opencode icon indicating copy to clipboard operation
opencode copied to clipboard
Published 8 hours ago verified publisher icon anomalyco

Accept all behavior for bash chains

Open igordertigor opened this issue 2 months ago • 18 comments

Question

When an agent wants to run a back command, it asks for permission. There are three options:

  1. Accept once (Enter)
  2. Accept always (a)
  3. Reject (Esc) Although 1 and 3 are pretty clear, I find it difficult to understand what 2 actually means. The documentation on permissions seems to focus more on configuration level permissions.

For a command like cd directory && ls -lh, what would "Accept always" actually accept? Is this for the entire chain, so that anything starting with cd directory is fine? Or is this for each component path, so that cd directory and ls -lh are fine? How would this generalize to new chains? After accepting cd directory && ls -lh and cd other_directory && rm -rf *, can the agent then also decide to run cd directory && rm -rf *? Without this kind of explanation it seems that the "Accept always" option is pretty limited.

igordertigor avatar Nov 07 '25 14:11 igordertigor

This issue might be a duplicate of existing issues. Please check:

  • #3419: Requests an "Accept for Session" option to address confusion around the "always" permission scope - very similar to your question about what "Accept always" actually means
  • #1813: Discusses auto-accept/yolo mode switching, which relates to understanding permission scopes and behaviors
  • #2521: Discusses safety concerns with the current "accept always" system and proposes improvements to make permission behavior clearer

Feel free to ignore if none of these address your specific case.

github-actions[bot] avatar Nov 07 '25 14:11 github-actions[bot]

This is about missing documentation, not about the accept always behavior itself. Hence the above github-actions comments do not apply.

igordertigor avatar Nov 07 '25 15:11 igordertigor

@igordertigor we use tree sitter to parse out the commands so accept always would whitelist:

"cd *" "ls *"

In the event of something like:

"git log"

an always approve would whitelist "git log *"

but it wouldn't whitelist "git commit ...." etc

rekram1-node avatar Nov 07 '25 15:11 rekram1-node

Thank you! That's very useful. Will that become part of the documentation at some point?

igordertigor avatar Nov 10 '25 19:11 igordertigor

I'm happy to add it if you need help.

igordertigor avatar Nov 10 '25 19:11 igordertigor

that would be amazing actually thank u @igordertigor

rekram1-node avatar Nov 10 '25 19:11 rekram1-node

@rekram1-node can you give me a pointer where to find the documentation code?

igordertigor avatar Nov 20 '25 19:11 igordertigor

Yes, all docs are in packages/web/

You can look for .mdx files in particular

You can run the docs locally:

bun i cd packages/web bun run dev

then visit url in ur browser

rekram1-node avatar Nov 20 '25 20:11 rekram1-node

There is now a pull request for my documentation changes at #5340 . When writing this down, I noticed that I actually might not have fully understood your answer, @rekram1-node . So, I guess this is to some extent also a validation that I understood everything correctly.

igordertigor avatar Dec 10 '25 20:12 igordertigor