Reuse an existing Vite dev server instead of failing on busy ports, avoid Node 25 top-level await exit, and ensure opencode sidecar tracks latest when unpinned.
* fix(owpenbot): guard health timer cleanup
Avoid calling clearInterval with a null timer so TypeScript builds stay green.
* feat(owpenbot): add operator TUI
Add a TTY-first interactive menu that talks to the owpenbot health API (direct or via openwork-server proxy) for QR, token, groups, and bindings management.
* chore(desktop): refresh Cargo.lock
Update the lockfile to match the current desktop crate version so Linux CI can run with --locked.
* fix(owpenbot): require client token for proxy TUI
When using openwork-server proxy mode, include a Bearer client token for /owpenbot/health while still supporting host-token for admin endpoints.
* feat(openwrk): add deploy ssh adapter
Add an SSH deploy command that bootstraps openwrk on a remote Linux host via the npm tarball, optionally syncs workspace config, and starts the host under nohup with a connect artifact for pairing.
* chore(desktop): refresh Cargo.lock
Update the lockfile to match the current desktop crate version so Linux CI can run with --locked.
Run tauri dev with a separate bundle identifier and OPENWRK_DATA_DIR so dev and production can run side-by-side without clobbering app data or openwrk state.
Gate verbose logs behind openwork.debug.workspaceSwitch to capture timing, session list counts, and sidebar refresh behavior during remote->local switches.
Limit sidebar session list payload and avoid refreshing remote workspaces when only local engine auth/baseUrl changes (common on remote->local switches).
* feat: proxy owpenbot via openwork-server
Unify client surface by routing owpenbot through /owpenbot/* (+ /w/:id/owpenbot/*), and move QR/token flows off interactive CLI calls. Sandbox mode keeps owpenbot internal (no extra published port) while preserving health + config via the edge.
* chore(desktop): refresh Cargo.lock
Update the Tauri crate lockfile so linux CI can run with --locked.
- Replace flat step list with compact single-line rows featuring status dots,
tool-type-specific icons (read/edit/search/terminal/etc), and truncated details
- Add classifyTool() for semantic tool categorization and icon mapping
- Improve summarizeStep() to extract filenames, commands, and patterns
instead of dumping raw output with line numbers
- Replace bordered card container with clean left-border-line expand panel
- Show step count badge in collapsed state ('N steps')
- Add running state indicator with pulse animation
- Use ChevronRight rotate animation instead of ChevronDown for expand/collapse
- Extract StepsContainer as reusable component for both cluster and inline steps
- Filter out raw file content markers (<file> 00001|) from detail text
- Parse 'Success. Updated...' messages to show just the filename
The Plugins nav item was dropped during the DLS alignment refactor (bd6062c).
The PluginsView component and tab routing were still wired correctly --
only the sidebar and mobile bottom-nav buttons were missing.
- Add Plugins button to right sidebar (between Skills and Apps)
- Add Plugins button to mobile bottom nav (5-col grid)
- Import Cpu icon from lucide-solid (same icon used before removal)
The isSafeUrl function was blocking all data: URLs including
data:image/jpeg;base64,... returned by AI image generation models.
This caused markdown images like 
to render with empty src, showing only the alt text 'Image'.
Now data:image/* URIs are whitelisted while other data: schemes
(e.g. data:text/html) remain blocked to prevent XSS.
Co-authored-by: taoyuan <taoyuan@gmail.com>
When using an IME (e.g. Chinese, Japanese, Korean input methods), pressing
Enter to confirm character conversion was incorrectly triggering form
submissions, message sends, and other actions.
Changes across 10 files:
- composer.tsx: triple-check IME state (event.isComposing + manual
compositionstart/end flag + keyCode === 229) with addEventListener
binding to work around SolidJS event delegation limitations
- model-picker-modal.tsx: guard Enter for model selection
- question-modal.tsx: guard Enter for option/custom input (2 handlers)
- rename-session-modal.tsx: guard Enter for session rename
- rename-workspace-modal.tsx: guard Enter for workspace rename
- dashboard.tsx: guard Enter for workspace/session list items (3 handlers)
- session.tsx: guard Enter for workspace/session list items (3 handlers)
- proto-v1-ux.tsx: guard Enter for expandable section toggle
- skills.tsx: guard Enter for skill card activation
- onboarding.tsx: guard Enter for directory path input
Co-authored-by: taoyuan <taoyuan@gmail.com>
* feat(server): add scoped tokens, inbox/outbox, toy UI, and auth hardening
- TokenService with file-based persistence (tokens.json)
- /tokens CRUD (host auth), /whoami (client auth)
- Bearer token auth accepting OPENWORK_TOKEN or scoped tokens
- POST /workspace/:id/inbox (multipart upload)
- GET /workspace/:id/artifacts, /workspace/:id/artifacts/:id
- Toy UI at /ui with SSE, prompt send, inbox upload, outbox download
- Extended GET /capabilities with schemaVersion, serverVersion, approvals info
- Updated README with all new endpoints and auth model
* feat(headless): add sandbox runtime with Docker and Apple container backends
- --sandbox none|auto|docker|container CLI flag
- --sandbox-image, --sandbox-persist-dir, --sandbox-mount options
- Mount security: allowlist, blocked patterns, symlink resolution
- Docker backend: workspace/persist volumes, sidecar staging, entrypoint
- Apple container backend: --mount type=bind for ro mounts
- Sandbox mode proxies all OpenCode access through openwork-server
- Proxy health check (waitForHealthyViaProxy) avoids SDK auth issues
- Sandbox-specific check suite (runSandboxChecks) for --check mode
- Non-fatal verifyOpenworkServer in sandbox mode for version mismatches
- Updated README with sandbox docs and mount security
* feat(packaging): add Docker/docker-compose PaaS packaging
- Dockerfile (node:22-bookworm-slim, installs openwrk via npm)
- docker-compose.yml with workspace and data volumes
- README with usage instructions
* fix(headless): define sandbox owpenbot internal health port
- Default WhatsApp to disabled unless creds/config enable it\n- Never print QR codes from bridge startup (printQr=false)\n- Lazy-load WhatsApp adapter to avoid Bun ws warnings when disabled\n- Add REST endpoints: GET /whatsapp/qr, GET/POST /config/whatsapp-enabled\n- Only print CLI command hints in interactive TTY mode
Avoid hard-coding 3005 so owpenbot health checks don't fail when the default port is already in use. Still supports explicit --owpenbot-health-port / OWPENBOT_HEALTH_PORT overrides.
