `/workspaces` to discover)
+
+## Quick usage (read-only)
+
+```bash
+curl -s "$OPENWORK_SERVER_URL/health"
+curl -s "$OPENWORK_SERVER_URL/capabilities" \
+  -H "Authorization: Bearer $OPENWORK_SERVER_TOKEN"
+
+curl -s "$OPENWORK_SERVER_URL/workspaces" \
+  -H "Authorization: Bearer $OPENWORK_SERVER_TOKEN"
+```
+
+## Workspace config snapshot
+
+```bash
+curl -s "$OPENWORK_SERVER_URL/workspace/$OPENWORK_WORKSPACE_ID/config" \
+  -H "Authorization: Bearer $OPENWORK_SERVER_TOKEN"
+```
+
+## Audit log (recent)
+
+```bash
+curl -s "$OPENWORK_SERVER_URL/workspace/$OPENWORK_WORKSPACE_ID/audit?limit=25" \
+  -H "Authorization: Bearer $OPENWORK_SERVER_TOKEN"
+```
+
+## OpenCode engine checks
+
+```bash
+opencode -p "ping" -f json -q
+opencode mcp list
+opencode mcp debug <name>
+```
+
+## DB fallback (read-only)
+
+When the engine API is unavailable, you can inspect the SQLite db:
+
+```bash
+sqlite3 ~/.opencode/opencode.db "select id, title, status from sessions order by updated_at desc limit 5;"
+sqlite3 ~/.opencode/opencode.db "select role, content from messages order by created_at desc limit 10;"
+```
+
+## Notes
+
+- Audit logs are stored at `.opencode/openwork/audit.jsonl` in the workspace root.
+- OpenWork server writes only within approved workspace roots.