monadical/opencode
14
0
Fork 0
Code Issues Pull Requests Actions 5 Packages Projects Releases Wiki Activity

docs: fix permission system documentation in agents section (#7652)

Browse Source
This commit is contained in:
Idris Gadi
2026-01-15 07:47:04 +05:30
committed by GitHub
parent 6a2fed7042
commit 6b019a125a
2 changed files with 22 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
packages/web/src/content/docs/agents.mdx
View File

@@ -429,6 +429,7 @@ permission:
"*": ask "*": ask
"git diff": allow "git diff": allow
"git log*": allow "git log*": allow
"grep *": allow
webfetch: deny webfetch: deny
--- ---
@@ -444,7 +445,8 @@ You can set permissions for specific bash commands.
"build": { "build": {
"permission": { "permission": {
"bash": { "bash": {
"git push": "ask" "git push": "ask",
"grep *": "allow"
} }
} }
} }
@@ -480,7 +482,7 @@ Since the last matching rule takes precedence, put the `*` wildcard first and sp
"permission": { "permission": {
"bash": { "bash": {
"*": "ask", "*": "ask",
"git status": "allow" "git status *": "allow"
} }
} }
} }

22
packages/web/src/content/docs/permissions.mdx
View File

@@ -57,7 +57,8 @@ For most permissions, you can use an object to apply different actions based on
"*": "ask", "*": "ask",
"git *": "allow", "git *": "allow",
"npm *": "allow", "npm *": "allow",
"rm *": "deny" "rm *": "deny",
"grep *": "allow"
}, },
"edit": { "edit": {
"*": "deny", "*": "deny",
@@ -139,13 +140,20 @@ The set of patterns that `always` would approve is provided by the tool (for exa
You can override permissions per agent. Agent permissions are merged with the global config, and agent rules take precedence. [Learn more](/docs/agents#permissions) about agent permissions. You can override permissions per agent. Agent permissions are merged with the global config, and agent rules take precedence. [Learn more](/docs/agents#permissions) about agent permissions.
:::note
Refer to the [Granular Rules (Object Syntax)](#granular-rules-object-syntax) section above for more detailed pattern matching examples.
:::
```json title="opencode.json" ```json title="opencode.json"
{ {
"$schema": "https://opencode.ai/config.json", "$schema": "https://opencode.ai/config.json",
"permission": { "permission": {
"bash": { "bash": {
"*": "ask", "*": "ask",
"git status": "allow" "git *": "allow",
"git commit *": "deny",
"git push *": "deny",
"grep *": "allow"
} }
}, },
"agent": { "agent": {
@@ -153,8 +161,10 @@ You can override permissions per agent. Agent permissions are merged with the gl
"permission": { "permission": {
"bash": { "bash": {
"*": "ask", "*": "ask",
"git status": "allow", "git *": "allow",
"git push": "allow" "git commit *": "ask",
"git push *": "deny",
"grep *": "allow"
} }
} }
} }
@@ -176,3 +186,7 @@ permission:
Only analyze code and suggest changes. Only analyze code and suggest changes.
``` ```
:::tip
Use pattern matching for commands with arguments. `"grep *"` allows `grep pattern file.txt`, while `"grep"` alone would block it. Commands like `git status` work for default behavior but require explicit permission (like `"git status *"`) when arguments are passed.
:::