409 lines
13 KiB
Go
409 lines
13 KiB
Go
// Package opencode implements the opencode (sst/opencode) agent adapter:
|
|
// launching new TUI sessions, resuming sessions by native id, installing a
|
|
// workspace-local activity plugin, and reading plugin-derived session info.
|
|
//
|
|
// opencode differs from Claude Code and Codex in two ways AO has to bridge:
|
|
// - It has no native command-hook config (no settings.local.json / hooks.json
|
|
// equivalent). Its only lifecycle-extensibility surface is a JS/TS plugin
|
|
// loaded from .opencode/plugins/, so GetAgentHooks installs an AO-owned
|
|
// plugin file (see hooks.go) instead of merging JSON.
|
|
// - Its CLI exposes only one approval flag (--dangerously-skip-permissions)
|
|
// and no system-prompt flag, so the graduated permission modes and the
|
|
// system prompt are deferred to opencode's own config.
|
|
//
|
|
// AO-managed sessions derive native session identity and display metadata from
|
|
// the opencode plugin's reported events, mirroring the Codex adapter.
|
|
package opencode
|
|
|
|
import (
|
|
"context"
|
|
"database/sql"
|
|
"encoding/json"
|
|
"fmt"
|
|
"os"
|
|
"os/exec"
|
|
"path/filepath"
|
|
"runtime"
|
|
"strings"
|
|
"sync"
|
|
"time"
|
|
|
|
"github.com/aoagents/agent-orchestrator/backend/internal/adapters"
|
|
"github.com/aoagents/agent-orchestrator/backend/internal/adapters/agent/agentbase"
|
|
"github.com/aoagents/agent-orchestrator/backend/internal/adapters/agent/hookutil"
|
|
"github.com/aoagents/agent-orchestrator/backend/internal/ports"
|
|
|
|
_ "modernc.org/sqlite" // register sqlite driver for opencode session metadata probes
|
|
)
|
|
|
|
const (
|
|
// adapterID is the registry id and the value users pass to
|
|
// `ao spawn --agent`. It matches domain.HarnessOpenCode.
|
|
adapterID = "opencode"
|
|
|
|
// opencodeAgentSessionIDMetadataKey is the session-metadata key the opencode
|
|
// plugin persists the native session id under. GetRestoreCommand reads it back
|
|
// to resume an existing session. SessionInfo delegates to
|
|
// agentbase.StandardSessionInfo which reads ports.MetadataKeyAgentSessionID
|
|
// (same value), but GetRestoreCommand reads it directly, so the const stays.
|
|
opencodeAgentSessionIDMetadataKey = "agentSessionId"
|
|
)
|
|
|
|
// Plugin is the opencode agent adapter. It is safe for concurrent use; the
|
|
// binary path is resolved once and cached under binaryMu.
|
|
type Plugin struct {
|
|
agentbase.Base
|
|
binaryMu sync.Mutex
|
|
resolvedBinary string
|
|
}
|
|
|
|
// New returns a ready-to-register opencode adapter.
|
|
func New() *Plugin {
|
|
return &Plugin{}
|
|
}
|
|
|
|
var _ adapters.Adapter = (*Plugin)(nil)
|
|
var _ ports.Agent = (*Plugin)(nil)
|
|
var _ ports.AgentAuthChecker = (*Plugin)(nil)
|
|
|
|
// Manifest returns the adapter's static self-description.
|
|
func (p *Plugin) Manifest() adapters.Manifest {
|
|
return adapters.Manifest{
|
|
ID: adapterID,
|
|
Name: "opencode",
|
|
Description: "Run opencode worker sessions.",
|
|
Version: "0.0.1",
|
|
Capabilities: []adapters.Capability{
|
|
adapters.CapabilityAgent,
|
|
},
|
|
}
|
|
}
|
|
|
|
// GetLaunchCommand builds the argv to start a new interactive opencode session.
|
|
// Shape:
|
|
//
|
|
// opencode [--dangerously-skip-permissions] [--prompt <prompt>]
|
|
//
|
|
// The session runs in the worktree (cwd is set by the runtime, as for Claude
|
|
// Code and Codex). opencode has no CLI flag to set a system prompt, so
|
|
// cfg.SystemPrompt / SystemPromptFile are intentionally ignored here — opencode
|
|
// resolves instructions from its own config and AGENTS.md rules. The initial
|
|
// task prompt is delivered via --prompt (its argument, so a leading "-" is not
|
|
// read as a flag).
