* fix(desktop): suppress unused variable warnings in manager modules
Prefix unused `child` bindings with underscore in engine and openwork_server
managers to silence Rust compiler warnings.
* refactor(app): remove `as any` casts with typed SDK helpers
Create lib/opencode-session.ts that wraps OpenCode SDK session operations
(abort, revert, unrevert, shell, command listing) with proper types.
Replace all `(c.session as any).abort/revert/unrevert` and
`(c.command as any).list` calls in app.tsx with the typed helpers.
The SDK v2 already exposes these methods with full type definitions —
the casts were unnecessary and bypassed type safety on critical API paths.
* refactor(app): extract OpenWork server connection store
Create context/openwork-server.ts that encapsulates all OpenWork server
connection state: 15 signals, 6 polling effects, derived memos for
baseUrl/auth/client, and the health check helper.
This is a standalone module ready to replace the corresponding state in
app.tsx. It follows the same factory pattern as createSessionStore and
createExtensionsStore.
* feat(app): add safe execution utilities for error handling
Create lib/safe-run.ts with safeAsync, safeSync, and fireAndForget
helpers that replace bare `catch {}` blocks. Errors are logged in
development mode and silently swallowed in production.
This provides a migration path for the ~50 silent catch blocks.
* test(server): add unit tests for validators, utils, and token service
Add 41 new tests across 3 test files:
- validators.test.ts: sanitizeCommandName, validateCommandName,
validateMcpName, validateSkillName, validateMcpConfig (22 tests)
- utils.test.ts: hashToken, shortId, parseList, ensureDir/exists (10 tests)
- tokens.test.ts: TokenService CRUD, scope resolution, revocation (9 tests)
Total server test count: 48 (from 7 previously).
---------
Co-authored-by: Benjamin Shafii <benjamin.shafii@gmail.com>
Store a default directory on workspace identities and auto-create bindings on first inbound message. Remove the bindings editor from the Identities UI and keep /dir as the advanced override.
Enforces workspace-scoped owpenbot identities/bindings via openwork-server, updates the Identities UI and Tauri status schema, and adds UX evidence screenshots.
* feat: proxy owpenbot via openwork-server
Unify client surface by routing owpenbot through /owpenbot/* (+ /w/:id/owpenbot/*), and move QR/token flows off interactive CLI calls. Sandbox mode keeps owpenbot internal (no extra published port) while preserving health + config via the edge.
* chore(desktop): refresh Cargo.lock
Update the Tauri crate lockfile so linux CI can run with --locked.
* feat(server): add scoped tokens, inbox/outbox, toy UI, and auth hardening
- TokenService with file-based persistence (tokens.json)
- /tokens CRUD (host auth), /whoami (client auth)
- Bearer token auth accepting OPENWORK_TOKEN or scoped tokens
- POST /workspace/:id/inbox (multipart upload)
- GET /workspace/:id/artifacts, /workspace/:id/artifacts/:id
- Toy UI at /ui with SSE, prompt send, inbox upload, outbox download
- Extended GET /capabilities with schemaVersion, serverVersion, approvals info
- Updated README with all new endpoints and auth model
* feat(headless): add sandbox runtime with Docker and Apple container backends
- --sandbox none|auto|docker|container CLI flag
- --sandbox-image, --sandbox-persist-dir, --sandbox-mount options
- Mount security: allowlist, blocked patterns, symlink resolution
- Docker backend: workspace/persist volumes, sidecar staging, entrypoint
- Apple container backend: --mount type=bind for ro mounts
- Sandbox mode proxies all OpenCode access through openwork-server
- Proxy health check (waitForHealthyViaProxy) avoids SDK auth issues
- Sandbox-specific check suite (runSandboxChecks) for --check mode
- Non-fatal verifyOpenworkServer in sandbox mode for version mismatches
- Updated README with sandbox docs and mount security
* feat(packaging): add Docker/docker-compose PaaS packaging
- Dockerfile (node:22-bookworm-slim, installs openwrk via npm)
- docker-compose.yml with workspace and data volumes
- README with usage instructions
* fix(headless): define sandbox owpenbot internal health port
* fix(owpenbot): make token saves fast and resilient
Persist Telegram/Slack tokens even when owpenbot is offline, bound adapter restarts to avoid long hangs, and refresh UI status with apply warnings.
* chore: update Cargo.lock
Keep desktop Cargo.lock in sync with the crate version so CI cargo --locked passes.
* feat(server): expose all workspaces and support mounted baseUrl
* feat(ui): keep tasks visible across workspaces
* feat(desktop): default engine runtime to openwrk
* feat(owpenbot): route chats by directory bindings
* feat(workspace): add Share modal in workspace menu
* feat(workspace): share workspace from session view
* feat(workspace): store OpenWork token per workspace
* feat(workspace): scope OpenWork sharing via /w/:id mounts
* fix(app): scope and defer reload prompts
Avoid reload-required spam by ignoring .opencode/openwork.json, scoping detection to the active workspace, and deferring prompts until sessions go idle. Add per-workspace auto-reload + optional resume so agent/skill/command updates apply without tearing down the UX.
* chore(desktop): sync Cargo.lock
Keep Cargo.lock consistent with the desktop crate version so CI can run cargo test --locked on Linux.
* feat(app): reload via OpenWork server
* feat(server): emit reload events for UI
* fix: resolve reload timeout and approval errors
- Add idleTimeout: 120 to Bun.serve() to prevent 10-second timeout on long operations
- Pass --approval auto flag when spawning OpenWork server from desktop app
- Suppress dead_code warning on OpenwrkStateFile.version field
