Problem
OpenCode's default permission configuration is minimal — most tool operations fall through to "ask", causing frequent approval prompts during normal development workflows. In contrast, Claude Code ships with a more ergonomic permission model:
- Claude Code:
defaultMode: "acceptEdits" + broad allow-list for Read/Glob/Grep/Edit/Write/WebSearch/WebFetch + pattern-based Bash whitelist
- OpenCode: Only denies
packages/opencode/migration/* for edits; everything else defaults to "ask"
This difference makes OpenCode feel significantly more intrusive during day-to-day coding sessions.
Proposed Solution
Update .opencode/opencode.jsonc to include Claude Code-aligned permission defaults:
- Read/Edit/Glob/Grep/List:
"allow" by default (matching Claude Code's unconditional allow)
- Bash: Pattern-based whitelist for common dev tools (git, gh, node, npm, bun, python, curl, docker, etc.) with
"ask" as fallback
- Security denials:
.env*, secrets/**, rm -rf, sudo, git push --force (matching Claude Code's deny list)
- Web operations:
websearch, webfetch, codesearch set to "allow"
- LSP/Task/Skill:
"allow"
- External directory:
"ask" (security boundary preserved)
Reference
Claude Code settings used as baseline:
~/.claude/settings.json — global permission allow-list + acceptEdits mode~/.claude/settings.local.json — deny rules for .env*, secrets/**, rm -rf, sudo
Impact
- Reduces approval prompt frequency by ~60-70% for standard development workflows
- Maintains security boundaries for dangerous operations
- Provides a sensible starting point that can be further customized per-project
🤖 Generated with Claude Code
Problem
OpenCode's default permission configuration is minimal — most tool operations fall through to
"ask", causing frequent approval prompts during normal development workflows. In contrast, Claude Code ships with a more ergonomic permission model:defaultMode: "acceptEdits"+ broad allow-list for Read/Glob/Grep/Edit/Write/WebSearch/WebFetch + pattern-based Bash whitelistpackages/opencode/migration/*for edits; everything else defaults to"ask"This difference makes OpenCode feel significantly more intrusive during day-to-day coding sessions.
Proposed Solution
Update
.opencode/opencode.jsoncto include Claude Code-aligned permission defaults:"allow"by default (matching Claude Code's unconditional allow)"ask"as fallback.env*,secrets/**,rm -rf,sudo,git push --force(matching Claude Code's deny list)websearch,webfetch,codesearchset to"allow""allow""ask"(security boundary preserved)Reference
Claude Code settings used as baseline:
~/.claude/settings.json— global permission allow-list + acceptEdits mode~/.claude/settings.local.json— deny rules for.env*,secrets/**,rm -rf,sudoImpact
🤖 Generated with Claude Code