Skip to content

fix: scope OpenCode resume sessions by workspace#1008

Merged
zts212653 merged 5 commits into
mainfrom
fix/1006-opencode-workspace-resume
Jun 24, 2026
Merged

fix: scope OpenCode resume sessions by workspace#1008
zts212653 merged 5 commits into
mainfrom
fix/1006-opencode-workspace-resume

Conversation

@zts212653

@zts212653 zts212653 commented Jun 24, 2026

Copy link
Copy Markdown
Owner

Fixes #1006

What

  • Store the OpenCode workspace binding on session-chain records.
  • Drop stale or unknown OpenCode resume attempts when the stored workspace does not match the current thread workspace.
  • Cover memory and Redis session-chain stores plus invocation-level workspace resume regressions.
  • Refresh public-test exclusion metadata and exclude DARE smoke from the public PR gate because it invokes a local DARE checkout plus live OpenRouter.
  • Strip runtime ALLOWED_WORKSPACE_DIRS and DEFAULT_OWNER_USER_ID from the public test-home wrapper so public tests do not depend on the launcher environment.

Parallel Context

#1007 exists from Charlie's fork with overlapping scope. Per maintainer decision, this maintainer PR is the canonical outbound PR for #1006, and Charlie can validate this PR.

Test Evidence

  • pnpm --dir packages/api build
  • node --test --test-timeout=60000 test/invoke-single-cat.test.js test/session-chain-store.test.js
  • bash ./scripts/run-isolated-redis-tests.sh node --test --test-timeout=60000 test/redis-session-chain-store.test.js
  • pnpm check
  • pnpm lint
  • node --test test/public-test-exclusions.test.js
  • node scripts/resolve-public-test-files.mjs --json | jq -r '.excludedFiles[]' | rg 'dare-smoke|dare-agent-service|dare-l1'
  • ALLOWED_WORKSPACE_DIRS=/Users/lysander/projects DEFAULT_OWNER_USER_ID=default-user bash ./scripts/with-test-home.sh node --import "$(pwd)/test/helpers/setup-cat-registry.js" --test test/opencode-agent-service.test.js test/prompt-injection-yaml-validation.test.js test/with-test-home.test.js
  • Public API test suite via pnpm filter - 15,296 pass / 0 fail / 27 skipped

The first public-gate run exposed source-only DARE smoke coverage in the public set; the second exposed launcher env leakage into public tests. Both are handled in this PR so the final public gate is green.

[砚砚/gpt-5.5🐾]

Why: OpenCode --session can carry stale workspace/tool state across repositories, so resume must be gated by the current thread workspace. The public gate exclusion metadata also needed refreshing so the target repository gate runs on current date without invoking source-only DARE smoke coverage, and test-home now strips runtime owner/workspace env that made public tests depend on the launcher.

[砚砚/gpt-5.5🐾]
@zts212653

Copy link
Copy Markdown
Owner Author

@codex review

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: bda7dd8a0f

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Why: Cloud review found that manual OpenCode bind and unseal-reopen routes created active session-chain records without workspace binding metadata, causing the resume workspace guard to drop known-good operator-supplied sessions as workspace_unknown. Persisting the thread workspace binding on these paths keeps manual resume records verifiable.\n\n[砚砚/gpt-5.5🐾]
@zts212653

Copy link
Copy Markdown
Owner Author

@codex review

1 similar comment
@zts212653

Copy link
Copy Markdown
Owner Author

@codex review

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: cd65cbaafd

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread packages/api/src/routes/session-chain.ts Outdated
Why: Cloud review found manual OpenCode bind workspace metadata still used path.resolve(), while invocation validates and fingerprints the realpath-canonical workspace. Symlinked or legacy projectPath values could still be dropped as workspace_mismatch. Reusing project-path validation keeps bind/reopen records comparable to invocation-time fingerprints.\n\n[砚砚/gpt-5.5🐾]
@zts212653

Copy link
Copy Markdown
Owner Author

@codex review

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 23214e3d5e

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread packages/api/src/routes/session-chain.ts Outdated
Why: Cloud review found unseal could stamp the current thread workspace onto a reopened record while reusing a CLI session created in an older workspace after thread rehome. Copying sealed session workspace metadata when present preserves the invariant that a cliSessionId is only trusted for its original workspace; legacy records without metadata still fall back to the current thread workspace.

[砚砚/gpt-5.5🐾]
@zts212653

Copy link
Copy Markdown
Owner Author

@codex review

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: d36a5f8a86

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Why: Cloud review found a concurrent OpenCode turn could keep using the active session record it read before waiting on the resume mutex. If the first turn refreshed the active record while the second waited, the second would drop resume and start another fresh session. Re-reading the active chain after the mutex wait, and switching to the refreshed session mutex when the CLI id changes, preserves continuity without allowing stale workspace metadata through.

[砚砚/gpt-5.5🐾]
@zts212653

Copy link
Copy Markdown
Owner Author

@codex review

@chatgpt-codex-connector

Copy link
Copy Markdown

Codex Review: Didn't find any major issues. Another round soon, please!

Reviewed commit: 98740d0881

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

@zts212653 zts212653 merged commit 8be7cc6 into main Jun 24, 2026
5 checks passed
@zts212653 zts212653 deleted the fix/1006-opencode-workspace-resume branch June 24, 2026 12:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

OpenCode sessions can resume with a stale workspace and analyze the wrong project

1 participant