Problem
#155 passes OPENCODE_AUTH_CONTENT to workspace adaptors so they can spawn authenticated opencode processes.
Right now, that env contains the full serialized auth store. This means a third-party or remote workspace adaptor may receive credentials that are unrelated to the provider, workspace, or operation it actually needs.
Why This Matters
The current behavior works, but the auth boundary is broader than necessary.
We should follow least-privilege here:
- only pass auth when the adaptor explicitly needs it
- only pass the provider or auth entries relevant to that adaptor or workspace
- avoid exposing unrelated credentials to adaptor code
Proposed Follow-up
- Define whether workspace adaptors should opt in to auth env propagation.
- If auth is needed, scope
OPENCODE_AUTH_CONTENT to the minimal provider or entries required by that workspace/adaptor.
- Preserve compatibility for existing adaptors as much as possible during the transition.
Notes
#155 documented that this env may contain secrets and kept it optional, but it did not enforce scoping yet.
Raised during #155 review while closing #92.
Problem
#155 passes
OPENCODE_AUTH_CONTENTto workspace adaptors so they can spawn authenticatedopencodeprocesses.Right now, that env contains the full serialized auth store. This means a third-party or remote workspace adaptor may receive credentials that are unrelated to the provider, workspace, or operation it actually needs.
Why This Matters
The current behavior works, but the auth boundary is broader than necessary.
We should follow least-privilege here:
Proposed Follow-up
OPENCODE_AUTH_CONTENTto the minimal provider or entries required by that workspace/adaptor.Notes
#155 documented that this env may contain secrets and kept it optional, but it did not enforce scoping yet.
Raised during #155 review while closing #92.