From 37b7c1e53c0a03255d72c78872a029d9118bfce3 Mon Sep 17 00:00:00 2001
From: Shantur Rathore <i@shantur.com>
Date: Wed, 28 Jan 2026 23:41:32 +0000
Subject: [PATCH] fix(server): enforce workspace directory via
 x-opencode-directory

---
 packages/server/src/server/http-server.ts | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/packages/server/src/server/http-server.ts b/packages/server/src/server/http-server.ts
index 65ef3472..0da95d16 100644
--- a/packages/server/src/server/http-server.ts
+++ b/packages/server/src/server/http-server.ts
@@ -380,6 +380,16 @@ async function proxyWorkspaceRequest(args: {
       if (instanceAuthHeader) {
         headers.authorization = instanceAuthHeader
       }
+
+      // Enforce per-workspace directory scoping for all proxied OpenCode requests.
+      // OpenCode expects the *full* path; we send it via header to avoid query tampering.
+      const directory = workspace.path
+      const isNonASCII = /[^\x00-\x7F]/.test(directory)
+      const encodedDirectory = isNonASCII ? encodeURIComponent(directory) : directory
+
+      // Overwrite any client-provided value (case-insensitive headers are normalized by Node).
+      ;(headers as Record<string, unknown>)["x-opencode-directory"] = encodedDirectory
+
       return headers
     },
     onError: (proxyReply, { error }) => {