agent-orchestrator/backend/internal/adapters/agent/opencode/opencode.go

498 lines
15 KiB
Go

// Package opencode implements the opencode (sst/opencode) agent adapter:
// launching new TUI sessions, resuming sessions by native id, installing a
// workspace-local activity plugin, and reading plugin-derived session info.
//
// opencode differs from Claude Code and Codex in two ways AO has to bridge:
// - It has no native command-hook config (no settings.local.json / hooks.json
// equivalent). Its only lifecycle-extensibility surface is a JS/TS plugin
// loaded from .opencode/plugins/, so GetAgentHooks installs an AO-owned
// plugin file (see hooks.go) instead of merging JSON.
// - Its CLI exposes only one approval flag (--dangerously-skip-permissions)
// and no system-prompt flag, so AO injects standing instructions by writing
// an AO-owned per-session config and selecting the generated agent.
//
// AO-managed sessions derive native session identity and display metadata from
// the opencode plugin's reported events, mirroring the Codex adapter.
package opencode
import (
"context"
"database/sql"
"encoding/json"
"fmt"
"os"
"os/exec"
"path/filepath"
"runtime"
"strings"
"sync"
"time"
"github.com/aoagents/agent-orchestrator/backend/internal/adapters"
"github.com/aoagents/agent-orchestrator/backend/internal/adapters/agent/agentbase"
"github.com/aoagents/agent-orchestrator/backend/internal/adapters/agent/hookutil"
"github.com/aoagents/agent-orchestrator/backend/internal/ports"
_ "modernc.org/sqlite" // register sqlite driver for opencode session metadata probes
)
const (
// adapterID is the registry id and the value users pass to
// `ao spawn --agent`. It matches domain.HarnessOpenCode.
adapterID = "opencode"
// opencodeAgentSessionIDMetadataKey is the session-metadata key the opencode
// plugin persists the native session id under. GetRestoreCommand reads it back
// to resume an existing session. SessionInfo delegates to
// agentbase.StandardSessionInfo which reads ports.MetadataKeyAgentSessionID
// (same value), but GetRestoreCommand reads it directly, so the const stays.
opencodeAgentSessionIDMetadataKey = "agentSessionId"
)
// Plugin is the opencode agent adapter. It is safe for concurrent use; the
// binary path is resolved once and cached under binaryMu.
type Plugin struct {
agentbase.Base
binaryMu sync.Mutex
resolvedBinary string
}
// New returns a ready-to-register opencode adapter.
func New() *Plugin {
return &Plugin{}
}
var _ adapters.Adapter = (*Plugin)(nil)
var _ ports.Agent = (*Plugin)(nil)
var _ ports.AgentAuthChecker = (*Plugin)(nil)
// Manifest returns the adapter's static self-description.
func (p *Plugin) Manifest() adapters.Manifest {
return adapters.Manifest{
ID: adapterID,
Name: "opencode",
Description: "Run opencode worker sessions.",
Version: "0.0.1",
Capabilities: []adapters.Capability{
adapters.CapabilityAgent,
},
}
}
// GetLaunchCommand builds the argv to start a new interactive opencode session.
// Shape:
//
// [env OPENCODE_CONFIG=<ao-config>] opencode [--dangerously-skip-permissions] [--agent <ao-agent>] [--prompt <prompt>]
//
// The session runs in the worktree (cwd is set by the runtime, as for Claude
// Code and Codex). opencode has no CLI flag to set a system prompt, so AO writes
// an opencode config into the AO prompt artifact directory, points OPENCODE_CONFIG
// at it, and selects the generated agent with --agent. The initial task prompt
// is delivered via --prompt (its argument, so a leading "-" is not read as a flag).
func (p *Plugin) GetLaunchCommand(ctx context.Context, cfg ports.LaunchConfig) (cmd []string, err error) {
binary, err := p.opencodeBinary(ctx)
if err != nil {
return nil, err
}
envPrefix, agentName, err := opencodeConfigEnvPrefix(cfg.SystemPrompt, cfg.SystemPromptFile, cfg.SessionID)
if err != nil {
return nil, err
}
cmd = envPrefix
cmd = append(cmd, binary)
appendPermissionFlags(&cmd, cfg.Permissions)
if agentName != "" {
cmd = append(cmd, "--agent", agentName)
}
if cfg.Prompt != "" {
cmd = append(cmd, "--prompt", cfg.Prompt)
}
return cmd, nil
}
// GetRestoreCommand rebuilds the argv that continues an existing opencode
// session: `[env OPENCODE_CONFIG=<ao-config>] opencode [--dangerously-skip-permissions] [--agent <ao-agent>] --session <agentSessionId>`.
