@opencode-cloud/core 4.2.0 → 4.2.2

package/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "opencode-cloud-core"
-version = "4.2.0"
+version = "4.2.2"
 edition = "2024"
 rust-version = "1.88"
 license = "MIT"

package/README.md

@@ -9,7 +9,7 @@
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
 
 > [!WARNING]
-> This project is a work in progress and evolving rapidly. Use with caution.
+> This tool is still a work in progress and is rapidly evolving. Expect frequent updates and breaking changes. Follow updates at https://github.com/pRizz/opencode-cloud. Stability will be announced at some point. Use with caution.
 
 A production-ready toolkit for deploying and managing [opencode](https://github.com/anomalyco/opencode) as a persistent cloud service, **sandboxed inside a Docker container** for isolation and security.
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@opencode-cloud/core",
-  "version": "4.2.0",
+  "version": "4.2.2",
   "description": "Core NAPI bindings for opencode-cloud (internal package)",
   "main": "index.js",
   "types": "index.d.ts",

package/src/config/mod.rs

@@ -14,8 +14,9 @@ use std::path::PathBuf;
 use anyhow::{Context, Result};
 use jsonc_parser::parse_to_serde_value;
 
+use crate::docker::mount::ParsedMount;
 pub use paths::{get_config_dir, get_config_path, get_data_dir, get_hosts_path, get_pid_path};
-pub use schema::{Config, validate_bind_address};
+pub use schema::{Config, default_mounts, validate_bind_address};
 pub use validation::{
     ValidationError, ValidationWarning, display_validation_error, display_validation_warning,
     validate_config,
@@ -75,6 +76,7 @@ pub fn load_config() -> Result<Config> {
             config_path.display()
         );
         let config = Config::default();
+        ensure_default_mount_dirs(&config)?;
         save_config(&config)?;
         return Ok(config);
     }
@@ -98,13 +100,37 @@ pub fn load_config() -> Result<Config> {
     }
 
     // Deserialize into Config struct (deny_unknown_fields will reject unknown keys)
-    let config: Config = serde_json::from_value(parsed_value).with_context(|| {
+    let mut config: Config = serde_json::from_value(parsed_value).with_context(|| {
         format!(
             "Invalid configuration in {}. Check for unknown fields or invalid values.",
             config_path.display()
         )
     })?;
 
+    let mut removed_shadowing_mounts = false;
+    config.mounts.retain(|mount_str| {
+        let parsed = match ParsedMount::parse(mount_str) {
+            Ok(parsed) => parsed,
+            Err(_) => return true,
+        };
+        if parsed.container_path == "/opt/opencode"
+            || parsed.container_path.starts_with("/opt/opencode/")
+        {
+            removed_shadowing_mounts = true;
+            tracing::warn!(
+                "Skipping bind mount that overrides opencode binaries: {}",
+                mount_str
+            );
+            return false;
+        }
+        true
+    });
+
+    if removed_shadowing_mounts {
+        tracing::info!("Removed bind mounts that shadow /opt/opencode");
+    }
+
+    ensure_default_mount_dirs(&config)?;
     Ok(config)
 }
 
@@ -141,6 +167,36 @@ pub fn save_config(config: &Config) -> Result<()> {
     Ok(())
 }
 
+fn ensure_default_mount_dirs(config: &Config) -> Result<()> {
+    let defaults = default_mounts();
+    if defaults.is_empty() {
+        return Ok(());
+    }
+
+    for mount_str in &config.mounts {
+        if !defaults.contains(mount_str) {
+            continue;
+        }
+        let parsed = crate::docker::mount::ParsedMount::parse(mount_str)
+            .with_context(|| format!("Invalid default mount configured: {mount_str}"))?;
+        let path = parsed.host_path.as_path();
+        if path.exists() {
+            if !path.is_dir() {
+                return Err(anyhow::anyhow!(
+                    "Default mount path is not a directory: {}",
+                    path.display()
+                ));
+            }
+            continue;
+        }
+        fs::create_dir_all(path)
+            .with_context(|| format!("Failed to create mount directory: {}", path.display()))?;
+        tracing::info!("Created mount directory: {}", path.display());
+    }
+
+    Ok(())
+}
+
 #[cfg(test)]
 mod tests {
     use super::*;

package/src/config/schema.rs

@@ -2,6 +2,10 @@
 //!
 //! Defines the structure and defaults for the config.json file.
 
