@opencode-cloud/core 3.2.1 → 3.2.3

package/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "opencode-cloud-core"
-version = "3.2.1"
+version = "3.2.3"
 edition = "2024"
 rust-version = "1.88"
 license = "MIT"

package/README.md

@@ -17,6 +17,15 @@ cargo install opencode-cloud
 opencode-cloud --version
 ```
 
+## Deploy to AWS
+
+[![Deploy to AWS](https://s3.amazonaws.com/cloudformation-examples/cloudformation-launch-stack.png)](https://console.aws.amazon.com/cloudformation/home#/stacks/create/review?templateURL=https://raw.githubusercontent.com/pRizz/opencode-cloud/main/infra/aws/cloudformation/opencode-cloud-quick.yaml)
+
+Quick deploy provisions a private EC2 instance behind a public ALB with HTTPS.
+**A domain name is required** for ACM certificate validation.
+
+Docs: `docs/deploy/aws.md` (includes teardown steps)
+
 ## Features
 
 - **Sandboxed execution** - opencode runs inside a Docker container, isolated from your host system

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@opencode-cloud/core",
-  "version": "3.2.1",
+  "version": "3.2.3",
   "description": "Core NAPI bindings for opencode-cloud (internal package)",
   "main": "index.js",
   "types": "index.d.ts",

package/src/config/mod.rs

@@ -15,7 +15,7 @@ use anyhow::{Context, Result};
 use jsonc_parser::parse_to_serde_value;
 
 pub use paths::{get_config_dir, get_config_path, get_data_dir, get_hosts_path, get_pid_path};
-pub use schema::{CommitSha, Config, validate_bind_address};
+pub use schema::{Config, validate_bind_address};
 pub use validation::{
     ValidationError, ValidationWarning, display_validation_error, display_validation_warning,
     validate_config,
@@ -88,10 +88,15 @@ pub fn load_config() -> Result<Config> {
         .with_context(|| format!("Failed to read config file: {}", config_path.display()))?;
 
     // Parse JSONC (JSON with comments)
-    let parsed_value = parse_to_serde_value(&contents, &Default::default())
+    let mut parsed_value = parse_to_serde_value(&contents, &Default::default())
         .map_err(|e| anyhow::anyhow!("Invalid JSONC in config file: {e}"))?
         .ok_or_else(|| anyhow::anyhow!("Config file is empty"))?;
 
+    // Drop deprecated keys that were removed from the schema.
+    if let Some(obj) = parsed_value.as_object_mut() {
+        obj.remove("opencode_commit");
+    }
+
     // Deserialize into Config struct (deny_unknown_fields will reject unknown keys)
     let config: Config = serde_json::from_value(parsed_value).with_context(|| {
         format!(

package/src/config/schema.rs

@@ -4,51 +4,6 @@
 
 use serde::{Deserialize, Serialize};
 use std::net::{IpAddr, Ipv4Addr};
-use std::ops::Deref;
-
-/// Validated opencode commit SHA (7-40 hex characters)
-#[derive(Debug, Clone, Serialize, PartialEq, Eq)]
-#[serde(transparent)]
-pub struct CommitSha(String);
-
-impl CommitSha {
-    pub fn parse(value: &str) -> Result<Self, String> {
-        let trimmed = value.trim();
-        if trimmed.is_empty() {
-            return Err("Commit cannot be empty".to_string());
-        }
-        if !(7..=40).contains(&trimmed.len()) {
-            return Err("Commit must be 7-40 hex characters".to_string());
-        }
-        if !trimmed.chars().all(|c| c.is_ascii_hexdigit()) {
-            return Err("Commit must be a hexadecimal SHA".to_string());
-        }
-        Ok(Self(trimmed.to_string()))
-    }
-
-    pub fn as_str(&self) -> &str {
-        &self.0
-    }
-}
-
-impl Deref for CommitSha {
-    type Target = str;
-
-    fn deref(&self) -> &Self::Target {
-        self.as_str()
-    }
-}
-
-impl<'de> Deserialize<'de> for CommitSha {
-    fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
-    where
-        D: serde::Deserializer<'de>,
-    {
-        let value = String::deserialize(deserializer)?;
-        CommitSha::parse(&value).map_err(serde::de::Error::custom)
-    }
-}
-
 /// Main configuration structure for opencode-cloud
 ///
 /// Serialized to/from `~/.config/opencode-cloud/config.json`
@@ -156,11 +111,6 @@ pub struct Config {
     #[serde(default = "default_image_source")]
     pub image_source: String,
 
-    /// Override opencode commit used when building the Docker image (optional)
-    /// Must be a 7-40 character hex commit SHA.
