mirror of https://github.com/different-ai/openwork synced 2026-05-14 19:16:24 +02:00

Files

ben f3da381606 feat: minimal container sandbox + server tokens + toy UI (#494 )

* feat(server): add scoped tokens, inbox/outbox, toy UI, and auth hardening

- TokenService with file-based persistence (tokens.json)
- /tokens CRUD (host auth), /whoami (client auth)
- Bearer token auth accepting OPENWORK_TOKEN or scoped tokens
- POST /workspace/:id/inbox (multipart upload)
- GET /workspace/:id/artifacts, /workspace/:id/artifacts/:id
- Toy UI at /ui with SSE, prompt send, inbox upload, outbox download
- Extended GET /capabilities with schemaVersion, serverVersion, approvals info
- Updated README with all new endpoints and auth model

* feat(headless): add sandbox runtime with Docker and Apple container backends

- --sandbox none|auto|docker|container CLI flag
- --sandbox-image, --sandbox-persist-dir, --sandbox-mount options
- Mount security: allowlist, blocked patterns, symlink resolution
- Docker backend: workspace/persist volumes, sidecar staging, entrypoint
- Apple container backend: --mount type=bind for ro mounts
- Sandbox mode proxies all OpenCode access through openwork-server
- Proxy health check (waitForHealthyViaProxy) avoids SDK auth issues
- Sandbox-specific check suite (runSandboxChecks) for --check mode
- Non-fatal verifyOpenworkServer in sandbox mode for version mismatches
- Updated README with sandbox docs and mount security

* feat(packaging): add Docker/docker-compose PaaS packaging

- Dockerfile (node:22-bookworm-slim, installs openwrk via npm)
- docker-compose.yml with workspace and data volumes
- README with usage instructions

* fix(headless): define sandbox owpenbot internal health port

2026-02-07 13:01:15 -08:00

script

feat: host mode prefers OpenWork server for skills/plugins management (#304 )

2026-01-28 19:11:03 -08:00

src

feat: minimal container sandbox + server tokens + toy UI (#494 )

2026-02-07 13:01:15 -08:00

cli

feat(onboarding): add browser setup entry

2026-01-29 18:33:58 -08:00

package.json

chore: bump patch versions for release

2026-02-01 16:18:18 -08:00

README.md

feat: minimal container sandbox + server tokens + toy UI (#494 )

2026-02-07 13:01:15 -08:00

tsconfig.json

feat: auto-start OpenWork server sidecar (#284 )

2026-01-27 14:36:34 -08:00

README.md

OpenWork Server

Filesystem-backed API for OpenWork remote clients. This package provides the OpenWork server layer described in packages/app/pr/openwork-server.md and is intentionally independent from the desktop app.

Quick start

npm install -g openwork-server
openwork-server --workspace /path/to/workspace --approval auto

openwork-server ships as a compiled binary, so Bun is not required at runtime.

Or from source:

pnpm --filter openwork-server dev -- \
  --workspace /path/to/workspace \
  --approval auto

The server logs the client token and host token on boot when they are auto-generated.

Add --verbose to print resolved config details on startup. Use --version to print the server version and exit.

Config file

Defaults to ~/.config/openwork/server.json (override with OPENWORK_SERVER_CONFIG or --config).

{
  "host": "127.0.0.1",
  "port": 8787,
  "approval": { "mode": "manual", "timeoutMs": 30000 },
  "workspaces": [
    {
      "path": "/Users/susan/Finance",
      "name": "Finance",
      "workspaceType": "local",
      "baseUrl": "http://127.0.0.1:4096",
      "directory": "/Users/susan/Finance"
    }
  ],
  "corsOrigins": ["http://localhost:5173"]
}

Environment variables

OPENWORK_SERVER_CONFIG path to config JSON
OPENWORK_HOST / OPENWORK_PORT
OPENWORK_TOKEN client bearer token
OPENWORK_HOST_TOKEN host approval token
OPENWORK_APPROVAL_MODE (manual | auto)
OPENWORK_APPROVAL_TIMEOUT_MS
OPENWORK_WORKSPACES (JSON array or comma-separated list of paths)
OPENWORK_CORS_ORIGINS (comma-separated list or *)
OPENWORK_OPENCODE_BASE_URL
OPENWORK_OPENCODE_DIRECTORY
OPENWORK_OPENCODE_USERNAME
OPENWORK_OPENCODE_PASSWORD

Token management (scoped tokens):

OPENWORK_TOKEN_STORE path to token store JSON (default: alongside server.json)

File injection / artifacts:

OPENWORK_INBOX_ENABLED (1 | 0)
OPENWORK_INBOX_MAX_BYTES (default: 50MB, capped)
OPENWORK_OUTBOX_ENABLED (1 | 0)

Sandbox advertisement (for capability discovery):

OPENWORK_SANDBOX_ENABLED (1 | 0)
OPENWORK_SANDBOX_BACKEND (docker | container | none)

Endpoints

GET /health
GET /status
GET /capabilities
GET /whoami
GET /workspaces
GET /workspace/:id/config
PATCH /workspace/:id/config
GET /workspace/:id/events
POST /workspace/:id/engine/reload
GET /workspace/:id/plugins
POST /workspace/:id/plugins
DELETE /workspace/:id/plugins/:name
GET /workspace/:id/skills
POST /workspace/:id/skills
GET /workspace/:id/mcp
POST /workspace/:id/mcp
DELETE /workspace/:id/mcp/:name
GET /workspace/:id/commands
POST /workspace/:id/commands
DELETE /workspace/:id/commands/:name
GET /workspace/:id/audit
GET /workspace/:id/export
POST /workspace/:id/import

Token management (host/owner auth):

GET /tokens
POST /tokens (body: { "scope": "owner"|"collaborator"|"viewer", "label"?: string })
DELETE /tokens/:id

Inbox/outbox:

POST /workspace/:id/inbox (multipart upload into .opencode/openwork/inbox/)
GET /workspace/:id/artifacts
GET /workspace/:id/artifacts/:artifactId

Toy UI (static assets served by the server):

GET /ui
GET /w/:id/ui
GET /ui/assets/*

OpenCode proxy:

GET|POST|... /opencode/*
GET|POST|... /w/:id/opencode/*

Approvals

All writes are gated by host approval.

Host APIs accept either:

X-OpenWork-Host-Token: <token> (legacy host token), or
Authorization: Bearer <token> where the token scope is owner.

Approvals endpoints:

GET /approvals
POST /approvals/:id with { "reply": "allow" | "deny" }

Set OPENWORK_APPROVAL_MODE=auto to auto-approve during local development.