+use crate::docker::volume::{
+    MOUNT_CACHE, MOUNT_CONFIG, MOUNT_PROJECTS, MOUNT_SESSION, MOUNT_STATE,
+};
+use directories::BaseDirs;
 use serde::{Deserialize, Serialize};
 use std::net::{IpAddr, Ipv4Addr};
 /// Main configuration structure for opencode-cloud
@@ -117,7 +121,7 @@ pub struct Config {
 
     /// Bind mounts to apply when starting the container
     /// Format: ["/host/path:/container/path", "/host:/mnt:ro"]
-    #[serde(default)]
+    #[serde(default = "default_mounts")]
     pub mounts: Vec<String>,
 }
 
@@ -173,6 +177,27 @@ fn default_update_check() -> String {
     "always".to_string()
 }
 
+pub fn default_mounts() -> Vec<String> {
+    let Some(base_dirs) = BaseDirs::new() else {
+        return Vec::new();
+    };
+    let home_dir = base_dirs.home_dir();
+
+    let data_dir = home_dir.join(".local").join("share").join("opencode");
+    let state_dir = home_dir.join(".local").join("state").join("opencode");
+    let cache_dir = home_dir.join(".cache").join("opencode");
+    let config_dir = home_dir.join(".config").join("opencode");
+    let workspace_dir = data_dir.join("workspace");
+
+    vec![
+        format!("{}:{MOUNT_SESSION}", data_dir.display()),
+        format!("{}:{MOUNT_STATE}", state_dir.display()),
+        format!("{}:{MOUNT_CACHE}", cache_dir.display()),
+        format!("{}:{MOUNT_PROJECTS}", workspace_dir.display()),
+        format!("{}:{MOUNT_CONFIG}", config_dir.display()),
+    ]
+}
+
 /// Validate and parse a bind address string
 ///
 /// Accepts:
@@ -225,7 +250,7 @@ impl Default for Config {
             cockpit_enabled: default_cockpit_enabled(),
             image_source: default_image_source(),
             update_check: default_update_check(),
-            mounts: Vec::new(),
+            mounts: default_mounts(),
         }
     }
 }
@@ -309,7 +334,7 @@ mod tests {
         assert_eq!(config.rate_limit_attempts, 5);
         assert_eq!(config.rate_limit_window_seconds, 60);
         assert!(config.users.is_empty());
-        assert!(config.mounts.is_empty());
+        assert_eq!(config.mounts, default_mounts());
     }
 
     #[test]
@@ -693,7 +718,7 @@ mod tests {
     #[test]
     fn test_default_config_mounts_field() {
         let config = Config::default();
-        assert!(config.mounts.is_empty());
+        assert_eq!(config.mounts, default_mounts());
     }
 
     #[test]
@@ -717,9 +742,9 @@ mod tests {
 
     #[test]
     fn test_mounts_field_default_on_missing() {
-        // Old configs without mounts field should get empty vec
+        // Old configs without mounts field should get default mounts
         let json = r#"{"version": 1}"#;
         let config: Config = serde_json::from_str(json).unwrap();
-        assert!(config.mounts.is_empty());
+        assert_eq!(config.mounts, default_mounts());
     }
 }

package/src/docker/Dockerfile

@@ -164,6 +164,7 @@ RUN mkdir -p \
     /home/opencode/.config \
     /home/opencode/.local/bin \
     /home/opencode/.local/share \
+    /home/opencode/.local/state \
     /home/opencode/.cache \
     /home/opencode/workspace
 
