mirror of
https://github.com/different-ai/openwork
synced 2026-05-14 11:06:25 +02:00
f3da381606
* feat(server): add scoped tokens, inbox/outbox, toy UI, and auth hardening - TokenService with file-based persistence (tokens.json) - /tokens CRUD (host auth), /whoami (client auth) - Bearer token auth accepting OPENWORK_TOKEN or scoped tokens - POST /workspace/:id/inbox (multipart upload) - GET /workspace/:id/artifacts, /workspace/:id/artifacts/:id - Toy UI at /ui with SSE, prompt send, inbox upload, outbox download - Extended GET /capabilities with schemaVersion, serverVersion, approvals info - Updated README with all new endpoints and auth model * feat(headless): add sandbox runtime with Docker and Apple container backends - --sandbox none|auto|docker|container CLI flag - --sandbox-image, --sandbox-persist-dir, --sandbox-mount options - Mount security: allowlist, blocked patterns, symlink resolution - Docker backend: workspace/persist volumes, sidecar staging, entrypoint - Apple container backend: --mount type=bind for ro mounts - Sandbox mode proxies all OpenCode access through openwork-server - Proxy health check (waitForHealthyViaProxy) avoids SDK auth issues - Sandbox-specific check suite (runSandboxChecks) for --check mode - Non-fatal verifyOpenworkServer in sandbox mode for version mismatches - Updated README with sandbox docs and mount security * feat(packaging): add Docker/docker-compose PaaS packaging - Dockerfile (node:22-bookworm-slim, installs openwrk via npm) - docker-compose.yml with workspace and data volumes - README with usage instructions * fix(headless): define sandbox owpenbot internal health port
OpenWork Server
Filesystem-backed API for OpenWork remote clients. This package provides the OpenWork server layer described in packages/app/pr/openwork-server.md and is intentionally independent from the desktop app.
Quick start
npm install -g openwork-server
openwork-server --workspace /path/to/workspace --approval auto
openwork-server ships as a compiled binary, so Bun is not required at runtime.
Or from source:
pnpm --filter openwork-server dev -- \
--workspace /path/to/workspace \
--approval auto
The server logs the client token and host token on boot when they are auto-generated.
Add --verbose to print resolved config details on startup. Use --version to print the server version and exit.
Config file
Defaults to ~/.config/openwork/server.json (override with OPENWORK_SERVER_CONFIG or --config).
{
"host": "127.0.0.1",
"port": 8787,
"approval": { "mode": "manual", "timeoutMs": 30000 },
"workspaces": [
{
"path": "/Users/susan/Finance",
"name": "Finance",
"workspaceType": "local",
"baseUrl": "http://127.0.0.1:4096",
"directory": "/Users/susan/Finance"
}
],
"corsOrigins": ["http://localhost:5173"]
}
Environment variables
OPENWORK_SERVER_CONFIGpath to config JSONOPENWORK_HOST/OPENWORK_PORTOPENWORK_TOKENclient bearer tokenOPENWORK_HOST_TOKENhost approval tokenOPENWORK_APPROVAL_MODE(manual|auto)OPENWORK_APPROVAL_TIMEOUT_MSOPENWORK_WORKSPACES(JSON array or comma-separated list of paths)OPENWORK_CORS_ORIGINS(comma-separated list or*)OPENWORK_OPENCODE_BASE_URLOPENWORK_OPENCODE_DIRECTORYOPENWORK_OPENCODE_USERNAMEOPENWORK_OPENCODE_PASSWORD
Token management (scoped tokens):
OPENWORK_TOKEN_STOREpath to token store JSON (default: alongsideserver.json)
File injection / artifacts:
OPENWORK_INBOX_ENABLED(1|0)OPENWORK_INBOX_MAX_BYTES(default: 50MB, capped)OPENWORK_OUTBOX_ENABLED(1|0)
Sandbox advertisement (for capability discovery):
OPENWORK_SANDBOX_ENABLED(1|0)OPENWORK_SANDBOX_BACKEND(docker|container|none)
Endpoints
GET /healthGET /statusGET /capabilitiesGET /whoamiGET /workspacesGET /workspace/:id/configPATCH /workspace/:id/configGET /workspace/:id/eventsPOST /workspace/:id/engine/reloadGET /workspace/:id/pluginsPOST /workspace/:id/pluginsDELETE /workspace/:id/plugins/:nameGET /workspace/:id/skillsPOST /workspace/:id/skillsGET /workspace/:id/mcpPOST /workspace/:id/mcpDELETE /workspace/:id/mcp/:nameGET /workspace/:id/commandsPOST /workspace/:id/commandsDELETE /workspace/:id/commands/:nameGET /workspace/:id/auditGET /workspace/:id/exportPOST /workspace/:id/import
Token management (host/owner auth):
GET /tokensPOST /tokens(body:{ "scope": "owner"|"collaborator"|"viewer", "label"?: string })DELETE /tokens/:id
Inbox/outbox:
POST /workspace/:id/inbox(multipart upload into.opencode/openwork/inbox/)GET /workspace/:id/artifactsGET /workspace/:id/artifacts/:artifactId
Toy UI (static assets served by the server):
GET /uiGET /w/:id/uiGET /ui/assets/*
OpenCode proxy:
GET|POST|... /opencode/*GET|POST|... /w/:id/opencode/*
Approvals
All writes are gated by host approval.
Host APIs accept either:
X-OpenWork-Host-Token: <token>(legacy host token), orAuthorization: Bearer <token>where the token scope isowner.
Approvals endpoints:
GET /approvalsPOST /approvals/:idwith{ "reply": "allow" | "deny" }
Set OPENWORK_APPROVAL_MODE=auto to auto-approve during local development.