* fix(den): support legacy org invitation routes
Restore the old org-scoped invitation paths and rehydrate sessions to a user's first organization when activeOrg is missing so older clients keep working. Include the shared types workspace in Den Docker images so the local verification stack can still build.
* fix(den): proxy legacy org-scoped routes
Route legacy '/v1/orgs/:orgId/*' requests into the new unscoped '/v1/*' handlers while preserving the current '/v1/orgs/...' endpoints. Pass the org id through middleware so old clients keep the intended workspace context and add coverage for the generic proxy behavior.
* refactor(den): trim invitation route churn
Drop the leftover invitation-specific handler extraction now that legacy org-scoped forwarding is handled generically in the org router. Keep the proxy behavior intact while returning the invitation routes closer to their original shape.
---------
Co-authored-by: src-opn <src-opn@users.noreply.github.com>
* fix(den-api): surface invitation email send failures instead of swallowing
Loops failures in sendDenOrganizationInvitationEmail and
sendDenVerificationEmail were being caught and logged at warn level,
so the HTTP handlers still returned 201 'Invitation created' even when
no email ever left the process. Ben observed this with two live
invitations: the DB row was pending, the UI showed it, but one of two
recipients never received the email and clicking resend re-ran the same
silent-failure path.
Root cause (from an explore audit):
- email.ts:129,132 swallowed non-2xx Loops responses and fetch throws.
- invitations.ts awaited the send and unconditionally returned 2xx.
- There is no 'skip email if user already exists' branch anywhere;
the Slack hypothesis was wrong. The failure mode is provider-side and
was invisible because of the swallow.
Changes:
- Introduce DenEmailSendError with a stable reason tagged union
(loops_not_configured | loops_rejected | loops_network).
- sendDenOrganizationInvitationEmail and sendDenVerificationEmail now
throw DenEmailSendError on failure. Dev-mode short-circuit is
preserved (still logs the payload and returns cleanly).
- POST /v1/orgs/:orgId/invitations catches DenEmailSendError, logs via
console.error with a stable [auth][invite_email_failed] prefix
(greppable across deployments), and returns 502
invitation_email_failed with a human-readable message and the
invitationId so the UI can correlate and offer a retry. The row is
left pending intentionally so the next submit becomes a real resend.
- Document the 502 response in the OpenAPI describeRoute.
Operator note: if LOOPS_TRANSACTIONAL_ID_DEN_VERIFY_EMAIL is unset the
signup OTP endpoint will now return a real error instead of silently
stranding the user at the OTP screen forever. This is intentional; the
previous behavior was a latent signup-breaking bug.
* fix(den-api): tolerate missing apps/desktop/package.json in Docker build
PR #1476 introduced a build step that reads apps/desktop/package.json to
bake in a default latest-app-version, but packaging/docker/Dockerfile.den
does not ship the Tauri desktop sources. As a result, the den-dev Docker
stack fails to build after the PR landed. Gracefully fall back to 0.0.0
(matching the runtime default) when the file is absent, and allow a
DEN_API_LATEST_APP_VERSION env override so deployers can still pin a
real value.
* test(den-api): add smoke script for invite email failure paths
scripts/smoke-email-failures.mjs exercises the DenEmailSendError paths
against the built dist/ of den-api. Ships with instructions so a
reviewer can rerun it inside the docker-compose den-dev container with
a single command.
Also parameterises OPENWORK_DEV_MODE in the den compose service so the
failure paths can be reached from outside the container when needed
(defaults to 1; override with OPENWORK_DEV_MODE=0 at compose time).
* add pre-baked microsandbox image
Bake openwork, openwork-server, and the pinned opencode binary into a single Docker image so micro-sandbox remote-connect smoke tests can boot quickly and be verified with curl and container health checks.
* add Rust microsandbox example
Add a standalone microsandbox SDK example that boots the OpenWork image, validates remote-connect endpoints, and streams sandbox logs so backend-only sandbox behavior can be exercised without Docker.
* exclude Rust example build output
Keep the standalone microsandbox example in git, but drop generated Cargo target artifacts so the branch only contains source, docs, and lockfile.