@@ -529,16 +530,15 @@ RUN OPENCODE_COMMIT="c7fb116c1cf59a76b184f842ed3eb0113d93196b" \
     && bun run build-single-ui \
     && rm -rf /home/opencode/.bun/install/cache /home/opencode/.bun/cache /home/opencode/.cache/bun \
     && cd /tmp/opencode-repo \
-    && mkdir -p /home/opencode/.local/share/opencode/bin \
-    && mkdir -p /home/opencode/.local/share/opencode/ui \
-    && cp /tmp/opencode-repo/packages/opencode/dist/opencode-*/bin/opencode /home/opencode/.local/share/opencode/bin/opencode \
-    && cp -R /tmp/opencode-repo/packages/opencode/dist/opencode-*/ui/. /home/opencode/.local/share/opencode/ui/ \
-    && chown -R opencode:opencode /home/opencode/.local/share/opencode \
-    && chmod +x /home/opencode/.local/share/opencode/bin/opencode \
-    && /home/opencode/.local/share/opencode/bin/opencode --version
+    && sudo mkdir -p /opt/opencode/bin /opt/opencode/ui \
+    && sudo cp /tmp/opencode-repo/packages/opencode/dist/opencode-*/bin/opencode /opt/opencode/bin/opencode \
+    && sudo cp -R /tmp/opencode-repo/packages/opencode/dist/opencode-*/ui/. /opt/opencode/ui/ \
+    && sudo chown -R opencode:opencode /opt/opencode \
+    && sudo chmod +x /opt/opencode/bin/opencode \
+    && /opt/opencode/bin/opencode --version
 
 # Add opencode to PATH
-ENV PATH="/home/opencode/.local/share/opencode/bin:${PATH}"
+ENV PATH="/opt/opencode/bin:${PATH}"
 
 # -----------------------------------------------------------------------------
 # opencode-broker Installation
@@ -651,10 +651,10 @@ RUN printf '%s\n' \
     'Type=simple' \
     'User=opencode' \
     'WorkingDirectory=/home/opencode/workspace' \
-    'ExecStart=/home/opencode/.local/share/opencode/bin/opencode web --port 3000 --hostname 0.0.0.0' \
+    'ExecStart=/opt/opencode/bin/opencode web --port 3000 --hostname 0.0.0.0' \
     'Restart=always' \
     'RestartSec=5' \
-    'Environment=PATH=/home/opencode/.local/share/opencode/bin:/home/opencode/.local/bin:/home/opencode/.cargo/bin:/home/opencode/.local/share/mise/shims:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' \
+    'Environment=PATH=/opt/opencode/bin:/home/opencode/.local/bin:/home/opencode/.cargo/bin:/home/opencode/.local/share/mise/shims:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' \
     '' \
     '[Install]' \
     'WantedBy=multi-user.target' \
@@ -700,7 +700,7 @@ RUN printf '%s\n' \
     '    install -d -m 0755 /run/opencode' \
     '    /usr/local/bin/opencode-broker &' \
     '    # Use runuser to switch to opencode user without password prompt' \
-    '    exec runuser -u opencode -- sh -lc "cd /home/opencode/workspace && /home/opencode/.local/share/opencode/bin/opencode web --port 3000 --hostname 0.0.0.0"' \
+    '    exec runuser -u opencode -- sh -lc "cd /home/opencode/workspace && /opt/opencode/bin/opencode web --port 3000 --hostname 0.0.0.0"' \
     'fi' \
     > /usr/local/bin/entrypoint.sh && chmod +x /usr/local/bin/entrypoint.sh
 

package/src/docker/container.rs

@@ -6,7 +6,8 @@
 use super::dockerfile::{IMAGE_NAME_GHCR, IMAGE_TAG_DEFAULT};
 use super::mount::ParsedMount;
 use super::volume::{
-    MOUNT_CONFIG, MOUNT_PROJECTS, MOUNT_SESSION, VOLUME_CONFIG, VOLUME_PROJECTS, VOLUME_SESSION,
+    MOUNT_CACHE, MOUNT_CONFIG, MOUNT_PROJECTS, MOUNT_SESSION, MOUNT_STATE, VOLUME_CACHE,
+    VOLUME_CONFIG, VOLUME_PROJECTS, VOLUME_SESSION, VOLUME_STATE,
 };
 use super::{DockerClient, DockerError};
 use bollard::container::{
@@ -16,7 +17,7 @@ use bollard::container::{
 use bollard::service::{
     HostConfig, Mount, MountPointTypeEnum, MountTypeEnum, PortBinding, PortMap,
 };
-use std::collections::HashMap;
+use std::collections::{HashMap, HashSet};
 use tracing::debug;
 
 /// Default container name
@@ -25,6 +26,11 @@ pub const CONTAINER_NAME: &str = "opencode-cloud-sandbox";
 /// Default port for opencode web UI
 pub const OPENCODE_WEB_PORT: u16 = 3000;
 