|
|
func (p *Plugin) GetLaunchCommand(ctx context.Context, cfg ports.LaunchConfig) (cmd []string, err error) {
|
|
binary, err := p.opencodeBinary(ctx)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
cmd = []string{binary}
|
|
appendPermissionFlags(&cmd, cfg.Permissions)
|
|
if cfg.Prompt != "" {
|
|
cmd = append(cmd, "--prompt", cfg.Prompt)
|
|
}
|
|
return cmd, nil
|
|
}
|
|
|
|
// GetRestoreCommand rebuilds the argv that continues an existing opencode
|
|
// session: `opencode [--dangerously-skip-permissions] --session <agentSessionId>`.
|
|
// It re-applies the permission flag (resume otherwise reverts to the configured
|
|
// default) but not the prompt, which the session already carries. ok is false
|
|
// when the plugin-derived native session id has not landed yet, so callers fall
|
|
// back to fresh launch behavior — mirroring the Codex adapter.
|
|
func (p *Plugin) GetRestoreCommand(ctx context.Context, cfg ports.RestoreConfig) (cmd []string, ok bool, err error) {
|
|
if err := ctx.Err(); err != nil {
|
|
return nil, false, err
|
|
}
|
|
agentSessionID := strings.TrimSpace(cfg.Session.Metadata[opencodeAgentSessionIDMetadataKey])
|
|
if agentSessionID == "" {
|
|
return nil, false, nil
|
|
}
|
|
|
|
binary, err := p.opencodeBinary(ctx)
|
|
if err != nil {
|
|
return nil, false, err
|
|
}
|
|
|
|
cmd = make([]string, 0, 4)
|
|
cmd = append(cmd, binary)
|
|
appendPermissionFlags(&cmd, cfg.Permissions)
|
|
cmd = append(cmd, "--session", agentSessionID)
|
|
return cmd, true, nil
|
|
}
|
|
|
|
// SessionInfo surfaces opencode plugin-derived metadata. Metadata is
|
|
// intentionally nil for opencode: callers get the normalized fields directly,
|
|
// matching the Codex adapter.
|
|
func (p *Plugin) SessionInfo(ctx context.Context, session ports.SessionRef) (ports.SessionInfo, bool, error) {
|
|
if err := ctx.Err(); err != nil {
|
|
return ports.SessionInfo{}, false, err
|
|
}
|
|
info, ok := agentbase.StandardSessionInfo(session)
|
|
return info, ok, nil
|
|
}
|
|
|
|
// AuthStatus checks whether opencode has at least one configured provider
|
|
// credential.
|
|
func (p *Plugin) AuthStatus(ctx context.Context) (ports.AgentAuthStatus, error) {
|
|
binary, err := p.opencodeBinary(ctx)
|
|
if err != nil {
|
|
return ports.AgentAuthStatusUnknown, err
|
|
}
|
|
if status, ok, err := opencodeLocalAuthStatus(ctx); err != nil {
|
|
return ports.AgentAuthStatusUnknown, err
|
|
} else if ok {
|
|
return status, nil
|
|
}
|
|
probeCtx, cancel := context.WithTimeout(ctx, 3*time.Second)
|
|
defer cancel()
|
|
|
|
out, err := exec.CommandContext(probeCtx, binary, "auth", "list").CombinedOutput()
|
|
if probeCtx.Err() != nil {
|
|
return ports.AgentAuthStatusUnknown, probeCtx.Err()
|
|
}
|
|
text := strings.ToLower(string(out))
|
|
if strings.Contains(text, "0 credentials") {
|
|
return ports.AgentAuthStatusUnauthorized, nil
|
|
}
|
|
if strings.Contains(text, "credential") && err == nil {
|
|
return ports.AgentAuthStatusAuthorized, nil
|
|
}
|
|
if err != nil {
|
|
return ports.AgentAuthStatusUnknown, nil
|
|
}
|
|
return ports.AgentAuthStatusUnknown, nil
|
|
}
|
|
|
|
var opencodeAPIKeyEnvVars = []string{
|
|
"OPENCODE_API_KEY",
|
|
"OPENAI_API_KEY",
|
|
"ANTHROPIC_API_KEY",
|
|
"GEMINI_API_KEY",
|
|
"GOOGLE_API_KEY",
|
|
"OPENROUTER_API_KEY",
|
|
"DEEPSEEK_API_KEY",
|
|
"GROQ_API_KEY",
|
|
"XAI_API_KEY",
|
|
"MISTRAL_API_KEY",
|
|
"COHERE_API_KEY",
|
|
}
|
|
|
|
func opencodeLocalAuthStatus(ctx context.Context) (ports.AgentAuthStatus, bool, error) {
|
|
