summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorAiden Cline <[email protected]>2026-01-12 16:46:32 -0600
committerAiden Cline <[email protected]>2026-01-12 16:46:47 -0600
commitfd37d5b54e029a1d082373baccdb56a922af4b8f (patch)
tree08f826e1cd2a18fd808213c79f63621047a126ce
parente146083b73e0d8f2a33570e24672176d0811d663 (diff)
downloadopencode-fd37d5b54e029a1d082373baccdb56a922af4b8f.tar.gz
opencode-fd37d5b54e029a1d082373baccdb56a922af4b8f.zip
tweak: truncation dir perm
-rw-r--r--packages/opencode/src/agent/agent.ts12
-rw-r--r--packages/opencode/src/tool/truncation.ts1
-rw-r--r--packages/opencode/test/agent/agent.test.ts3
3 files changed, 12 insertions, 4 deletions
diff --git a/packages/opencode/src/agent/agent.ts b/packages/opencode/src/agent/agent.ts
index fffc20426..ea9d3e3ba 100644
--- a/packages/opencode/src/agent/agent.ts
+++ b/packages/opencode/src/agent/agent.ts
@@ -50,6 +50,7 @@ export namespace Agent {
external_directory: {
"*": "ask",
[Truncate.DIR]: "allow",
+ [Truncate.GLOB]: "allow",
},
question: "deny",
// mirrors github.com/github/gitignore Node.gitignore pattern for .env files
@@ -124,6 +125,7 @@ export namespace Agent {
read: "allow",
external_directory: {
[Truncate.DIR]: "allow",
+ [Truncate.GLOB]: "allow",
},
}),
user,
@@ -213,14 +215,16 @@ export namespace Agent {
// Ensure Truncate.DIR is allowed unless explicitly configured
for (const name in result) {
const agent = result[name]
- const explicit = agent.permission.some(
- (r) => r.permission === "external_directory" && r.pattern === Truncate.DIR && r.action === "deny",
- )
+ const explicit = agent.permission.some((r) => {
+ if (r.permission !== "external_directory") return false
+ if (r.action !== "deny") return false
+ return r.pattern === Truncate.DIR || r.pattern === Truncate.GLOB
+ })
if (explicit) continue
result[name].permission = PermissionNext.merge(
result[name].permission,
- PermissionNext.fromConfig({ external_directory: { [Truncate.DIR]: "allow" } }),
+ PermissionNext.fromConfig({ external_directory: { [Truncate.DIR]: "allow", [Truncate.GLOB]: "allow" } }),
)
}
diff --git a/packages/opencode/src/tool/truncation.ts b/packages/opencode/src/tool/truncation.ts
index 133c57d3d..a876705d7 100644
--- a/packages/opencode/src/tool/truncation.ts
+++ b/packages/opencode/src/tool/truncation.ts
@@ -10,6 +10,7 @@ export namespace Truncate {
export const MAX_LINES = 2000
export const MAX_BYTES = 50 * 1024
export const DIR = path.join(Global.Path.data, "tool-output")
+ export const GLOB = path.join(DIR, "*")
const RETENTION_MS = 7 * 24 * 60 * 60 * 1000 // 7 days
export type Result = { content: string; truncated: false } | { content: string; truncated: true; outputPath: string }
diff --git a/packages/opencode/test/agent/agent.test.ts b/packages/opencode/test/agent/agent.test.ts
index 68833c794..45f674c18 100644
--- a/packages/opencode/test/agent/agent.test.ts
+++ b/packages/opencode/test/agent/agent.test.ts
@@ -461,6 +461,7 @@ test("Truncate.DIR is allowed even when user denies external_directory globally"
fn: async () => {
const build = await Agent.get("build")
expect(PermissionNext.evaluate("external_directory", Truncate.DIR, build!.permission).action).toBe("allow")
+ expect(PermissionNext.evaluate("external_directory", Truncate.GLOB, build!.permission).action).toBe("allow")
expect(PermissionNext.evaluate("external_directory", "/some/other/path", build!.permission).action).toBe("deny")
},
})
@@ -484,6 +485,7 @@ test("Truncate.DIR is allowed even when user denies external_directory per-agent
fn: async () => {
const build = await Agent.get("build")
expect(PermissionNext.evaluate("external_directory", Truncate.DIR, build!.permission).action).toBe("allow")
+ expect(PermissionNext.evaluate("external_directory", Truncate.GLOB, build!.permission).action).toBe("allow")
expect(PermissionNext.evaluate("external_directory", "/some/other/path", build!.permission).action).toBe("deny")
},
})
@@ -506,6 +508,7 @@ test("explicit Truncate.DIR deny is respected", async () => {
fn: async () => {
const build = await Agent.get("build")
expect(PermissionNext.evaluate("external_directory", Truncate.DIR, build!.permission).action).toBe("deny")
+ expect(PermissionNext.evaluate("external_directory", Truncate.GLOB, build!.permission).action).toBe("deny")
},
})
})