mirror of
https://github.com/different-ai/openwork
synced 2026-05-14 11:06:25 +02:00
f3da381606
* feat(server): add scoped tokens, inbox/outbox, toy UI, and auth hardening - TokenService with file-based persistence (tokens.json) - /tokens CRUD (host auth), /whoami (client auth) - Bearer token auth accepting OPENWORK_TOKEN or scoped tokens - POST /workspace/:id/inbox (multipart upload) - GET /workspace/:id/artifacts, /workspace/:id/artifacts/:id - Toy UI at /ui with SSE, prompt send, inbox upload, outbox download - Extended GET /capabilities with schemaVersion, serverVersion, approvals info - Updated README with all new endpoints and auth model * feat(headless): add sandbox runtime with Docker and Apple container backends - --sandbox none|auto|docker|container CLI flag - --sandbox-image, --sandbox-persist-dir, --sandbox-mount options - Mount security: allowlist, blocked patterns, symlink resolution - Docker backend: workspace/persist volumes, sidecar staging, entrypoint - Apple container backend: --mount type=bind for ro mounts - Sandbox mode proxies all OpenCode access through openwork-server - Proxy health check (waitForHealthyViaProxy) avoids SDK auth issues - Sandbox-specific check suite (runSandboxChecks) for --check mode - Non-fatal verifyOpenworkServer in sandbox mode for version mismatches - Updated README with sandbox docs and mount security * feat(packaging): add Docker/docker-compose PaaS packaging - Dockerfile (node:22-bookworm-slim, installs openwrk via npm) - docker-compose.yml with workspace and data volumes - README with usage instructions * fix(headless): define sandbox owpenbot internal health port
opencode
@ 65e267ed3a
OpenWork
OpenWork helps you run your agents, skills, and MCP. It's an open-source alternative to Claude Cowork/Codex (desktop app).
Core Philos
- Local-first, cloud-ready: OpenWork runs on your machine in one click. Send a message instantly.
- Composable: desktop app, WhatsApp/Slack/Telegram connector, or server. Use what fits, no lock-in.
- Ejectable: OpenWork is powered by OpenCode, so everything OpenCode can do works in OpenWork, even without a UI yet.
- Sharing is caring: start solo, then share. One CLI or desktop command spins up an instantly shareable instance.
OpenWork is designed around the idea that you can easily ship your agentic workflows as a repeatable, productized process.
Alternate UIs
- Owpenbot (WhatsApp bot): a lightweight WhatsApp bridge for a running OpenCode server. Install with:
curl -fsSL https://raw.githubusercontent.com/different-ai/owpenbot/dev/install.sh | bash- run
owpenbot setup, thenowpenbot whatsapp login, thenowpenbot start - full setup: https://github.com/different-ai/owpenbot/blob/dev/README.md
- Openwrk (CLI host): run OpenCode + OpenWork server without the desktop UI. Install with
npm install -g openwrk.
Quick start
Download the dmg here https://github.com/different-ai/openwork/releases (or install from source below)
Why
Current CLI and GUIs for opencode are anchored around developers. That means a focus on file diffs, tool names, and hard to extend capabilities without relying on exposing some form of cli.
OpenWork is designed to be:
- Extensible: skill and opencode plugins are installable modules.
- Auditable: show what happened, when, and why.
- Permissioned: access to privileged flows.
- Local/Remote: OpenWork works locally as well as can connect to remote servers.
What’s Included
- Host mode: runs opencode locally on your computer
- Client mode: connect to an existing OpenCode server by URL.
- Sessions: create/select sessions and send prompts.
- Live streaming: SSE
/eventsubscription for realtime updates. - Execution plan: render OpenCode todos as a timeline.
- Permissions: surface permission requests and reply (allow once / always / deny).
- Templates: save and re-run common workflows (stored locally).
- Skills manager:
- list installed
.opencode/skillsfolders - install from OpenPackage (
opkg install ...) - import a local skill folder into
.opencode/skills/<skill-name>
- list installed
Skill Manager
Works on local computer or servers
Quick Start
Requirements
- Node.js +
pnpm - Rust toolchain (for Tauri): install via
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh - Tauri CLI:
cargo install tauri-cli - OpenCode CLI installed and available on PATH:
opencode
Install
pnpm install
OpenWork now lives in packages/app (UI) and packages/desktop (desktop shell).
Run (Desktop)
pnpm dev
Run (Web UI only)
pnpm dev:ui
Arch Users:
yay -s opencode # Releases version
Architecture (high-level)
-
In Host mode, OpenWork spawns:
opencode serve --hostname 127.0.0.1 --port <free-port>- with your selected project folder as the process working directory. In Host mode, OpenWork starts an OpenCode server directly on your own computer in the background. When you select a project folder, OpenWork runs OpenCode locally using that folder and connects the desktop UI to it. This allows you to run agentic workflows, send prompts, and see progress entirely on your machine without relying on a remote server.
-
The UI uses
@opencode-ai/sdk/v2/clientto:- connect to the server
- list/create sessions
- send prompts
- subscribe to SSE events(Server-Sent Events are used to stream real-time updates from the server to the UI.)
- read todos and permission requests
Folder Picker
The folder picker uses the Tauri dialog plugin. Capability permissions are defined in:
packages/desktop/src-tauri/capabilities/default.json
OpenPackage Notes
If opkg is not installed globally, OpenWork falls back to:
pnpm dlx opkg install <package>
OpenCode Plugins
Plugins are the native way to extend OpenCode. OpenWork now manages them from the Skills tab by
reading and writing opencode.json.
- Project scope:
<workspace>/opencode.json - Global scope:
~/.config/opencode/opencode.json(or$XDG_CONFIG_HOME/opencode/opencode.json)
You can still edit opencode.json manually; OpenWork uses the same format as the OpenCode CLI:
{
"$schema": "https://opencode.ai/config.json",
"plugin": ["opencode-wakatime"]
}
Useful Commands
pnpm dev
pnpm dev:ui
pnpm typecheck
pnpm build
pnpm build:ui
pnpm test:e2e
Troubleshooting
Linux / Wayland (Hyprland)
If OpenWork crashes on launch with WebKitGTK errors like Failed to create GBM buffer, disable dmabuf or compositing before launch. Try one of the following environment flags.
WEBKIT_DISABLE_DMABUF_RENDERER=1 openwork
WEBKIT_DISABLE_COMPOSITING_MODE=1 openwork
Security Notes
- OpenWork hides model reasoning and sensitive tool metadata by default.
- Host mode binds to
127.0.0.1by default.
Contributing
- Review
AGENTS.mdplusVISION.md,PRINCIPLES.md,PRODUCT.md, andARCHITECTURE.mdto understand the product goals before making changes. - Ensure Node.js,
pnpm, the Rust toolchain, andopencodeare installed before working inside the repo. - Run
pnpm installonce per checkout, then verify your change withpnpm typecheckpluspnpm test:e2e(or the targeted subset of scripts) before opening a PR. - Add new PRDs to
packages/app/pr/<name>.mdfollowing the.opencode/skills/prd-conventions/SKILL.mdconventions described inAGENTS.md.
For Teams & Businesses
Interested in using OpenWork in your organization? We'd love to hear from you — reach out at benjamin.shafii@gmail.com to chat about your use case.
License
MIT — see LICENSE.