You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
enforce existing OpenCode bash/external-directory permission checks before REST session creation
enforce the same checks before WebSocket spawn creates a PTY session
add focused handler tests proving denied web spawn requests do not call manager.spawn
Validation
bun test test/web-permissions.test.ts test/websocket.test.ts test/pty-tools.test.ts
bun run typecheck
bun run format
git diff --check
bun run build:plugin
bun run lint exits 0; it reports existing unrelated noNonNullAssertion warnings in test/notification-manager.test.ts
Notes
This keeps the web UI/API spawn path aligned with the existing pty_spawn permission behavior instead of allowing a separate path to create PTY sessions without consulting permission.bash.
Pushed 5e85c2e to address the failing unit job. The spawn-repeat test was machine-speed dependent and could open too many PTYs in one second; it now uses fixed repeat count with bounded concurrency while keeping env overrides for deeper stress runs.
CI follow-up: the remaining red check is Devenv CI, but it fails before project code runs, during nix profile add nixpkgs#devenv with Nix bootstrap store path unpack-bootstrap-tools.sh reported as invalid. The PR-related jobs are green (test:e2e, format, lint, test, typecheck, and dependency-review).
I tried to rerun the failed job, but GitHub requires upstream repository admin rights for this run. I do not see a code change needed in this PR based on the current log.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
spawncreates a PTY sessionmanager.spawnValidation
bun test test/web-permissions.test.ts test/websocket.test.ts test/pty-tools.test.tsbun run typecheckbun run formatgit diff --checkbun run build:pluginbun run lintexits 0; it reports existing unrelatednoNonNullAssertionwarnings intest/notification-manager.test.tsNotes
This keeps the web UI/API spawn path aligned with the existing
pty_spawnpermission behavior instead of allowing a separate path to create PTY sessions without consultingpermission.bash.