feat(OpenCode TLS): 新增自簽憑證驗證略過設定

app/preflight.js

@@ -8,6 +8,7 @@ import {
   GITEA_SKIP_TLS_VERIFY,
   PR_NUMBER,
   getLLMConfig,
+  shouldSkipOpenCodeTLSVerify,
 } from './config.js';
 import { verifyRemoteAccess } from './git.js';
 import { step, line, ok, error } from './log.js';
@@ -26,6 +27,11 @@ const applyOpenCodeAuth = (headers) => {
   const username = process.env.OPENCODE_SERVER_USERNAME || 'opencode';
   headers['Authorization'] = `Basic ${Buffer.from(`${username}:${password}`).toString('base64')}`;
 };
+const opencodeAxiosOptions = (headers) => ({
+  headers,
+  timeout: 30000,
+  httpsAgent: shouldSkipOpenCodeTLSVerify() ? new https.Agent({ rejectUnauthorized: false }) : undefined,
+});
 
 function giteaErr(e) {
   const status = e.response?.status;
@@ -89,8 +95,8 @@ export async function verifyLLM() {
     const { providerID, modelID } = opencodeModelConfig(model);
     applyOpenCodeAuth(headers);
     try {
-      await axios.get(`${base}/global/health`, { headers, timeout: 30000 });
-      const providers = await axios.get(`${base}/config/providers`, { headers, timeout: 30000 });
+      await axios.get(`${base}/global/health`, opencodeAxiosOptions(headers));
+      const providers = await axios.get(`${base}/config/providers`, opencodeAxiosOptions(headers));
       const configuredProvider = providers.data.providers?.find(p => p.id === providerID);
       if (!configuredProvider) return { ok: false, provider, error: `OpenCode server 未設定 provider=${providerID}` };
       if (!configuredProvider.models?.[modelID]) return { ok: false, provider, error: `OpenCode server provider=${providerID} 未列出 model=${modelID}` };