Skip to content

Harden OpenCode server integration and prune docs bundle#4

Merged
jacobjmc merged 1 commit intomainfrom
codex/opencode-server-hardening
Mar 7, 2026
Merged

Harden OpenCode server integration and prune docs bundle#4
jacobjmc merged 1 commit intomainfrom
codex/opencode-server-hardening

Conversation

@jacobjmc
Copy link
Owner

@jacobjmc jacobjmc commented Mar 7, 2026
edited by cubic-dev-ai bot
Loading

Summary

  • harden the managed OpenCode server connection path for external-app usage
  • add auth-aware REST/SSE handling, explicit localhost binding, and healthier managed-server recovery
  • include the current docs/funding cleanup from the worktree in the same PR

What changed

  • send Authorization headers for REST and /global/event SSE when OPENCODE_SERVER_PASSWORD / OPENCODE_SERVER_USERNAME are set
  • start managed opencode serve with explicit --hostname 127.0.0.1
  • prefer the monitor port but fall back to a free localhost port if that port is already occupied
  • re-check managed server health before reuse and replace the child in place if it died
  • make status/restart-required checks use the tracked managed base URL instead of assuming a single fixed port
  • update the REST migration doc to match the live backend behavior
  • remove the generated docs bundle/assets and trim README/FUNDING references included in the current worktree

Validation

  • npm run typecheck
  • cd src-tauri && cargo check
  • cd src-tauri && cargo test app_server --lib

Notes

  • This PR intentionally includes the other currently unstaged/uncommitted repo changes the user asked to bundle.

Summary by cubic

Hardens the OpenCode server path with auth-aware REST/SSE, strict localhost binding, dynamic port fallback, and resilient process recovery. Also removes the generated docs site and tidies README/FUNDING to slim the repo.

  • New Features

    • Send Basic Authorization for REST and /global/event SSE when OPENCODE_SERVER_USERNAME/PASSWORD are set.
    • Run managed opencode serve bound to 127.0.0.1; prefer the monitor port, fall back to a free localhost port if occupied.
    • Track the actual base URL/port; recheck health before reuse and restart the child if it died; status/restart use the tracked URL.
    • Update REST migration notes to match live behavior; remove the generated docs bundle/assets and adjust README/FUNDING.

  • Migration

    • Set OPENCODE_SERVER_USERNAME/PASSWORD to enable server auth; the app now sends Basic auth automatically.
    • If external scripts assumed a fixed server port, update them—when the preferred port is busy, the app now picks a free localhost port.

Written for commit d3de59d. Summary will update on new commits.

cubic-dev-ai[bot]
cubic-dev-ai bot reviewed Mar 7, 2026
View reviewed changes
Copy link

@cubic-dev-ai cubic-dev-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 19 files

You're on the cubic free plan with 17 free PR reviews remaining this month. Upgrade for unlimited reviews.

@jacobjmc jacobjmc merged commit fd70336 into main Mar 7, 2026
10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jacobjmc