* feat: proxy owpenbot via openwork-server
Unify client surface by routing owpenbot through /owpenbot/* (+ /w/:id/owpenbot/*), and move QR/token flows off interactive CLI calls. Sandbox mode keeps owpenbot internal (no extra published port) while preserving health + config via the edge.
* chore(desktop): refresh Cargo.lock
Update the Tauri crate lockfile so linux CI can run with --locked.
* feat(server): add scoped tokens, inbox/outbox, toy UI, and auth hardening
- TokenService with file-based persistence (tokens.json)
- /tokens CRUD (host auth), /whoami (client auth)
- Bearer token auth accepting OPENWORK_TOKEN or scoped tokens
- POST /workspace/:id/inbox (multipart upload)
- GET /workspace/:id/artifacts, /workspace/:id/artifacts/:id
- Toy UI at /ui with SSE, prompt send, inbox upload, outbox download
- Extended GET /capabilities with schemaVersion, serverVersion, approvals info
- Updated README with all new endpoints and auth model
* feat(headless): add sandbox runtime with Docker and Apple container backends
- --sandbox none|auto|docker|container CLI flag
- --sandbox-image, --sandbox-persist-dir, --sandbox-mount options
- Mount security: allowlist, blocked patterns, symlink resolution
- Docker backend: workspace/persist volumes, sidecar staging, entrypoint
- Apple container backend: --mount type=bind for ro mounts
- Sandbox mode proxies all OpenCode access through openwork-server
- Proxy health check (waitForHealthyViaProxy) avoids SDK auth issues
- Sandbox-specific check suite (runSandboxChecks) for --check mode
- Non-fatal verifyOpenworkServer in sandbox mode for version mismatches
- Updated README with sandbox docs and mount security
* feat(packaging): add Docker/docker-compose PaaS packaging
- Dockerfile (node:22-bookworm-slim, installs openwrk via npm)
- docker-compose.yml with workspace and data volumes
- README with usage instructions
* fix(headless): define sandbox owpenbot internal health port
Avoid hard-coding 3005 so owpenbot health checks don't fail when the default port is already in use. Still supports explicit --owpenbot-health-port / OWPENBOT_HEALTH_PORT overrides.
Stop pinning OpenCode in package metadata and resolve the latest release during sidecar bundling/runtime, while still allowing OPENCODE_VERSION to pin for reproducible builds.
* feat(headless): align sidecar bundle parity
Build headless sidecars from the same sources as desktop and record manifest checks so version integrity stays consistent across runtimes.
* feat(owpenbot): hot-set telegram token
Expose a health REST endpoint to update the Telegram token at runtime, wire the app to call it, and keep status reporting in sync without restarts.
