The isSafeUrl function was blocking all data: URLs including
data:image/jpeg;base64,... returned by AI image generation models.
This caused markdown images like 
to render with empty src, showing only the alt text 'Image'.
Now data:image/* URIs are whitelisted while other data: schemes
(e.g. data:text/html) remain blocked to prevent XSS.
Co-authored-by: taoyuan <taoyuan@gmail.com>
When using an IME (e.g. Chinese, Japanese, Korean input methods), pressing
Enter to confirm character conversion was incorrectly triggering form
submissions, message sends, and other actions.
Changes across 10 files:
- composer.tsx: triple-check IME state (event.isComposing + manual
compositionstart/end flag + keyCode === 229) with addEventListener
binding to work around SolidJS event delegation limitations
- model-picker-modal.tsx: guard Enter for model selection
- question-modal.tsx: guard Enter for option/custom input (2 handlers)
- rename-session-modal.tsx: guard Enter for session rename
- rename-workspace-modal.tsx: guard Enter for workspace rename
- dashboard.tsx: guard Enter for workspace/session list items (3 handlers)
- session.tsx: guard Enter for workspace/session list items (3 handlers)
- proto-v1-ux.tsx: guard Enter for expandable section toggle
- skills.tsx: guard Enter for skill card activation
- onboarding.tsx: guard Enter for directory path input
Co-authored-by: taoyuan <taoyuan@gmail.com>
* feat(server): add scoped tokens, inbox/outbox, toy UI, and auth hardening
- TokenService with file-based persistence (tokens.json)
- /tokens CRUD (host auth), /whoami (client auth)
- Bearer token auth accepting OPENWORK_TOKEN or scoped tokens
- POST /workspace/:id/inbox (multipart upload)
- GET /workspace/:id/artifacts, /workspace/:id/artifacts/:id
- Toy UI at /ui with SSE, prompt send, inbox upload, outbox download
- Extended GET /capabilities with schemaVersion, serverVersion, approvals info
- Updated README with all new endpoints and auth model
* feat(headless): add sandbox runtime with Docker and Apple container backends
- --sandbox none|auto|docker|container CLI flag
- --sandbox-image, --sandbox-persist-dir, --sandbox-mount options
- Mount security: allowlist, blocked patterns, symlink resolution
- Docker backend: workspace/persist volumes, sidecar staging, entrypoint
- Apple container backend: --mount type=bind for ro mounts
- Sandbox mode proxies all OpenCode access through openwork-server
- Proxy health check (waitForHealthyViaProxy) avoids SDK auth issues
- Sandbox-specific check suite (runSandboxChecks) for --check mode
- Non-fatal verifyOpenworkServer in sandbox mode for version mismatches
- Updated README with sandbox docs and mount security
* feat(packaging): add Docker/docker-compose PaaS packaging
- Dockerfile (node:22-bookworm-slim, installs openwrk via npm)
- docker-compose.yml with workspace and data volumes
- README with usage instructions
* fix(headless): define sandbox owpenbot internal health port
- Default WhatsApp to disabled unless creds/config enable it\n- Never print QR codes from bridge startup (printQr=false)\n- Lazy-load WhatsApp adapter to avoid Bun ws warnings when disabled\n- Add REST endpoints: GET /whatsapp/qr, GET/POST /config/whatsapp-enabled\n- Only print CLI command hints in interactive TTY mode
Avoid hard-coding 3005 so owpenbot health checks don't fail when the default port is already in use. Still supports explicit --owpenbot-health-port / OWPENBOT_HEALTH_PORT overrides.
* fix(owpenbot): make token saves fast and resilient
Persist Telegram/Slack tokens even when owpenbot is offline, bound adapter restarts to avoid long hangs, and refresh UI status with apply warnings.
* chore: update Cargo.lock
Keep desktop Cargo.lock in sync with the crate version so CI cargo --locked passes.
Keep the dashboard stable when switching workspaces by preventing implicit session navigation during connect/reconnect flows. Delay the switch overlay to avoid flashes on fast switches and reuse an existing local host when bouncing remote<->local.
Filter sidebar sessions by workspace root so local workspaces don't show identical task lists. Also start the local host engine when switching from a remote workspace back to local, and hide the session count badge to prevent header overflow.
* feat(server): expose all workspaces and support mounted baseUrl
* feat(ui): keep tasks visible across workspaces
* feat(desktop): default engine runtime to openwrk
* feat(owpenbot): route chats by directory bindings
Stop pinning OpenCode in package metadata and resolve the latest release during sidecar bundling/runtime, while still allowing OPENCODE_VERSION to pin for reproducible builds.
Images are now compressed via canvas resize (max 2048px) + JPEG transcode
(quality 0.82, target <1.5MB) before base64 encoding. Uses OffscreenCanvas
when available to avoid blocking the main thread. Adds a post-encoding size
pre-check to show an explicit error instead of silently failing.
Fixes#481
* feat(workspace): add Share modal in workspace menu
* feat(workspace): share workspace from session view
* feat(workspace): store OpenWork token per workspace
* feat(workspace): scope OpenWork sharing via /w/:id mounts
