opencode icon indicating copy to clipboard operation
opencode copied to clipboard
Published 3 months ago verified publisher icon anomalyco

feat: add read_env permission to allow reading .env files

Open shkumbinhasani opened this issue 3 months ago • 2 comments

Summary

  • Adds a new read_env permission option that allows users to explicitly opt-in to letting agents read .env files
  • By default, .env files remain blocked (secure default)
  • Only supports "allow" or "deny" (no "ask" option for simplicity)

Usage

Add to opencode.json:

{
  "permission": {
    "read_env": "allow"
  }
}

Changes

  • packages/opencode/src/config/config.ts - Added read_env to permission schema
  • packages/opencode/src/agent/agent.ts - Added read_env to agent permission type and merge function
  • packages/opencode/src/tool/read.ts - Modified blocking logic to check permission
  • packages/opencode/test/tool/read.test.ts - Added tests for the new permission

shkumbinhasani avatar Dec 28 '25 18:12 shkumbinhasani

Dax is shipping new permissions config soon, it will allow you to specify granular permissions for tools like read, I don't think we want a separate config option

rekram1-node avatar Dec 28 '25 19:12 rekram1-node

makes sense, if thats the case we can close this PR :)

shkumbinhasani avatar Dec 28 '25 20:12 shkumbinhasani