if err := ctx.Err(); err != nil {
|
|
return ports.AgentAuthStatusUnknown, false, err
|
|
}
|
|
for _, name := range opencodeAPIKeyEnvVars {
|
|
if strings.TrimSpace(os.Getenv(name)) != "" {
|
|
return ports.AgentAuthStatusAuthorized, true, nil
|
|
}
|
|
}
|
|
|
|
dataDir, ok := opencodeDataDir()
|
|
if !ok {
|
|
return ports.AgentAuthStatusUnknown, false, nil
|
|
}
|
|
jsonStatus, jsonOK, err := opencodeAuthJSONStatus(filepath.Join(dataDir, "auth.json"))
|
|
if err != nil {
|
|
return ports.AgentAuthStatusUnknown, false, err
|
|
}
|
|
if jsonOK && jsonStatus == ports.AgentAuthStatusAuthorized {
|
|
return jsonStatus, true, nil
|
|
}
|
|
if status, ok, err := opencodeDBAuthStatus(ctx, filepath.Join(dataDir, "opencode.db")); err != nil || ok {
|
|
return status, ok, err
|
|
}
|
|
if jsonOK {
|
|
return jsonStatus, true, nil
|
|
}
|
|
return ports.AgentAuthStatusUnknown, false, nil
|
|
}
|
|
|
|
func opencodeDataDir() (string, bool) {
|
|
if dataDir := strings.TrimSpace(os.Getenv("OPENCODE_DATA_DIR")); dataDir != "" {
|
|
return dataDir, true
|
|
}
|
|
if dataHome := strings.TrimSpace(os.Getenv("XDG_DATA_HOME")); dataHome != "" {
|
|
return filepath.Join(dataHome, "opencode"), true
|
|
}
|
|
home, err := os.UserHomeDir()
|
|
if err != nil || home == "" {
|
|
return "", false
|
|
}
|
|
return filepath.Join(home, ".local", "share", "opencode"), true
|
|
}
|
|
|
|
func opencodeAuthJSONStatus(path string) (ports.AgentAuthStatus, bool, error) {
|
|
data, err := os.ReadFile(path)
|
|
if os.IsNotExist(err) {
|
|
return ports.AgentAuthStatusUnknown, false, nil
|
|
}
|
|
if err != nil {
|
|
return ports.AgentAuthStatusUnknown, false, err
|
|
}
|
|
if strings.TrimSpace(string(data)) == "" {
|
|
return ports.AgentAuthStatusUnauthorized, true, nil
|
|
}
|
|
|
|
var entries map[string]json.RawMessage
|
|
if err := json.Unmarshal(data, &entries); err != nil {
|
|
return ports.AgentAuthStatusUnknown, false, err
|
|
}
|
|
if len(entries) == 0 {
|
|
return ports.AgentAuthStatusUnauthorized, true, nil
|
|
}
|
|
for key, value := range entries {
|
|
if strings.TrimSpace(key) == "" {
|
|
continue
|
|
}
|
|
trimmed := strings.TrimSpace(string(value))
|
|
if trimmed != "" && trimmed != "null" && trimmed != "{}" {
|
|
return ports.AgentAuthStatusAuthorized, true, nil
|
|
}
|
|
}
|
|
return ports.AgentAuthStatusUnauthorized, true, nil
|
|
}
|
|
|
|
func opencodeDBAuthStatus(ctx context.Context, path string) (ports.AgentAuthStatus, bool, error) {
|
|
if err := ctx.Err(); err != nil {
|
|
return ports.AgentAuthStatusUnknown, false, err
|
|
}
|
|
if _, err := os.Stat(path); os.IsNotExist(err) {
|
|
return ports.AgentAuthStatusUnknown, false, nil
|
|
} else if err != nil {
|
|
return ports.AgentAuthStatusUnknown, false, err
|
|
}
|
|
|
|
db, err := sql.Open("sqlite", "file:"+filepath.ToSlash(path)+"?mode=ro&_pragma=busy_timeout(1000)")
|
|
if err != nil {
|
|
return ports.AgentAuthStatusUnknown, false, err
|
|
}
|
|
defer func() {
|
|
_ = db.Close()
|
|
}()
|
|
|
|
authorized, known, err := opencodeDBHasAuthorizedAccount(ctx, db)
|
|
if err != nil {
|
|
return ports.AgentAuthStatusUnknown, false, err
|
|
}
|
|
if !known {
|
|
return ports.AgentAuthStatusUnknown, false, nil
|
|
}
|
|
if authorized {
|
|
return ports.AgentAuthStatusAuthorized, true, nil
|
|
}
|
|
return ports.AgentAuthStatusUnauthorized, true, nil
|
|
}
|
|
|
|
func opencodeDBHasAuthorizedAccount(ctx context.Context, db *sql.DB) (authorized, known bool, err error) {
|
|
for _, query := range []string{
|
|
