Permission rework by thdxr · Pull Request #6319 · anomalyco/opencode

thdxr · 2025-12-28T22:27:49Z

Summary

This is a major change that overhauls the permissions system in OpenCode.

Tools Merged into Permission

The tools configuration has been deprecated and merged into the permission field. Previously, you could enable/disable tools like this:

{
  "tools": {
    "bash": true,
    "edit": false
  }
}

Now, this should be configured using permission:

{
  "permission": {
    "bash": "allow",
    "edit": "deny"
  }
}

The old tools config is still supported for backwards compatibility and will be automatically migrated to the permission system.

Granular Permissions with Object Syntax

Permissions now support granular control using an object syntax with pattern matching. When you specify a permission as an object, you can set different rules for different patterns:

{
  "permission": {
    "bash": {
      "npm *": "allow",
      "git *": "allow",
      "rm *": "deny",
      "*": "ask"
    },
    "edit": {
      "*.md": "allow",
      "*.ts": "ask",
      "*": "deny"
    }
  }
}

Each key in the object is a glob pattern that matches against the tool's input, and the value is the action to take:

"allow" - automatically approve
"deny" - automatically reject
"ask" - prompt the user for approval

You can also set a blanket permission using a simple string:

{
  "permission": {
    "bash": "allow",
    "edit": "ask"
  }
}

Or set all permissions at once:

{
  "permission": "allow"
}

Breaking Changes for SDK Users

The permission events have changed significantly. The new PermissionNext module (permission/next.ts) has a different event structure compared to the old Permission module (permission/index.ts):

Old Event Structure (Permission.Event):

Updated: { id, type, pattern, sessionID, messageID, callID, message, metadata, time }
Replied: { sessionID, permissionID, response }

New Event Structure (PermissionNext.Event):

Asked: { id, sessionID, permission, patterns, metadata, always, tool: { messageID, callID } }
Replied: { sessionID, requestID, reply }

Key differences:

Event name changed from permission.updated to permission.asked
type renamed to permission
pattern is now patterns (array of strings)
message field removed
response renamed to reply
permissionID renamed to requestID
New always field contains patterns that would be approved for future requests if user selects "always"

The reply values are the same: "once", "always", or "reject"

Server Changes

New endpoint: POST /permission/:requestID/reply for responding to permission requests
Old endpoint POST /session/:sessionID/permissions/:permissionID is now deprecated
GET /permission now returns PermissionNext.Request[] instead of Permission.Info[]
Added CORS whitelist support via server.cors config option
Added Content-Type headers for proxied static assets
mDNS service name now includes port for uniqueness

Other Changes

Agent tools field is deprecated - use permission instead
Agent maxSteps is deprecated - use steps instead
Unknown agent properties are now collected into options
Mode and plugin globs no longer search subdirectories (simplified to top-level only)

thdxr · 2025-12-31T23:20:57Z

@copilot review this bitch

Copilot · 2025-12-31T23:21:06Z

@thdxr I've opened a new pull request, #6554, to work on those changes. Once the pull request is ready, I'll request review from you.

thdxr · 2026-01-01T00:05:48Z

/review

github-actions · 2026-01-01T00:07:30Z