+fn has_env_key(env: &[String], key: &str) -> bool {
+    let prefix = format!("{key}=");
+    env.iter().any(|entry| entry.starts_with(&prefix))
+}
+
 /// Create the opencode container with volume mounts
 ///
 /// Does not start the container - use start_container after creation.
@@ -85,30 +91,36 @@ pub async fn create_container(
         )));
     }
 
-    // Create volume mounts
-    let mut mounts = vec![
-        Mount {
-            target: Some(MOUNT_SESSION.to_string()),
-            source: Some(VOLUME_SESSION.to_string()),
-            typ: Some(MountTypeEnum::VOLUME),
-            read_only: Some(false),
-            ..Default::default()
-        },
-        Mount {
-            target: Some(MOUNT_PROJECTS.to_string()),
-            source: Some(VOLUME_PROJECTS.to_string()),
-            typ: Some(MountTypeEnum::VOLUME),
-            read_only: Some(false),
-            ..Default::default()
-        },
-        Mount {
-            target: Some(MOUNT_CONFIG.to_string()),
-            source: Some(VOLUME_CONFIG.to_string()),
+    let mut bind_targets = HashSet::new();
+    if let Some(ref user_mounts) = bind_mounts {
+        for parsed in user_mounts {
+            bind_targets.insert(parsed.container_path.clone());
+        }
+    }
+
+    // Create volume mounts (skip if overridden by bind mounts)
+    let mut mounts = Vec::new();
+    let mut add_volume_mount = |target: &str, source: &str| {
+        if bind_targets.contains(target) {
+            tracing::trace!(
+                "Skipping volume mount for {} (overridden by bind mount)",
+                target
+            );
+            return;
+        }
+        mounts.push(Mount {
+            target: Some(target.to_string()),
+            source: Some(source.to_string()),
             typ: Some(MountTypeEnum::VOLUME),
             read_only: Some(false),
             ..Default::default()
-        },
-    ];
+        });
+    };
+    add_volume_mount(MOUNT_SESSION, VOLUME_SESSION);
+    add_volume_mount(MOUNT_STATE, VOLUME_STATE);
+    add_volume_mount(MOUNT_CACHE, VOLUME_CACHE);
+    add_volume_mount(MOUNT_PROJECTS, VOLUME_PROJECTS);
+    add_volume_mount(MOUNT_CONFIG, VOLUME_CONFIG);
 
     // Add user-defined bind mounts from config/CLI
     if let Some(ref user_mounts) = bind_mounts {
@@ -189,14 +201,24 @@ pub async fn create_container(
     };
 
     // Build environment variables
+    let mut env = env_vars.unwrap_or_default();
+    if !has_env_key(&env, "XDG_DATA_HOME") {
+        env.push("XDG_DATA_HOME=/home/opencode/.local/share".to_string());
+    }
+    if !has_env_key(&env, "XDG_STATE_HOME") {
+        env.push("XDG_STATE_HOME=/home/opencode/.local/state".to_string());
+    }
+    if !has_env_key(&env, "XDG_CONFIG_HOME") {
+        env.push("XDG_CONFIG_HOME=/home/opencode/.config".to_string());
+    }
+    if !has_env_key(&env, "XDG_CACHE_HOME") {
+        env.push("XDG_CACHE_HOME=/home/opencode/.cache".to_string());
+    }
     // Add USE_SYSTEMD=1 when Cockpit is enabled to tell entrypoint to use systemd
-    let final_env = if cockpit_enabled_val {
-        let mut env = env_vars.unwrap_or_default();
+    if cockpit_enabled_val && !has_env_key(&env, "USE_SYSTEMD") {
         env.push("USE_SYSTEMD=1".to_string());
-        Some(env)
-    } else {
-        env_vars
-    };
+    }
+    let final_env = if env.is_empty() { None } else { Some(env) };
 
     // Create container config
     let config = Config {

package/src/docker/mod.rs

@@ -60,8 +60,9 @@ pub use users::{
 
 // Volume management
 pub use volume::{
-    MOUNT_CONFIG, MOUNT_PROJECTS, MOUNT_SESSION, VOLUME_CONFIG, VOLUME_NAMES, VOLUME_PROJECTS,
-    VOLUME_SESSION, ensure_volumes_exist, remove_all_volumes, remove_volume, volume_exists,
+    MOUNT_CACHE, MOUNT_CONFIG, MOUNT_PROJECTS, MOUNT_SESSION, MOUNT_STATE, VOLUME_CACHE,
+    VOLUME_CONFIG, VOLUME_NAMES, VOLUME_PROJECTS, VOLUME_SESSION, VOLUME_STATE,
+    ensure_volumes_exist, remove_all_volumes, remove_volume, volume_exists,
 };
 