* test
* add microsandbox feature flag for sandbox creation
Made-with: Cursor
* refactor sandbox mode isolation
Made-with: Cursor
* feat(den): add org-managed llm provider library
Let Den admins curate shared providers and models with encrypted credentials, then let the app connect through the existing add-provider flow. This keeps org-wide model access consistent without requiring per-user OAuth setup.
* docs(den): prefer longer db encryption keys
* fix(den): pass db encryption key through local dev
---------
Co-authored-by: src-opn <src-opn@users.noreply.github.com>
- Revised the "Importing a skill" documentation for clarity and consistency, including updated descriptions and instructions.
- Enhanced the AUR README to specify the removal of the bundled `/usr/bin/opencode` file to prevent conflicts with `opencode-bin`, ensuring compatibility with existing installations.
* fix(den): parse skill frontmatter when saving skills
Keep the full SKILL.md payload in the database, derive title and description from frontmatter, and require a frontmatter name in the API. Also include shared packages in the Den web Docker image so the upload flow can be verified end to end.
* fix(den-web): transpile shared utils package
Include @openwork-ee/utils in Next's transpilePackages list so the client skill editor resolves the shared frontmatter helpers during production builds.
* fix(den-web): keep skill parsing local to the app
Move the client-side skill markdown parser into the Den web app so production builds do not depend on resolving a workspace package boundary from a client component.
* refactor(den): share skill frontmatter parsing via utils
Make Den web and Den API both depend on @openwork-ee/utils for skill frontmatter parsing, refresh the workspace lockfile, and keep the Den web build wiring explicit for CI and Docker.
* fix(den-web): build Den from the monorepo root on Vercel
Keep the shared utils package setup, but make Vercel install and build from the repo root so workspace dependencies like @openwork-ee/utils are always available when Den web deploys from its app subdirectory.
* docs(den-web): keep Vercel workspace settings in the dashboard
Remove the app-level Vercel command override from the repo and document the monorepo install/build settings for the dashboard instead.
---------
Co-authored-by: src-opn <src-opn@users.noreply.github.com>
Keep server-side share publish and fetch traffic on the configured OpenWork publisher so bundle links cannot steer host requests to arbitrary targets. Add a warning-backed client-side fallback for manual imports from untrusted bundle URLs.
Co-authored-by: src-opn <src-opn@users.noreply.github.com>
* Add Den org auth model and template APIs
Wire Better Auth organizations with TypeId-backed schema and migrations, enforce owner/admin org permissions, and add org-scoped template create/list/delete endpoints. Simplify the Den org dashboard UX and update Docker dev packaging paths for the ee apps/packages layout.
* Add manual-safe org migration SQL
Provide a Vitess-compatible version of the organization migration without statement-breakpoint markers or unsupported IF NOT EXISTS column syntax so operators can run it directly in SQL consoles.
---------
Co-authored-by: src-opn <src-opn@users.noreply.github.com>
* refactor(repo): move OpenWork apps into apps and ee layout
Rebase the monorepo layout migration onto the latest dev changes so the moved app, desktop, share, and cloud surfaces keep working from their new paths. Carry the latest deeplink, token persistence, build, Vercel, and docs updates forward to avoid stale references and broken deploy tooling.
* chore(repo): drop generated desktop artifacts
Ignore the moved Tauri target and sidecar paths so local cargo checks do not pollute the branch. Remove the accidentally committed outputs from the repo while keeping the layout migration intact.
* fix(release): drop built server cli artifact
Stop tracking the locally built apps/server/cli binary so generated server outputs do not leak into commits. Also update the release workflow to check the published scoped package name for @openwork/server before deciding whether npm publish is needed.
* fix(workspace): add stable CLI bin wrappers
Point the server and router package bins at committed wrapper scripts so workspace installs can create shims before dist outputs exist. Keep the wrappers compatible with built binaries and source checkouts to avoid Vercel install warnings without changing runtime behavior.
Keep the worker rename step focused on small screens, and point the Den Docker services at their built entrypoints so the onboarding flow can be verified end to end.
