* refactor(repo): move OpenWork apps into apps and ee layout
Rebase the monorepo layout migration onto the latest dev changes so the moved app, desktop, share, and cloud surfaces keep working from their new paths. Carry the latest deeplink, token persistence, build, Vercel, and docs updates forward to avoid stale references and broken deploy tooling.
* chore(repo): drop generated desktop artifacts
Ignore the moved Tauri target and sidecar paths so local cargo checks do not pollute the branch. Remove the accidentally committed outputs from the repo while keeping the layout migration intact.
* fix(release): drop built server cli artifact
Stop tracking the locally built apps/server/cli binary so generated server outputs do not leak into commits. Also update the release workflow to check the published scoped package name for @openwork/server before deciding whether npm publish is needed.
* fix(workspace): add stable CLI bin wrappers
Point the server and router package bins at committed wrapper scripts so workspace installs can create shims before dist outputs exist. Keep the wrappers compatible with built binaries and source checkouts to avoid Vercel install warnings without changing runtime behavior.
Keep the worker rename step focused on small screens, and point the Den Docker services at their built entrypoints so the onboarding flow can be verified end to end.
* Simplify share OG preview card
* Cover OG unfurls and fix dev Docker startup
* Simulate social preview card sizes
* Add typed social OG image variants
* Use OpenWork logo in OG card
---------
Co-authored-by: jcllobet <jcllobet@users.noreply.github.com>
* feat(den): add daytona-backed docker dev flow
* fix(den): allow multiple cloud workers in dev
* fix(den): use Daytona snapshots for sandbox runtime
Use a prebuilt Daytona snapshot for the dev worker runtime so sandboxes start with openwork and opencode already installed. Pass the snapshot through the local Docker flow and add a helper to build the snapshot image for repeatable setup.
* chore(den): lower Daytona snapshot defaults
Reduce the default snapshot footprint to 1 CPU and 2GB RAM so local Daytona worker testing fits smaller org limits more easily.
* Omar is comfortable
Make Daytona-backed cloud workers stable enough to reconnect through a dedicated proxy instead of persisting expiring signed preview URLs. Split the proxy into its own deployable service, share Den schema access through a common package, and fix the web badge so healthy workers show ready.
* chore(den-db): add Drizzle package scripts
Move the shared schema package toward owning its own migration workflow by adding generate and migrate commands plus a local Drizzle config.
* chore: update lockfile
Refresh the workspace lockfile so the new den-db Drizzle tooling is captured in pnpm-lock.yaml.
* feat(den-worker-proxy): make Vercel deployment-ready
Align the proxy service with Vercel's Hono runtime entry pattern and keep a separate Node server entry for Docker/local runs. Also scaffold the Vercel project/env setup and wire Render deploy sync to pass Daytona variables needed for daytona mode.
* feat(den-db): add db mode switch for PlanetScale
Support DB_MODE=planetscale with Drizzle's PlanetScale serverless driver while keeping mysql2 as the local default. This lets Vercel-hosted services use HTTP database access without changing local development workflows.
* refactor(den-db): adopt shared TypeID ids
Move the Den TypeID system into a shared utils package and use it across auth, org, worker, and sandbox records so fresh databases get one consistent internal ID format. Wire Better Auth into the same generator and update Den request boundaries to normalize typed ids cleanly.
* fix(den): restore docker dev stack after refactor
Include the shared utils package in the Den Docker images, expose MySQL to the host for local inspection, and fix the remaining Den build/runtime issues surfaced by the Docker path after the shared package and TypeID changes.
* docs(den): document Daytona snapshot setup
Add README guidance for building and publishing the prebuilt Daytona runtime snapshot, including the helper script, required env, and how to point Den at the snapshot for local Daytona mode.
* refactor(den-db): reset migrations and load env files
Replace the old Den SQL migration history with a fresh baseline for the current schema, and let Drizzle commands load database credentials from env files. Default to mysql when DATABASE_URL is present and otherwise use PlanetScale credentials so local Docker and hosted environments can share the same DB package cleanly.
* fix(den): prepare manual PlanetScale deploys
Update the Render workflow and Docker build path for the shared workspace packages, support PlanetScale credentials in the manual SQL migration runner, and stop auto-running DB migrations on Den startup so schema changes stay manual.
* feat(den-v2): add Daytona-first control plane
Create a new den-v2 service from the current Daytona-enabled control plane, default it to Daytona provisioning, and add a dedicated Render deployment workflow targeting the new v2 Render service.
* feat(den-worker-proxy): redirect root to landing
Send root proxy traffic to openworklabs.com so direct visits to the worker proxy domain do not hit worker-resolution errors.
---------
Co-authored-by: OmarMcAdam <gh@mcadam.io>
* feat(web): add local Den dev stack
* fix(web): stabilize mobile Den worker cards
* fix(web): default empty Den state to new worker
* Add Google auth to Den signup (#847)
* feat(den): add google auth provider
* feat(web): add social signup buttons for den
---------
Co-authored-by: jcllobet <jcllobet@users.noreply.github.com>
---------
Co-authored-by: Jan <jc2897@cornell.edu>
Co-authored-by: jcllobet <jcllobet@users.noreply.github.com>
- Add MCP Server modal (remote URL or local command) with validation
- Remove confirmation dialog before deleting MCP servers
- Default remote servers to oauth: true so OAuth flows auto-trigger
- Update placeholders to GitHub Copilot MCP and sequential-thinking
- Fix Docker dev stack bun --compile EXDEV error (cross-device rename)
- i18n support for en and zh locales
Add docker-compose.dev.yml using off-the-shelf node:22-bookworm-slim image
that starts headless + web UI with auto-wired tokens and health checks.
Builds Linux binaries into /tmp to avoid overwriting host macOS binaries.
* feat(server): add scoped tokens, inbox/outbox, toy UI, and auth hardening
- TokenService with file-based persistence (tokens.json)
- /tokens CRUD (host auth), /whoami (client auth)
- Bearer token auth accepting OPENWORK_TOKEN or scoped tokens
- POST /workspace/:id/inbox (multipart upload)
- GET /workspace/:id/artifacts, /workspace/:id/artifacts/:id
- Toy UI at /ui with SSE, prompt send, inbox upload, outbox download
- Extended GET /capabilities with schemaVersion, serverVersion, approvals info
- Updated README with all new endpoints and auth model
* feat(headless): add sandbox runtime with Docker and Apple container backends
- --sandbox none|auto|docker|container CLI flag
- --sandbox-image, --sandbox-persist-dir, --sandbox-mount options
- Mount security: allowlist, blocked patterns, symlink resolution
- Docker backend: workspace/persist volumes, sidecar staging, entrypoint
- Apple container backend: --mount type=bind for ro mounts
- Sandbox mode proxies all OpenCode access through openwork-server
- Proxy health check (waitForHealthyViaProxy) avoids SDK auth issues
- Sandbox-specific check suite (runSandboxChecks) for --check mode
- Non-fatal verifyOpenworkServer in sandbox mode for version mismatches
- Updated README with sandbox docs and mount security
* feat(packaging): add Docker/docker-compose PaaS packaging
- Dockerfile (node:22-bookworm-slim, installs openwrk via npm)
- docker-compose.yml with workspace and data volumes
- README with usage instructions
* fix(headless): define sandbox owpenbot internal health port