 // Bind mount parsing and validation

package/src/docker/volume.rs

@@ -11,6 +11,12 @@ use tracing::debug;
 /// Volume name for opencode data
 pub const VOLUME_SESSION: &str = "opencode-data";
 
+/// Volume name for opencode state
+pub const VOLUME_STATE: &str = "opencode-state";
+
+/// Volume name for opencode cache
+pub const VOLUME_CACHE: &str = "opencode-cache";
+
 /// Volume name for project files
 pub const VOLUME_PROJECTS: &str = "opencode-workspace";
 
@@ -18,16 +24,28 @@ pub const VOLUME_PROJECTS: &str = "opencode-workspace";
 pub const VOLUME_CONFIG: &str = "opencode-config";
 
 /// All volume names as array for iteration
-pub const VOLUME_NAMES: [&str; 3] = [VOLUME_SESSION, VOLUME_PROJECTS, VOLUME_CONFIG];
+pub const VOLUME_NAMES: [&str; 5] = [
+    VOLUME_SESSION,
+    VOLUME_STATE,
+    VOLUME_CACHE,
+    VOLUME_PROJECTS,
+    VOLUME_CONFIG,
+];
 
 /// Mount point for opencode data inside container
-pub const MOUNT_SESSION: &str = "/home/opencode/.local/share";
+pub const MOUNT_SESSION: &str = "/home/opencode/.local/share/opencode";
+
+/// Mount point for opencode state inside container
+pub const MOUNT_STATE: &str = "/home/opencode/.local/state/opencode";
+
+/// Mount point for opencode cache inside container
+pub const MOUNT_CACHE: &str = "/home/opencode/.cache/opencode";
 
 /// Mount point for project files inside container
 pub const MOUNT_PROJECTS: &str = "/home/opencode/workspace";
 
 /// Mount point for configuration inside container
-pub const MOUNT_CONFIG: &str = "/home/opencode/.config";
+pub const MOUNT_CONFIG: &str = "/home/opencode/.config/opencode";
 
 /// Ensure all required volumes exist
 ///
@@ -123,22 +141,28 @@ mod tests {
     #[test]
     fn volume_constants_are_correct() {
         assert_eq!(VOLUME_SESSION, "opencode-data");
+        assert_eq!(VOLUME_STATE, "opencode-state");
+        assert_eq!(VOLUME_CACHE, "opencode-cache");
         assert_eq!(VOLUME_PROJECTS, "opencode-workspace");
         assert_eq!(VOLUME_CONFIG, "opencode-config");
     }
 
     #[test]
     fn volume_names_array_has_all_volumes() {
-        assert_eq!(VOLUME_NAMES.len(), 3);
+        assert_eq!(VOLUME_NAMES.len(), 5);
         assert!(VOLUME_NAMES.contains(&VOLUME_SESSION));
+        assert!(VOLUME_NAMES.contains(&VOLUME_STATE));
+        assert!(VOLUME_NAMES.contains(&VOLUME_CACHE));
         assert!(VOLUME_NAMES.contains(&VOLUME_PROJECTS));
         assert!(VOLUME_NAMES.contains(&VOLUME_CONFIG));
     }
 
     #[test]
     fn mount_points_are_correct() {
-        assert_eq!(MOUNT_SESSION, "/home/opencode/.local/share");
+        assert_eq!(MOUNT_SESSION, "/home/opencode/.local/share/opencode");
+        assert_eq!(MOUNT_STATE, "/home/opencode/.local/state/opencode");
+        assert_eq!(MOUNT_CACHE, "/home/opencode/.cache/opencode");
         assert_eq!(MOUNT_PROJECTS, "/home/opencode/workspace");
-        assert_eq!(MOUNT_CONFIG, "/home/opencode/.config");
+        assert_eq!(MOUNT_CONFIG, "/home/opencode/.config/opencode");
     }
 }