mirror of
https://github.com/different-ai/openwork
synced 2026-05-14 19:16:24 +02:00
f3da381606
* feat(server): add scoped tokens, inbox/outbox, toy UI, and auth hardening - TokenService with file-based persistence (tokens.json) - /tokens CRUD (host auth), /whoami (client auth) - Bearer token auth accepting OPENWORK_TOKEN or scoped tokens - POST /workspace/:id/inbox (multipart upload) - GET /workspace/:id/artifacts, /workspace/:id/artifacts/:id - Toy UI at /ui with SSE, prompt send, inbox upload, outbox download - Extended GET /capabilities with schemaVersion, serverVersion, approvals info - Updated README with all new endpoints and auth model * feat(headless): add sandbox runtime with Docker and Apple container backends - --sandbox none|auto|docker|container CLI flag - --sandbox-image, --sandbox-persist-dir, --sandbox-mount options - Mount security: allowlist, blocked patterns, symlink resolution - Docker backend: workspace/persist volumes, sidecar staging, entrypoint - Apple container backend: --mount type=bind for ro mounts - Sandbox mode proxies all OpenCode access through openwork-server - Proxy health check (waitForHealthyViaProxy) avoids SDK auth issues - Sandbox-specific check suite (runSandboxChecks) for --check mode - Non-fatal verifyOpenworkServer in sandbox mode for version mismatches - Updated README with sandbox docs and mount security * feat(packaging): add Docker/docker-compose PaaS packaging - Dockerfile (node:22-bookworm-slim, installs openwrk via npm) - docker-compose.yml with workspace and data volumes - README with usage instructions * fix(headless): define sandbox owpenbot internal health port