-    #[serde(default)]
-    pub opencode_commit: Option<CommitSha>,
-
     /// When to check for updates: 'always' (every start), 'once' (once per version), 'never'
     #[serde(default = "default_update_check")]
     pub update_check: String,
@@ -274,7 +224,6 @@ impl Default for Config {
             cockpit_port: default_cockpit_port(),
             cockpit_enabled: default_cockpit_enabled(),
             image_source: default_image_source(),
-            opencode_commit: None,
             update_check: default_update_check(),
             mounts: Vec::new(),
         }
@@ -416,7 +365,6 @@ mod tests {
             cockpit_port: 9090,
             cockpit_enabled: true,
             image_source: default_image_source(),
-            opencode_commit: None,
             update_check: default_update_check(),
             mounts: Vec::new(),
         };

package/src/docker/Dockerfile

@@ -34,9 +34,6 @@
 # -----------------------------------------------------------------------------
 FROM ubuntu:24.04 AS runtime
 
-# Pin opencode fork commit used during build
-ARG OPENCODE_COMMIT=dac099a4892689d11abedb0fcc1098b50e0958c8
-
 # OCI Labels for image metadata
 LABEL org.opencontainers.image.title="opencode-cloud"
 LABEL org.opencontainers.image.description="AI-assisted development environment with opencode"
@@ -520,7 +517,8 @@ RUN echo 'export PATH="/home/opencode/.local/bin:$PATH"' >> /home/opencode/.zshr
 # Clone the fork and build opencode from source (as non-root user)
 # Pin to specific commit for reproducibility
 # Build opencode from source (BuildKit cache mounts disabled for now)
-RUN rm -rf /tmp/opencode-repo \
+RUN OPENCODE_COMMIT="8694cc2e60422ad82d5ca72b67716423b18dabc2" \
+    && rm -rf /tmp/opencode-repo \
     && git clone --depth 1 https://github.com/pRizz/opencode.git /tmp/opencode-repo \
     && cd /tmp/opencode-repo \
     && git fetch --depth 1 origin "${OPENCODE_COMMIT}" \
@@ -573,21 +571,31 @@ RUN ls -la /usr/local/bin/opencode-broker \
 # -----------------------------------------------------------------------------
 # Nginx Reverse Proxy for UI + API
 # -----------------------------------------------------------------------------
-# Serve the built UI from /var/www/opencode and proxy API/WebSocket
-# TODO: Explore a sustainable routing strategy (e.g., backend-driven base URL or
-# TODO: content-type aware proxying without hardcoded path lists).
+# Serve the built UI from /var/www/opencode and proxy all 3000 traffic to backend.
 RUN rm -f /etc/nginx/sites-enabled/default /etc/nginx/conf.d/default.conf 2>/dev/null || true \
     && printf '%s\n' \
     'server {' \
     '  listen 3000;' \
     '  server_name _;' \
     '' \
-    '  root /var/www/opencode;' \
-    '  index index.html;' \
-    '' \
-    '  location = /health {' \
+    '  location / {' \
     '    proxy_pass http://127.0.0.1:3001;' \
+    '    proxy_http_version 1.1;' \
+    '    proxy_set_header Upgrade $http_upgrade;' \
+    '    proxy_set_header Connection "upgrade";' \
+    '    proxy_set_header Host $host;' \
+    '    proxy_set_header X-Real-IP $remote_addr;' \
+    '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' \
+    '    proxy_set_header X-Forwarded-Proto $scheme;' \
     '  }' \
+    '}' \
+    '' \
+    'server {' \
+    '  listen 3002;' \
+    '  server_name _;' \
+    '' \
+    '  root /var/www/opencode;' \
+    '  index index.html;' \
     '' \
     '  location /assets/ {' \
     '    try_files $uri =404;' \
@@ -597,17 +605,6 @@ RUN rm -f /etc/nginx/sites-enabled/default /etc/nginx/conf.d/default.conf 2>/dev
     '    try_files $uri =404;' \
     '  }' \
     '' \
-    '  location ~ ^/(agent|auth|command|config|event|events|global|lsp|mcp|path|permission|project|provider|pty|question|rpc|session|sessions|status|v1|vcs|ws|api) {' \
-    '    proxy_pass http://127.0.0.1:3001;' \
-    '    proxy_http_version 1.1;' \
-    '    proxy_set_header Upgrade $http_upgrade;' \
-    '    proxy_set_header Connection "upgrade";' \
-    '    proxy_set_header Host $host;' \
-    '    proxy_set_header X-Real-IP $remote_addr;' \
-    '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' \
-    '    proxy_set_header X-Forwarded-Proto $scheme;' \
-    '  }' \
-    '' \