// It re-applies the permission flag and the generated AO agent config (resume
// otherwise reverts to configured defaults). ok is false when the plugin-derived
// native session id has not landed yet, so callers fall back to fresh launch
// behavior — mirroring the Codex adapter.
func (p *Plugin) GetRestoreCommand(ctx context.Context, cfg ports.RestoreConfig) (cmd []string, ok bool, err error) {
if err := ctx.Err(); err != nil {
return nil, false, err
}
agentSessionID := strings.TrimSpace(cfg.Session.Metadata[opencodeAgentSessionIDMetadataKey])
if agentSessionID == "" {
return nil, false, nil
}
binary, err := p.opencodeBinary(ctx)
if err != nil {
return nil, false, err
}
envPrefix, agentName, err := opencodeConfigEnvPrefix(cfg.SystemPrompt, cfg.SystemPromptFile, cfg.Session.ID)
if err != nil {
return nil, false, err
}
cmd = envPrefix
cmd = append(cmd, binary)
appendPermissionFlags(&cmd, cfg.Permissions)
if agentName != "" {
cmd = append(cmd, "--agent", agentName)
}
cmd = append(cmd, "--session", agentSessionID)
return cmd, true, nil
}
// SessionInfo surfaces opencode plugin-derived metadata. Metadata is
// intentionally nil for opencode: callers get the normalized fields directly,
// matching the Codex adapter.
func (p *Plugin) SessionInfo(ctx context.Context, session ports.SessionRef) (ports.SessionInfo, bool, error) {
if err := ctx.Err(); err != nil {
return ports.SessionInfo{}, false, err
}
info, ok := agentbase.StandardSessionInfo(session)
return info, ok, nil
}
// AuthStatus checks whether opencode has at least one configured provider
// credential.
func (p *Plugin) AuthStatus(ctx context.Context) (ports.AgentAuthStatus, error) {
binary, err := p.opencodeBinary(ctx)
if err != nil {
return ports.AgentAuthStatusUnknown, err
}
if status, ok, err := opencodeLocalAuthStatus(ctx); err != nil {
return ports.AgentAuthStatusUnknown, err
} else if ok {
return status, nil
}
probeCtx, cancel := context.WithTimeout(ctx, 3*time.Second)
defer cancel()
out, err := exec.CommandContext(probeCtx, binary, "auth", "list").CombinedOutput()
if probeCtx.Err() != nil {
return ports.AgentAuthStatusUnknown, probeCtx.Err()
}
text := strings.ToLower(string(out))
if strings.Contains(text, "0 credentials") {
return ports.AgentAuthStatusUnauthorized, nil
}
if strings.Contains(text, "credential") && err == nil {
return ports.AgentAuthStatusAuthorized, nil
}
if err != nil {
return ports.AgentAuthStatusUnknown, nil
}
return ports.AgentAuthStatusUnknown, nil
}
var opencodeAPIKeyEnvVars = []string{
"OPENCODE_API_KEY",
"OPENAI_API_KEY",
"ANTHROPIC_API_KEY",
"GEMINI_API_KEY",
"GOOGLE_API_KEY",
"OPENROUTER_API_KEY",
"DEEPSEEK_API_KEY",
"GROQ_API_KEY",
"XAI_API_KEY",
"MISTRAL_API_KEY",
"COHERE_API_KEY",
}
func opencodeLocalAuthStatus(ctx context.Context) (ports.AgentAuthStatus, bool, error) {
if err := ctx.Err(); err != nil {
return ports.AgentAuthStatusUnknown, false, err
}
for _, name := range opencodeAPIKeyEnvVars {
if strings.TrimSpace(os.Getenv(name)) != "" {
return ports.AgentAuthStatusAuthorized, true, nil
}
}
dataDir, ok := opencodeDataDir()
if !ok {
return ports.AgentAuthStatusUnknown, false, nil
}
jsonStatus, jsonOK, err := opencodeAuthJSONStatus(filepath.Join(dataDir, "auth.json"))
if err != nil {
return ports.AgentAuthStatusUnknown, false, err
}
if jsonOK && jsonStatus == ports.AgentAuthStatusAuthorized {
return jsonStatus, true, nil
}
if status, ok, err := opencodeDBAuthStatus(ctx, filepath.Join(dataDir, "opencode.db")); err != nil || ok {
