feat(den): scheduled jobs

[benjaminshafii]

Summary

• seed accessible Den LLM provider config into Daytona worker workspaces before starting openwork
• inject provider API keys as process env vars instead of writing secrets to opencode.jsonc
• write a non-secret provider seed manifest for e2e/runtime readiness checks
• add a Cloud MCP-visible Den API route to start background OpenCode jobs on cloud workers via the worker OpenWork proxy
• add focused tests for provider seeding, cloud background job triggering, and MCP exposure

Cloud MCP background job flow

1. OpenWork Cloud MCP calls POST /v1/workers/:id/background-jobs.
2. Den resolves the org-scoped cloud worker and its client token.
3. Den discovers the worker workspace URL.
4. Den creates an OpenCode session through /opencode/session on the cloud worker.
5. Den calls /opencode/session/:sessionId/prompt_async and returns immediately with job/session ids.

Testing

• bun test ee/apps/den-api/test/daytona-provider-seed.test.ts ee/apps/den-api/test/worker-background-jobs.test.ts ee/apps/den-api/test/mcp-worker-background-jobs.test.ts
• pnpm --filter @openwork-ee/den-api exec tsc -p tsconfig.json
• Daytona smoke: created a second Daytona sandbox from snapshot openwork-0.14.1, verified provider config writing, verified API key was not written to opencode.jsonc/manifest, verified env injection, verified opencode exists at /usr/local/bin/opencode with version 1.15.12, then deleted the smoke sandbox

Notes

• The SDK smoke script requires DAYTONA_API_KEY and a runtime snapshot via DAYTONA_SNAPSHOT for the full SDK-backed smoke path.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
openwork-app	Ready	Preview, Comment	Jun 2, 2026 6:54am
openwork-den	Ready	Preview, Comment	Jun 2, 2026 6:54am
openwork-den-worker-proxy	Ready	Preview, Comment	Jun 2, 2026 6:54am
openwork-landing	Ready	Preview, Comment, Open in v0	Jun 2, 2026 6:54am

[cubic-dev-ai]

2 issues found across 9 files

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="ee/apps/den-api/src/routes/workers/core.ts">

<violation number="1" location="ee/apps/den-api/src/routes/workers/core.ts:190">
P2: Switching to organization-context middleware changed create-worker error semantics (now 404/403 from middleware), leaving an unreachable 400 `organization_unavailable` path and inaccurate API response contract.</violation>
</file>

<file name="ee/apps/den-api/src/workers/daytona-provider-seed.ts">

<violation number="1" location="ee/apps/den-api/src/workers/daytona-provider-seed.ts:85">
P1: Silent parse failure can clobber existing `opencode.jsonc` settings by overwriting with only seeded provider data.</violation>
</file>

<sub>Reply with feedback, questions, or to request a fix.

Re-trigger cubic</sub>

[cubic-dev-ai]

P1: Silent parse failure can clobber existing opencode.jsonc settings by overwriting with only seeded provider data.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At ee/apps/den-api/src/workers/daytona-provider-seed.ts, line 85:

<comment>Silent parse failure can clobber existing `opencode.jsonc` settings by overwriting with only seeded provider data.</comment>

<file context>
@@ -0,0 +1,95 @@
+    'fs.mkdirSync(path.dirname(target), { recursive: true })',
+    'let existing = {}',
+    'if (fs.existsSync(target)) {',
+    '  try { existing = JSON.parse(fs.readFileSync(target, "utf8")) } catch {}',
+    '}',
+    'const existingProvider = existing.provider && typeof existing.provider === "object" && !Array.isArray(existing.provider) ? existing.provider : {}',
</file context>

[cubic-dev-ai]

P2: Switching to organization-context middleware changed create-worker error semantics (now 404/403 from middleware), leaving an unreachable 400 organization_unavailable path and inaccurate API response contract.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At ee/apps/den-api/src/routes/workers/core.ts, line 190:

<comment>Switching to organization-context middleware changed create-worker error semantics (now 404/403 from middleware), leaving an unreachable 400 `organization_unavailable` path and inaccurate API response contract.</comment>

<file context>
@@ -186,11 +187,12 @@ export function registerWorkerCoreRoutes<T extends { Variables: WorkerRouteVaria
     }),
     requireUserMiddleware,
-    resolveUserOrganizationsMiddleware,
+    resolveOrganizationContextMiddleware,
     jsonValidator(createWorkerSchema),
     async (c) => {
</file context>