Skip to content

fix(opencode): harden serve mode — permissions, bash safety, session recovery#20675

Open
sjawhar wants to merge 1 commit intoanomalyco:devfrom
sjawhar:fix/serve-hardening
Open

fix(opencode): harden serve mode — permissions, bash safety, session recovery#20675
sjawhar wants to merge 1 commit intoanomalyco:devfrom
sjawhar:fix/serve-hardening

Conversation

@sjawhar
Copy link
Copy Markdown

@sjawhar sjawhar commented Apr 2, 2026
edited
Loading

Issue for this PR

Fixes #14473

Type of change

  • Bug fix
  • New feature
  • Refactor / code improvement
  • Documentation

What does this PR do?

Add next-generation permission system with granular tool/directory controls. Harden bash tool execution with improved timeout, signal handling, and output management. Fix session message ordering and prompt loop edge cases.

How did you verify your code works?

  • Ran bun typecheck from packages/opencode
  • Ran targeted unit tests
  • Tested with custom binary build

Checklist

  • I have tested my changes locally
  • I have not included unrelated changes in this PR

@sjawhar sjawhar requested a review from adamdotdevin as a code owner April 2, 2026 13:58
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 2, 2026

Thanks for your contribution!

This PR doesn't have a linked issue. All PRs must reference an existing issue.

Please:

  1. Open an issue describing the bug/feature (if one doesn't exist)
  2. Add Fixes #<number> or Closes #<number> to this PR description

See CONTRIBUTING.md for details.

@github-actions github-actions bot added the needs:compliance This means the issue will auto-close after 2 hours. label Apr 2, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 2, 2026

The following comment was made by an LLM, it may be inaccurate:

Based on my search results, I found two closely related PRs that appear to address components of this consolidation PR:

Related PRs:

  1. PR feat(session): watchdog for stuck tool/session recovery #20104 - feat(session): watchdog for stuck tool/session recovery

    • Related to: session recovery aspect

  2. PR feat(tool): configurable timeout protection for tool and task execution #20103 - feat(tool): configurable timeout protection for tool and task execution

    • Related to: bash tool execution timeout and signal handling aspect

  3. PR fix(session): use parentID instead of message ID ordering in prompt loop #17010 - fix(session): use parentID instead of message ID ordering in prompt loop

    • Related to: session message ordering fix

These appear to be earlier/related attempts at addressing some of the same issues that PR #20675 consolidates. However, since PR #20675 is described as "a consolidation of multiple related serve-mode hardening fixes" across 58 files, these may be prerequisite work or related but distinct efforts rather than true duplicates.

@sjawhar sjawhar changed the title fix: harden serve mode — permission system, bash safety, session recovery, prompt robustness fix(opencode): harden serve mode — permissions, bash safety, session recovery Apr 2, 2026
@github-actions github-actions bot removed needs:compliance This means the issue will auto-close after 2 hours. needs:issue labels Apr 2, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 2, 2026

Thanks for updating your PR! It now meets our contributing guidelines. 👍

@sjawhar sjawhar force-pushed the fix/serve-hardening branch from 8d6e4d1 to b9d52f1 Compare April 8, 2026 23:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@adamdotdevin adamdotdevin Awaiting requested review from adamdotdevin

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Bash permission 'ask' hangs forever in headless/server mode

1 participant

@sjawhar