return status, ok, err
}
if jsonOK {
return jsonStatus, true, nil
}
return ports.AgentAuthStatusUnknown, false, nil
}
func opencodeDataDir() (string, bool) {
if dataDir := strings.TrimSpace(os.Getenv("OPENCODE_DATA_DIR")); dataDir != "" {
return dataDir, true
}
if dataHome := strings.TrimSpace(os.Getenv("XDG_DATA_HOME")); dataHome != "" {
return filepath.Join(dataHome, "opencode"), true
}
home, err := os.UserHomeDir()
if err != nil || home == "" {
return "", false
}
return filepath.Join(home, ".local", "share", "opencode"), true
}
func opencodeAuthJSONStatus(path string) (ports.AgentAuthStatus, bool, error) {
data, err := os.ReadFile(path)
if os.IsNotExist(err) {
return ports.AgentAuthStatusUnknown, false, nil
}
if err != nil {
return ports.AgentAuthStatusUnknown, false, err
}
if strings.TrimSpace(string(data)) == "" {
return ports.AgentAuthStatusUnauthorized, true, nil
}
var entries map[string]json.RawMessage
if err := json.Unmarshal(data, &entries); err != nil {
return ports.AgentAuthStatusUnknown, false, err
}
if len(entries) == 0 {
return ports.AgentAuthStatusUnauthorized, true, nil
}
for key, value := range entries {
if strings.TrimSpace(key) == "" {
continue
}
trimmed := strings.TrimSpace(string(value))
if trimmed != "" && trimmed != "null" && trimmed != "{}" {
return ports.AgentAuthStatusAuthorized, true, nil
}
}
return ports.AgentAuthStatusUnauthorized, true, nil
}
func opencodeDBAuthStatus(ctx context.Context, path string) (ports.AgentAuthStatus, bool, error) {
if err := ctx.Err(); err != nil {
return ports.AgentAuthStatusUnknown, false, err
}
if _, err := os.Stat(path); os.IsNotExist(err) {
return ports.AgentAuthStatusUnknown, false, nil
} else if err != nil {
return ports.AgentAuthStatusUnknown, false, err
}
db, err := sql.Open("sqlite", "file:"+filepath.ToSlash(path)+"?mode=ro&_pragma=busy_timeout(1000)")
if err != nil {
return ports.AgentAuthStatusUnknown, false, err
}
defer func() {
_ = db.Close()
}()
authorized, known, err := opencodeDBHasAuthorizedAccount(ctx, db)
if err != nil {
return ports.AgentAuthStatusUnknown, false, err
}
if !known {
return ports.AgentAuthStatusUnknown, false, nil
}
if authorized {
return ports.AgentAuthStatusAuthorized, true, nil
}
return ports.AgentAuthStatusUnauthorized, true, nil
}
func opencodeDBHasAuthorizedAccount(ctx context.Context, db *sql.DB) (authorized, known bool, err error) {
for _, query := range []string{
`SELECT COUNT(*) FROM account_state WHERE active_account_id IS NOT NULL AND trim(active_account_id) != ''`,
`SELECT COUNT(*) FROM account WHERE trim(access_token) != ''`,
`SELECT COUNT(*) FROM control_account WHERE active = 1 AND trim(access_token) != ''`,
} {
count, err := opencodeDBCount(ctx, db, query)
if err != nil {
if strings.Contains(strings.ToLower(err.Error()), "no such table") {
continue
}
return false, false, err
}
known = true
if count > 0 {
return true, true, nil
}
}
return false, known, nil
}
func opencodeDBCount(ctx context.Context, db *sql.DB, query string) (int, error) {
var count int
if err := db.QueryRowContext(ctx, query).Scan(&count); err != nil {
return 0, err
}
return count, nil
}
// appendPermissionFlags maps AO's permission modes onto opencode's single
// approval flag. opencode exposes only --dangerously-skip-permissions (no
// graduated accept-edits/auto modes), so:
// - bypass-permissions → --dangerously-skip-permissions
// - default / accept-edits / auto → no flag. opencode resolves approvals from
// its own `permission` config exactly as a normal launch.
