Skip to content

feat(opencode): add fine-grained permission options for file access #11535

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
Sur3 wants to merge 6 commits into
base: dev
Choose a base branch
from
Draft

feat(opencode): add fine-grained permission options for file access #11535

Sur3 wants to merge 6 commits into from
+350 −34

Conversation

@Sur3
Copy link

@Sur3 Sur3 commented Jan 31, 2026

Summary

  • Replace dangerous 'always' permission with scoped alternatives
  • Add file_always, folder_always, folder_recursive, project_recursive options
  • Implement smart UI that shows relevant options based on tool type and context
  • Add comprehensive tests for new permission types
  • Improve security by allowing precise scope control for read/edit operations

Changes Made

Enhanced Permission Types

  • file_always: Always allow this specific file
  • folder_always: Always allow this specific folder (non-recursive)
  • folder_recursive: Always allow this folder and all subfolders
  • project_recursive: Always allow entire project folder recursively
  • Removed: dangerous "always" option that could allow anything

Smart UI Adaptation

  • File-based tools (read, edit) show all scoped options
  • Non-file tools (bash, etc.) show limited relevant options
  • Options dynamically adapt based on file context availability

Backend Changes

  • Updated PermissionNext.Reply enum with new options
  • Added pattern generation logic for different scopes
  • Enhanced reply handling to process new permission types

Testing

  • Added comprehensive test coverage for all new permission types
  • Verified pattern generation for files, folders, and project scopes
  • Tested both file-based and non-file tool scenarios

This improves security by providing precise control over what can be accessed, replacing previous all-or-nothing approach.

Sur3 added 2 commits January 31, 2026 23:44
@Sur3
feat(opencode): add fine-grained permission options for file access
170c898 
- Replace dangerous 'always' permission with scoped alternatives
- Add file_always, folder_always, folder_recursive, project_recursive options
- Implement smart UI that shows relevant options based on tool type and context
- Add comprehensive tests for new permission types
- Improve security by allowing precise scope control for read/edit operations
@Sur3
Merge remote-tracking branch 'fork/dev' into dev
52e093c
@github-actions
Copy link
Contributor

github-actions bot commented Jan 31, 2026

Thanks for your contribution!

This PR doesn't have a linked issue. All PRs must reference an existing issue.

Please:

  1. Open an issue describing the bug/feature (if one doesn't exist)
  2. Add Fixes #<number> or Closes #<number> to this PR description

See CONTRIBUTING.md for details.

@github-actions
Copy link
Contributor

github-actions bot commented Jan 31, 2026

The following comment was made by an LLM, it may be inaccurate:

No duplicate PRs found

Sur3 added 4 commits February 1, 2026 00:28
@Sur3
fix(ui): store and use selected permission option in confirmation dialog
140ad9d 
- Add selectedOption to store state to track user's choice
- Fix confirmation dialog to use the originally selected option instead of defaulting to project_recursive
- This ensures file_always, folder_always, and folder_recursive work correctly
@Sur3
debug: add console logging to understand permission flow
edba958
@Sur3
fix: ensure file metadata is passed for read permission requests
687118e 
- Add filepath to metadata in read tool's permission request
- Remove debug console logging
- This enables fine-grained permission options for read operations
@Sur3
fix(web): implement fine-grained permissions in web GUI
dcda2f8 
- Update web GUI to use permission.reply endpoint instead of deprecated permission.respond
- Add fine-grained permission options for file operations (read/edit/write)
- Show context-aware permission options based on tool type and file path
- Add translation strings for new permission options
- Update API schema to include fine-grained permission enum values
- Match TUI behavior for permission dialog options

Fixes issue where web GUI only showed "Deny", "Allow Always", and "Allow Once"
instead of the full fine-grained options implemented in the last 5 commits.
@Sur3 Sur3 requested a review from adamdotdevin as a code owner February 1, 2026 00:44
@Sur3 Sur3 marked this pull request as draft February 1, 2026 01:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@adamdotdevin adamdotdevin Awaiting requested review from adamdotdevin adamdotdevin is a code owner

Assignees

No one assigned

Labels

needs:issue

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Sur3