fix: scope OpenCode resume sessions by workspace#1008
Conversation
Why: OpenCode --session can carry stale workspace/tool state across repositories, so resume must be gated by the current thread workspace. The public gate exclusion metadata also needed refreshing so the target repository gate runs on current date without invoking source-only DARE smoke coverage, and test-home now strips runtime owner/workspace env that made public tests depend on the launcher. [砚砚/gpt-5.5🐾]
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: bda7dd8a0f
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Why: Cloud review found that manual OpenCode bind and unseal-reopen routes created active session-chain records without workspace binding metadata, causing the resume workspace guard to drop known-good operator-supplied sessions as workspace_unknown. Persisting the thread workspace binding on these paths keeps manual resume records verifiable.\n\n[砚砚/gpt-5.5🐾]
|
@codex review |
1 similar comment
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: cd65cbaafd
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Why: Cloud review found manual OpenCode bind workspace metadata still used path.resolve(), while invocation validates and fingerprints the realpath-canonical workspace. Symlinked or legacy projectPath values could still be dropped as workspace_mismatch. Reusing project-path validation keeps bind/reopen records comparable to invocation-time fingerprints.\n\n[砚砚/gpt-5.5🐾]
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 23214e3d5e
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Why: Cloud review found unseal could stamp the current thread workspace onto a reopened record while reusing a CLI session created in an older workspace after thread rehome. Copying sealed session workspace metadata when present preserves the invariant that a cliSessionId is only trusted for its original workspace; legacy records without metadata still fall back to the current thread workspace. [砚砚/gpt-5.5🐾]
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: d36a5f8a86
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Why: Cloud review found a concurrent OpenCode turn could keep using the active session record it read before waiting on the resume mutex. If the first turn refreshed the active record while the second waited, the second would drop resume and start another fresh session. Re-reading the active chain after the mutex wait, and switching to the refreshed session mutex when the CLI id changes, preserves continuity without allowing stale workspace metadata through. [砚砚/gpt-5.5🐾]
|
@codex review |
|
Codex Review: Didn't find any major issues. Another round soon, please! Reviewed commit: ℹ️ About Codex in GitHubYour team has set up Codex to review pull requests in this repo. Reviews are triggered when you
If Codex has suggestions, it will comment; otherwise it will react with 👍. Codex can also answer questions or update the PR. Try commenting "@codex address that feedback". |
Fixes #1006
What
ALLOWED_WORKSPACE_DIRSandDEFAULT_OWNER_USER_IDfrom the public test-home wrapper so public tests do not depend on the launcher environment.Parallel Context
#1007 exists from Charlie's fork with overlapping scope. Per maintainer decision, this maintainer PR is the canonical outbound PR for #1006, and Charlie can validate this PR.
Test Evidence
pnpm --dir packages/api buildnode --test --test-timeout=60000 test/invoke-single-cat.test.js test/session-chain-store.test.jsbash ./scripts/run-isolated-redis-tests.sh node --test --test-timeout=60000 test/redis-session-chain-store.test.jspnpm checkpnpm lintnode --test test/public-test-exclusions.test.jsnode scripts/resolve-public-test-files.mjs --json | jq -r '.excludedFiles[]' | rg 'dare-smoke|dare-agent-service|dare-l1'ALLOWED_WORKSPACE_DIRS=/Users/lysander/projects DEFAULT_OWNER_USER_ID=default-user bash ./scripts/with-test-home.sh node --import "$(pwd)/test/helpers/setup-cat-registry.js" --test test/opencode-agent-service.test.js test/prompt-injection-yaml-validation.test.js test/with-test-home.test.jsThe first public-gate run exposed source-only DARE smoke coverage in the public set; the second exposed launcher env leakage into public tests. Both are handled in this PR so the final public gate is green.
[砚砚/gpt-5.5🐾]