Skip to content

v0.2.0

Choose a tag to compare

View all tags
@github-actions github-actions released this 07 Jun 15:34
· 24 commits to main since this release
v0.2.0
9b7d2f9
This commit was signed with the committer’s verified signature.
tcdw Xi Zhang
GPG key ID: 52B61C486B78A734
Verified
Learn about vigilant mode.

Added

  • ocp export and ocp import: move profiles between machines through a single
    portable, encrypted .zip bundle — the groundwork for cross-platform (Windows)
    use. Config (opencode.json, AGENTS.md, skills) travels in plaintext, while
    secrets (auth.json, mcp-auth.json, *.key) are packed into one AES-256-GCM
    secrets.enc blob whose key is derived from a passphrase via PBKDF2. Supply the
    passphrase interactively or with OCP_PASSPHRASE.
  • Windows launch support: opencode is started as a child process (stdio and
    environment forwarded, exit code mirrored), since unix-style exec() process
    replacement is not available on Windows.

Changed

  • The launch handoff is now platform-split: syscall.Exec on unix and
    child-process execution on Windows (internal/launch/exec_{unix,windows}.go).
  • A linked domain automatically degrades to an owned copy when the filesystem
    refuses symlinks (e.g. Windows without the symlink privilege), so import never
    leaves a profile half-built.

Security

  • Bundles never store secrets in their plaintext region. Export warns when
    opencode.json holds a literal API key instead of a {file:}/{env:}
    reference, and import guards against path traversal (zip-slip) while rewriting
    absolute {file:} paths to the target machine's store root.
Assets 9
Loading