func appendPermissionFlags(cmd *[]string, permissions ports.PermissionMode) {
if ports.NormalizePermissionMode(permissions) == ports.PermissionModeBypassPermissions {
*cmd = append(*cmd, "--dangerously-skip-permissions")
}
}
const opencodeConfigEnvVar = "OPENCODE_CONFIG"
type opencodeInlineConfig struct {
Schema string `json:"$schema,omitempty"`
Agent map[string]opencodeAgentSettings `json:"agent,omitempty"`
}
type opencodeAgentSettings struct {
Mode string `json:"mode,omitempty"`
Prompt string `json:"prompt,omitempty"`
}
func opencodeConfigEnvPrefix(inlinePrompt, promptFile, sessionID string) ([]string, string, error) {
if inlinePrompt == "" && promptFile == "" {
return nil, "", nil
}
if promptFile == "" {
return nil, "", fmt.Errorf("opencode: system prompt file required to build agent config")
}
agentName := opencodeAOAgentName(sessionID)
prompt := inlinePrompt
if prompt == "" {
prompt = "{file:./" + filepath.Base(promptFile) + "}"
}
dir := filepath.Dir(promptFile)
configPath := filepath.Join(dir, "opencode.json")
config := opencodeInlineConfig{
Schema: "https://opencode.ai/config.json",
Agent: map[string]opencodeAgentSettings{
agentName: {
Mode: "primary",
Prompt: prompt,
},
},
}
data, err := json.MarshalIndent(config, "", " ")
if err != nil {
return nil, "", err
}
data = append(data, '\n')
if err := os.MkdirAll(dir, 0o700); err != nil {
return nil, "", fmt.Errorf("opencode: create prompt config dir: %w", err)
}
if err := hookutil.AtomicWriteFile(configPath, data, 0o600); err != nil {
return nil, "", fmt.Errorf("opencode: write prompt config: %w", err)
}
return []string{"env", opencodeConfigEnvVar + "=" + configPath}, agentName, nil
}
func opencodeAOAgentName(sessionID string) string {
const fallback = "ao-system-prompt"
trimmed := strings.TrimSpace(sessionID)
if trimmed == "" {
return fallback
}
var b strings.Builder
for _, r := range trimmed {
switch {
case r >= 'a' && r <= 'z',
r >= 'A' && r <= 'Z',
r >= '0' && r <= '9',
r == '-',
r == '_':
b.WriteRune(r)
default:
b.WriteByte('-')
}
}
name := strings.Trim(b.String(), "-_")
if name == "" {
return fallback
}
return "ao-" + name
}
// ResolveOpenCodeBinary returns the path to the opencode binary on this machine,
// searching PATH then a handful of well-known install locations (the install
// script's ~/.opencode/bin, Homebrew, npm global).
func ResolveOpenCodeBinary(ctx context.Context) (string, error) {
if err := ctx.Err(); err != nil {
return "", err
}
if runtime.GOOS == "windows" {
for _, name := range []string{"opencode.cmd", "opencode.exe", "opencode"} {
if path, err := exec.LookPath(name); err == nil && path != "" {
return path, nil
}
}
candidates := []string{}
if appData := os.Getenv("APPDATA"); appData != "" {
candidates = append(candidates,
filepath.Join(appData, "npm", "opencode.cmd"),
filepath.Join(appData, "npm", "opencode.exe"),
)
}
for _, candidate := range candidates {
if hookutil.FileExists(candidate) {
return candidate, nil
}
}
return "", fmt.Errorf("opencode: %w", ports.ErrAgentBinaryNotFound)
}
if path, err := exec.LookPath("opencode"); err == nil && path != "" {
return path, nil
}
candidates := []string{
"/usr/local/bin/opencode",
"/opt/homebrew/bin/opencode",
}
if home, err := os.UserHomeDir(); err == nil {
candidates = append(candidates,
filepath.Join(home, ".opencode", "bin", "opencode"),
filepath.Join(home, ".npm", "bin", "opencode"),
)
}
for _, candidate := range candidates {
if hookutil.FileExists(candidate) {
return candidate, nil
}
if err := ctx.Err(); err != nil {
return "", err
}
}
return "", fmt.Errorf("opencode: %w", ports.ErrAgentBinaryNotFound)
}
func (p *Plugin) opencodeBinary(ctx context.Context) (string, error) {
p.binaryMu.Lock()
defer p.binaryMu.Unlock()
if p.resolvedBinary != "" {
return p.resolvedBinary, nil
}
binary, err := ResolveOpenCodeBinary(ctx)
if err != nil {
return "", err
}
p.resolvedBinary = binary
return binary, nil
}