summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorAiden Cline <[email protected]>2025-08-06 05:18:08 -0500
committerGitHub <[email protected]>2025-08-06 05:18:08 -0500
commit6beba2c04f00ff86dbae72582bb5d7c16e03a149 (patch)
tree02471bf90b65df33e5fe569958b15656c5ecc419
parentb8a0ecca981b59b4fd7f6a0c07f60790aa3fefbb (diff)
downloadopencode-6beba2c04f00ff86dbae72582bb5d7c16e03a149.tar.gz
opencode-6beba2c04f00ff86dbae72582bb5d7c16e03a149.zip
docs: document permissions (#1638)
-rw-r--r--packages/opencode/src/tool/registry.ts3
-rw-r--r--packages/web/src/content/docs/docs/permissions.mdx17
2 files changed, 19 insertions, 1 deletions
diff --git a/packages/opencode/src/tool/registry.ts b/packages/opencode/src/tool/registry.ts
index c49dbb005..1ff89f727 100644
--- a/packages/opencode/src/tool/registry.ts
+++ b/packages/opencode/src/tool/registry.ts
@@ -75,6 +75,9 @@ export namespace ToolRegistry {
result["patch"] = false
result["write"] = false
}
+ if (cfg?.permission?.bash === "deny") {
+ result["bash"] = false
+ }
if (modelID.toLowerCase().includes("claude")) {
result["patch"] = false
diff --git a/packages/web/src/content/docs/docs/permissions.mdx b/packages/web/src/content/docs/docs/permissions.mdx
index 651546f76..a3de452df 100644
--- a/packages/web/src/content/docs/docs/permissions.mdx
+++ b/packages/web/src/content/docs/docs/permissions.mdx
@@ -21,6 +21,7 @@ Use the `permission.edit` key to control whether file editing operations require
- `"ask"` - Prompt for approval before editing files
- `"allow"` - Allow all file editing operations without approval
+- `"deny"` - Make all file editing tools disabled and unavailable
```json title="opencode.json" {4}
{
@@ -41,7 +42,8 @@ Controls whether bash commands require user approval.
You can specify which commands you want to have run without approval.
:::
-This can be configured globally or with specific patterns. Setting this to `"ask"` is the strictest mode, requiring approval for all bash commands.
+This can be configured globally or with specific patterns. Setting this to `"ask"`, requiring approval for all bash commands.
+Setting this to `"deny"` is the strictest option, blocking LLM from running that command or command pattern.
For example.
@@ -56,6 +58,19 @@ For example.
}
```
+- **Disable all Terraform commands**
+
+ ```json title="opencode.json"
+ {
+ "$schema": "https://opencode.ai/config.json",
+ "permission": {
+ "bash": {
+ "terraform *": "deny"
+ }
+ }
+ }
+ ```
+
- **Approve specific commands**
```json title="opencode.json"