     '  location / {' \
     '    try_files $uri $uri/ /index.html;' \
     '  }' \
@@ -746,20 +743,24 @@ RUN rm -f /etc/systemd/system/multi-user.target.wants/nginx.service \
 # -----------------------------------------------------------------------------
 # opencode Configuration
 # -----------------------------------------------------------------------------
-# Create opencode.json config file with PAM authentication enabled
+# Create opencode.jsonc config file with PAM authentication enabled and UI URL
 RUN mkdir -p /home/opencode/.config/opencode \
     && printf '%s\n' \
     '{' \
+    '  // Container UI served via nginx on 3002' \
     '  "auth": {' \
     '    "enabled": true' \
+    '  },' \
+    '  "server": {' \
+    '    "uiUrl": "http://localhost:3002"' \
     '  }' \
     '}' \
-    > /home/opencode/.config/opencode/opencode.json \
+    > /home/opencode/.config/opencode/opencode.jsonc \
     && chown -R opencode:opencode /home/opencode/.config/opencode \
-    && chmod 644 /home/opencode/.config/opencode/opencode.json
+    && chmod 644 /home/opencode/.config/opencode/opencode.jsonc
 
 # Verify config file exists
-RUN ls -la /home/opencode/.config/opencode/opencode.json && cat /home/opencode/.config/opencode/opencode.json
+RUN ls -la /home/opencode/.config/opencode/opencode.jsonc && cat /home/opencode/.config/opencode/opencode.jsonc
 
 USER opencode
 
@@ -811,8 +812,8 @@ RUN echo "${OPENCODE_CLOUD_VERSION}" > /etc/opencode-cloud-version
 # -----------------------------------------------------------------------------
 WORKDIR /home/opencode/workspace
 
-# Expose opencode web port (3000) and Cockpit port (9090)
-EXPOSE 3000 9090
+# Expose opencode ports (3000/3001/3002) and Cockpit (9090)
+EXPOSE 3000 3001 3002 9090
 
 # Hybrid init: entrypoint script chooses tini or systemd based on USE_SYSTEMD env
 ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]

package/src/docker/README.dockerhub.md

@@ -28,10 +28,10 @@ docker pull ghcr.io/prizz/opencode-cloud-sandbox:latest
 Run the container:
 
 ```
-docker run --rm -it -p 3000:3000 -p 9090:9090 ghcr.io/prizz/opencode-cloud-sandbox:latest
+docker run --rm -it -p 3000:3000 -p 3001:3001 -p 3002:3002 -p 9090:9090 ghcr.io/prizz/opencode-cloud-sandbox:latest
 ```
 
-The opencode web UI is available at `http://localhost:3000`. Cockpit runs on `http://localhost:9090`.
+The opencode web UI is available at `http://localhost:3000`. The backend is reachable at `http://localhost:3001`, and the static UI is served at `http://localhost:3002`. Cockpit runs on `http://localhost:9090`.
 
 ## Source
 

package/src/docker/dockerfile.rs

@@ -7,27 +7,9 @@
 //! clearly indicate this is the sandboxed container environment that the
 //! opencode-cloud CLI deploys, not the CLI tool itself.
 
-use std::collections::HashMap;
-
 /// The Dockerfile for building the opencode-cloud-sandbox container image
 pub const DOCKERFILE: &str = include_str!("Dockerfile");
 
-/// Build arg name for the opencode commit used in the Dockerfile.
-pub const OPENCODE_COMMIT_BUILD_ARG: &str = "OPENCODE_COMMIT";
-
-/// Default opencode commit pinned in the Dockerfile.
-pub const OPENCODE_COMMIT_DEFAULT: &str = "dac099a4892689d11abedb0fcc1098b50e0958c8";
-
-/// Build args for overriding the opencode commit in the Dockerfile.
-pub fn build_args_for_opencode_commit(
-    maybe_commit: Option<&str>,
-) -> Option<HashMap<String, String>> {
-    let commit = maybe_commit?;
-    let mut args = HashMap::new();
-    args.insert(OPENCODE_COMMIT_BUILD_ARG.to_string(), commit.to_string());
-    Some(args)
-}
-
 // =============================================================================
 // Docker Image Naming
 // =============================================================================

package/src/docker/mod.rs

@@ -38,10 +38,7 @@ pub use health::{
 };
 
 // Dockerfile constants
-pub use dockerfile::{
-    DOCKERFILE, IMAGE_NAME_DOCKERHUB, IMAGE_NAME_GHCR, IMAGE_TAG_DEFAULT,
-    OPENCODE_COMMIT_BUILD_ARG, OPENCODE_COMMIT_DEFAULT, build_args_for_opencode_commit,
-};
+pub use dockerfile::{DOCKERFILE, IMAGE_NAME_DOCKERHUB, IMAGE_NAME_GHCR, IMAGE_TAG_DEFAULT};
 
 // Image operations
 pub use image::{build_image, image_exists, pull_image};