`SELECT COUNT(*) FROM account_state WHERE active_account_id IS NOT NULL AND trim(active_account_id) != ''`,
|
|
`SELECT COUNT(*) FROM account WHERE trim(access_token) != ''`,
|
|
`SELECT COUNT(*) FROM control_account WHERE active = 1 AND trim(access_token) != ''`,
|
|
} {
|
|
count, err := opencodeDBCount(ctx, db, query)
|
|
if err != nil {
|
|
if strings.Contains(strings.ToLower(err.Error()), "no such table") {
|
|
continue
|
|
}
|
|
return false, false, err
|
|
}
|
|
known = true
|
|
if count > 0 {
|
|
return true, true, nil
|
|
}
|
|
}
|
|
return false, known, nil
|
|
}
|
|
|
|
func opencodeDBCount(ctx context.Context, db *sql.DB, query string) (int, error) {
|
|
var count int
|
|
if err := db.QueryRowContext(ctx, query).Scan(&count); err != nil {
|
|
return 0, err
|
|
}
|
|
return count, nil
|
|
}
|
|
|
|
// appendPermissionFlags maps AO's permission modes onto opencode's single
|
|
// approval flag. opencode exposes only --dangerously-skip-permissions (no
|
|
// graduated accept-edits/auto modes), so:
|
|
// - bypass-permissions → --dangerously-skip-permissions
|
|
// - default / accept-edits / auto → no flag. opencode resolves approvals from
|
|
// its own `permission` config exactly as a normal launch.
|
|
func appendPermissionFlags(cmd *[]string, permissions ports.PermissionMode) {
|
|
if ports.NormalizePermissionMode(permissions) == ports.PermissionModeBypassPermissions {
|
|
*cmd = append(*cmd, "--dangerously-skip-permissions")
|
|
}
|
|
}
|
|
|
|
// ResolveOpenCodeBinary returns the path to the opencode binary on this machine,
|
|
// searching PATH then a handful of well-known install locations (the install
|
|
// script's ~/.opencode/bin, Homebrew, npm global).
|
|
func ResolveOpenCodeBinary(ctx context.Context) (string, error) {
|
|
if err := ctx.Err(); err != nil {
|
|
return "", err
|
|
}
|
|
|
|
if runtime.GOOS == "windows" {
|
|
for _, name := range []string{"opencode.cmd", "opencode.exe", "opencode"} {
|
|
if path, err := exec.LookPath(name); err == nil && path != "" {
|
|
return path, nil
|
|
}
|
|
}
|
|
candidates := []string{}
|
|
if appData := os.Getenv("APPDATA"); appData != "" {
|
|
candidates = append(candidates,
|
|
filepath.Join(appData, "npm", "opencode.cmd"),
|
|
filepath.Join(appData, "npm", "opencode.exe"),
|
|
)
|
|
}
|
|
for _, candidate := range candidates {
|
|
if hookutil.FileExists(candidate) {
|
|
return candidate, nil
|
|
}
|
|
}
|
|
return "", fmt.Errorf("opencode: %w", ports.ErrAgentBinaryNotFound)
|
|
}
|
|
|
|
if path, err := exec.LookPath("opencode"); err == nil && path != "" {
|
|
return path, nil
|
|
}
|
|
|
|
candidates := []string{
|
|
"/usr/local/bin/opencode",
|
|
"/opt/homebrew/bin/opencode",
|
|
}
|
|
if home, err := os.UserHomeDir(); err == nil {
|
|
candidates = append(candidates,
|
|
filepath.Join(home, ".opencode", "bin", "opencode"),
|
|
filepath.Join(home, ".npm", "bin", "opencode"),
|
|
)
|
|
}
|
|
|
|
for _, candidate := range candidates {
|
|
if hookutil.FileExists(candidate) {
|
|
return candidate, nil
|
|
}
|
|
if err := ctx.Err(); err != nil {
|
|
return "", err
|
|
}
|
|
}
|
|
|
|
return "", fmt.Errorf("opencode: %w", ports.ErrAgentBinaryNotFound)
|
|
}
|
|
|
|
func (p *Plugin) opencodeBinary(ctx context.Context) (string, error) {
|
|
p.binaryMu.Lock()
|
|
defer p.binaryMu.Unlock()
|
|
|
|
if p.resolvedBinary != "" {
|
|
return p.resolvedBinary, nil
|
|
}
|
|
|
|
binary, err := ResolveOpenCodeBinary(ctx)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
p.resolvedBinary = binary
|
|
return binary, nil
|
|
}
|