summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorBernat Pericàs <[email protected]>2025-10-24 00:11:08 +0200
committerGitHub <[email protected]>2025-10-23 17:11:08 -0500
commit4c90bf3e078915024fa8c013e2eaa038ce94f4b8 (patch)
tree4e905a27bbbcb1ebc78fd295acdde35913cacd66
parent4216c1c2a9a0eb9516fa14aaeacc51c4ab6be9eb (diff)
downloadopencode-4c90bf3e078915024fa8c013e2eaa038ce94f4b8.tar.gz
opencode-4c90bf3e078915024fa8c013e2eaa038ce94f4b8.zip
refactor: whitelist some safe bash tools in Plan agent (#3288)
Co-authored-by: Aiden Cline <[email protected]>
-rw-r--r--packages/opencode/src/agent/agent.ts45
1 files changed, 44 insertions, 1 deletions
diff --git a/packages/opencode/src/agent/agent.ts b/packages/opencode/src/agent/agent.ts
index 26a5a472a..88e52aadf 100644
--- a/packages/opencode/src/agent/agent.ts
+++ b/packages/opencode/src/agent/agent.ts
@@ -51,7 +51,50 @@ export namespace Agent {
const planPermission = mergeAgentPermissions(
{
edit: "deny",
- bash: "ask",
+ bash: {
+ "awk -i inplace*": "ask",
+ "awk --inplace*": "ask",
+ "awk*": "allow",
+ "cut*": "allow",
+ "diff*": "allow",
+ "du*": "allow",
+ "file *": "allow",
+ "find * -delete*": "ask",
+ "find * -exec*": "ask",
+ "find * -fprint*": "ask",
+ "find * -fls*": "ask",
+ "find * -fprintf*": "ask",
+ "find * -ok*": "ask",
+ "find *": "allow",
+ "git diff*": "allow",
+ "git log*": "allow",
+ "git show*": "allow",
+ "git status*": "allow",
+ "git branch": "allow",
+ "git branch -v": "allow",
+ "grep*": "allow",
+ "head*": "allow",
+ "less*": "allow",
+ "ls*": "allow",
+ "more*": "allow",
+ "pwd*": "allow",
+ "rg*": "allow",
+ "sed --in-place*": "ask",
+ "sed -i*": "ask",
+ "sed -n *": "allow",
+ "sort --output=*": "ask",
+ "sort -o *": "ask",
+ "sort*": "allow",
+ "stat*": "allow",
+ "tail*": "allow",
+ "tree -o *": "ask",
+ "tree*": "allow",
+ "uniq*": "allow",
+ "wc*": "allow",
+ "whereis*": "allow",
+ "which*": "allow",
+ "*": "ask",
+ },
webfetch: "allow",
},
cfg.permission ?? {},