diff options
| author | Bernat Pericàs <[email protected]> | 2025-10-24 00:11:08 +0200 |
|---|---|---|
| committer | GitHub <[email protected]> | 2025-10-23 17:11:08 -0500 |
| commit | 4c90bf3e078915024fa8c013e2eaa038ce94f4b8 (patch) | |
| tree | 4e905a27bbbcb1ebc78fd295acdde35913cacd66 /packages | |
| parent | 4216c1c2a9a0eb9516fa14aaeacc51c4ab6be9eb (diff) | |
| download | opencode-4c90bf3e078915024fa8c013e2eaa038ce94f4b8.tar.gz opencode-4c90bf3e078915024fa8c013e2eaa038ce94f4b8.zip | |
refactor: whitelist some safe bash tools in Plan agent (#3288)
Co-authored-by: Aiden Cline <[email protected]>
Diffstat (limited to 'packages')
| -rw-r--r-- | packages/opencode/src/agent/agent.ts | 45 |
1 files changed, 44 insertions, 1 deletions
diff --git a/packages/opencode/src/agent/agent.ts b/packages/opencode/src/agent/agent.ts index 26a5a472a..88e52aadf 100644 --- a/packages/opencode/src/agent/agent.ts +++ b/packages/opencode/src/agent/agent.ts @@ -51,7 +51,50 @@ export namespace Agent { const planPermission = mergeAgentPermissions( { edit: "deny", - bash: "ask", + bash: { + "awk -i inplace*": "ask", + "awk --inplace*": "ask", + "awk*": "allow", + "cut*": "allow", + "diff*": "allow", + "du*": "allow", + "file *": "allow", + "find * -delete*": "ask", + "find * -exec*": "ask", + "find * -fprint*": "ask", + "find * -fls*": "ask", + "find * -fprintf*": "ask", + "find * -ok*": "ask", + "find *": "allow", + "git diff*": "allow", + "git log*": "allow", + "git show*": "allow", + "git status*": "allow", + "git branch": "allow", + "git branch -v": "allow", + "grep*": "allow", + "head*": "allow", + "less*": "allow", + "ls*": "allow", + "more*": "allow", + "pwd*": "allow", + "rg*": "allow", + "sed --in-place*": "ask", + "sed -i*": "ask", + "sed -n *": "allow", + "sort --output=*": "ask", + "sort -o *": "ask", + "sort*": "allow", + "stat*": "allow", + "tail*": "allow", + "tree -o *": "ask", + "tree*": "allow", + "uniq*": "allow", + "wc*": "allow", + "whereis*": "allow", + "which*": "allow", + "*": "ask", + }, webfetch: "allow", }, cfg.permission ?? {}, |
