* feat(web): add local Den dev stack
* fix(web): stabilize mobile Den worker cards
* fix(web): default empty Den state to new worker
* Add Google auth to Den signup (#847)
* feat(den): add google auth provider
* feat(web): add social signup buttons for den
---------
Co-authored-by: jcllobet <jcllobet@users.noreply.github.com>
---------
Co-authored-by: Jan <jc2897@cornell.edu>
Co-authored-by: jcllobet <jcllobet@users.noreply.github.com>
- Add MCP Server modal (remote URL or local command) with validation
- Remove confirmation dialog before deleting MCP servers
- Default remote servers to oauth: true so OAuth flows auto-trigger
- Update placeholders to GitHub Copilot MCP and sequential-thinking
- Fix Docker dev stack bun --compile EXDEV error (cross-device rename)
- i18n support for en and zh locales
Add docker-compose.dev.yml using off-the-shelf node:22-bookworm-slim image
that starts headless + web UI with auto-wired tokens and health checks.
Builds Linux binaries into /tmp to avoid overwriting host macOS binaries.
* feat(server): add scoped tokens, inbox/outbox, toy UI, and auth hardening
- TokenService with file-based persistence (tokens.json)
- /tokens CRUD (host auth), /whoami (client auth)
- Bearer token auth accepting OPENWORK_TOKEN or scoped tokens
- POST /workspace/:id/inbox (multipart upload)
- GET /workspace/:id/artifacts, /workspace/:id/artifacts/:id
- Toy UI at /ui with SSE, prompt send, inbox upload, outbox download
- Extended GET /capabilities with schemaVersion, serverVersion, approvals info
- Updated README with all new endpoints and auth model
* feat(headless): add sandbox runtime with Docker and Apple container backends
- --sandbox none|auto|docker|container CLI flag
- --sandbox-image, --sandbox-persist-dir, --sandbox-mount options
- Mount security: allowlist, blocked patterns, symlink resolution
- Docker backend: workspace/persist volumes, sidecar staging, entrypoint
- Apple container backend: --mount type=bind for ro mounts
- Sandbox mode proxies all OpenCode access through openwork-server
- Proxy health check (waitForHealthyViaProxy) avoids SDK auth issues
- Sandbox-specific check suite (runSandboxChecks) for --check mode
- Non-fatal verifyOpenworkServer in sandbox mode for version mismatches
- Updated README with sandbox docs and mount security
* feat(packaging): add Docker/docker-compose PaaS packaging
- Dockerfile (node:22-bookworm-slim, installs openwrk via npm)
- docker-compose.yml with workspace and data volumes
- README with usage instructions
* fix(headless): define sandbox owpenbot internal health port
