fix(opencode): strip transfer-encoding in UI proxy and allow public manifest assets

[OpeOginni]

Issue for this PR

Closes #25697

Type of change

• Bug fix
• New feature
• Refactor / code improvement
• Documentation

What does this PR do?

• Fixes net::ERR_INVALID_CHUNKED_ENCODING 200 (OK) when loading / through opencode serve's UI proxy.
• Fixes 401 Unauthorized on /site.webmanifest and PWA icons when OPENCODE_SERVER_PASSWORD is set.
• Fixes terminal websocket startup when the app uses an auth_token-style flow by scoping PTY connect tokens to the same directory the websocket uses.

How did you verify your code works?

• Reproduced and verified both serve UI issues:

  • / previously failed with ERR_INVALID_CHUNKED_ENCODING; now loads cleanly.
  • /site.webmanifest returned 401 with a server password set; now returns 200.

• Manually verified PTY terminal startup: token mint and websocket connect now consistently succeed because directory matches across both requests.

• Ran focused server tests:

  • bun test test/server/httpapi-ui.test.ts
  • bun test test/server/httpapi-authorization.test.ts
  • bun test test/server/httpapi-listen.test.ts

• Manually verified production proxy and local preview proxy through opencode serve.

Screenshots / recordings

Checklist

• I have tested my changes locally
• I have not included unrelated changes in this PR

[github-actions]

Hey! Your PR title fix(httpapi/desktop): strip transfer-encoding in UI proxy and allow public manifest assets doesn't follow conventional commit format.

Please update it to start with one of:

• feat: or feat(scope): new feature
• fix: or fix(scope): bug fix
• docs: or docs(scope): documentation changes
• chore: or chore(scope): maintenance tasks
• refactor: or refactor(scope): code refactoring
• test: or test(scope): adding or updating tests

Where scope is the package name (e.g., app, desktop, opencode).

See CONTRIBUTING.md for details.

[OpeOginni]

How to reproduce / test locally

1. Build the app:

bun --cwd packages/app build

2. Serve the built static output on a fixed port

bun --cwd packages/app serve -- --host 127.0.0.1 --port 4173

3. Temporarily point the serve UI proxy at the local build instead of desktop.opencode.ai:
   • Edit packages/opencode/src/server/shared/ui.ts.
   • Change:

export const UI_UPSTREAM = new URL("https://app.opencode.ai")

to:

export const UI_UPSTREAM = new URL("http://127.0.0.1:4173")

4. Run opencode serve, optionally with a server password to reproduce the manifest 401:
   OPENCODE_SERVER_PASSWORD=test bun --cwd packages/opencode run dev serve --port 4099

5. Open the served URL in a browser:
   http://127.0.0.1:4099/

Issues

• / fails with net::ERR_INVALID_CHUNKED_ENCODING 200 (OK).
• GET /site.webmanifest returns 401 Unauthorized when a password is set, and the browser logs manifest fetch failures.
• Opening the integrated terminal: PTY websocket frequently stalls or errors because the minted ticket scope does not match the websocket directory query.

PR Fixes

• / loads cleanly through the UI proxy.
• /site.webmanifest and PWA icon fetches return 200 without app credentials.
• The integrated terminal connects and produces output immediately because connectToken and the PTY websocket share the same directory scope.