opencode icon indicating copy to clipboard operation
opencode copied to clipboard
Published 3 days ago verified publisher icon anomalyco

Permission control does not seem to be working.

Open frDevByq opened this issue 1 week ago • 4 comments

Description

I configured the system to forbid reading application.yml, but it is still being read.

  "permission": {
    "read": {
      "application.yml": "deny",
      "application-*.yml": "deny",
      "*application.yml": "deny",
      "*application-*.yml": "deny",
      "*": "allow"
    },
    "*": "allow",
    "bash": {
      "*": "allow",
      "rm *": "ask"
    },
    "edit": "allow"
  }
Image

Plugins

No response

OpenCode version

1.1.7

Steps to reproduce

No response

Screenshot and/or share link

No response

Operating System

windows

Terminal

powershell

frDevByq avatar Jan 10 '26 02:01 frDevByq

This issue might be a duplicate of existing issues. Please check:

  • #7474: Subagent permissions not enforced - configured restrictions ignored
  • #7063: Permission denied, yet command is executed regardless
  • #6892: MCP tool permissions not working after migration from tools to permissions
  • #6527: Plan mode restrictions bypassed when spawning sub-agents
  • #6020: Permission selection not respected

All of these issues indicate a systematic problem with the permission system not properly evaluating or enforcing configured deny rules. This appears to be related to a core issue with the permission configuration system.

Feel free to ignore if your specific case differs from these.

github-actions[bot] avatar Jan 10 '26 02:01 github-actions[bot]

your order is wrong. last rule that matches gets applied - in your case the "*": "allow" overrides the previous yaml read patterns

pschiel avatar Jan 11 '26 16:01 pschiel

I am having a similar issue:

  "permission": {
    "*": "allow",
    "edit": "ask"
  }

Expected behavior: everything is allowed, except for "edit". "edit" should be asked. Actual behavior: "edit" behaves like "allowed", almost as if the second line of "permission" object is ignored.

HicaroD avatar Jan 11 '26 17:01 HicaroD

@HicaroD mind sharing output of:

opencode debug config

rekram1-node avatar Jan 11 '26 19:01 rekram1-node

This configuration works, but I’m still very puzzled why a * has to be added before the matching pattern for it to work.

  "permission": {
    "read": {
      "application.yml": "deny",
      "application-*.yml": "deny",
      "*application.yml": "deny",
      "*application-*.yml": "deny"
    },
    "bash": {
      "*": "allow",
      "rm *": "ask"
    },
    "edit": "allow"
  },

frDevByq avatar Jan 12 '26 02:01 frDevByq