diff options
| -rw-r--r-- | packages/opencode/src/config/config.ts | 1 | ||||
| -rw-r--r-- | packages/opencode/src/tool/registry.ts | 3 | ||||
| -rw-r--r-- | packages/opencode/src/tool/webfetch.ts | 17 | ||||
| -rw-r--r-- | packages/web/src/content/docs/docs/permissions.mdx | 8 |
4 files changed, 29 insertions, 0 deletions
diff --git a/packages/opencode/src/config/config.ts b/packages/opencode/src/config/config.ts index c2491e8b9..2ba82904f 100644 --- a/packages/opencode/src/config/config.ts +++ b/packages/opencode/src/config/config.ts @@ -341,6 +341,7 @@ export namespace Config { .object({ edit: Permission.optional(), bash: z.union([Permission, z.record(z.string(), Permission)]).optional(), + webfetch: Permission.optional(), }) .optional(), experimental: z diff --git a/packages/opencode/src/tool/registry.ts b/packages/opencode/src/tool/registry.ts index 5b805ac69..c2fe5943b 100644 --- a/packages/opencode/src/tool/registry.ts +++ b/packages/opencode/src/tool/registry.ts @@ -79,6 +79,9 @@ export namespace ToolRegistry { if (cfg?.permission?.bash === "deny") { result["bash"] = false } + if (cfg?.permission?.webfetch === "deny") { + result["webfetch"] = false + } return result } diff --git a/packages/opencode/src/tool/webfetch.ts b/packages/opencode/src/tool/webfetch.ts index 16bcf048a..621421fe9 100644 --- a/packages/opencode/src/tool/webfetch.ts +++ b/packages/opencode/src/tool/webfetch.ts @@ -2,6 +2,8 @@ import { z } from "zod" import { Tool } from "./tool" import TurndownService from "turndown" import DESCRIPTION from "./webfetch.txt" +import { Config } from "../config/config" +import { Permission } from "../permission" const MAX_RESPONSE_SIZE = 5 * 1024 * 1024 // 5MB const DEFAULT_TIMEOUT = 30 * 1000 // 30 seconds @@ -22,6 +24,21 @@ export const WebFetchTool = Tool.define("webfetch", { throw new Error("URL must start with http:// or https://") } + const cfg = await Config.get() + if (cfg.permission?.webfetch === "ask") + await Permission.ask({ + type: "webfetch", + sessionID: ctx.sessionID, + messageID: ctx.messageID, + callID: ctx.callID, + title: "Fetch content from: " + params.url, + metadata: { + url: params.url, + format: params.format, + timeout: params.timeout, + }, + }) + const timeout = Math.min((params.timeout ?? DEFAULT_TIMEOUT / 1000) * 1000, MAX_TIMEOUT) const controller = new AbortController() diff --git a/packages/web/src/content/docs/docs/permissions.mdx b/packages/web/src/content/docs/docs/permissions.mdx index a3de452df..2ac7b58a1 100644 --- a/packages/web/src/content/docs/docs/permissions.mdx +++ b/packages/web/src/content/docs/docs/permissions.mdx @@ -13,6 +13,14 @@ The permissions system provides granular control to restrict what actions AI age Permissions are configured in your `opencode.json` file under the `permission` key. Here are the available options. +### Tool Permission Support + +| Tool | Description | +| ---------- | ------------------------------- | +| `edit` | Control file editing operations | +| `bash` | Control bash command execution | +| `webfetch` | Control web content fetching | + --- ### edit |