[Feature] Security concern: Improve security by supporting setting and consuming OPENCODE_SERVER_PASSWORD #39
Description
Problem / Motivation
First of all thank you for such a great tool, I cannot stress enough how useful it has been for me.
This maybe a moot concern but with AI allowing more and more less technical people to use this kind of tech much easier, all kinds of security issues that may be obvious to some of us might be easy attack vectors for others.
That's why I was wondering if you think that supporting basic auth over http by implementing opencode's own OPENCODE_SERVER_PASSWORD would be worth it?
I am more than willing to contribute it to the repository if you agree.
Proposed Solution
The solution is straightforward we allow users to run OPENCODE_SERVER_PASSWORD=password-here remote-opencode start and internally we start the opencode server with that password and all interactions within the package that consume the opencode server would just ensure to include the password we already set.
That way if the user's opencode server is somehow compromised or someone tries to fake a prompt injection they are deterred by a basic auth over http at the very least, which would protect most users from a variety of the lower-effort type of exploitative vulnerabilities that come with running agents on your machine.
Are you willing to work on this?
- Yes, I'd like to implement this feature
- I can help but would need guidance
- No, I'm just suggesting the idea
As mentioned above I am more than happy to implement it, I might have some simple questions along the way but going through the code in this project it kind of seems self-documenting and straightforward to follow 👍
i am merely opening this issue to highlight the problem and get feedback on the problem/solution, before i invest time in contributing.