anomalyco
Improve permission request messages; add external directory check for write tool
Summary
This PR improves permission request messages in opencode to provide users with clear, actionable information about what they're approving. It also fixes a security gap where write operations to external directories were not being checked for permission.
Commit 1: 5b988f9a - feat: improve permission request messages with context-aware formatting
Problem
Permission prompts would show full bash commands; however users couldn't see which specific commands or files were being requested permission. This made it a lot harder to understand and manage the impact of configured or per-session allow lists.
Solution
- Introduce centralized
Permission.formatMessage()function that generates context-aware messages based on permission type and metadata. - Change
<TextBody>to<PermissionBody>and include more comprehensive details in each prompt.
Changes by File
| File | Change |
|---|---|
packages/opencode/src/permission/index.ts |
Added centralized formatMessage() function with type-specific formatting |
packages/opencode/src/cli/cmd/run.ts |
Use formatted messages in CLI permission prompts |
packages/opencode/src/cli/cmd/tui/routes/session/permission.tsx |
Updated TUI permission display with PermissionBody component |
packages/opencode/src/acp/agent.ts |
Use formatted messages for Zed extension |
packages/opencode/src/tool/bash.ts |
Add patterns to metadata for bash commands |
packages/opencode/src/tool/read.ts |
Add filepath to metadata for read operations |
packages/opencode/src/tool/skill.ts |
Add skill name to metadata |
Message Example
Before:
$ git log --oneline | grep bug | head -n 20
After:
(assuming grep is already allowed)
• git log --oneline
• head -n 20
Commit 2: eeee56a - feat(write): add external directory permission check
Problem
The write tool had a TODO comment for checking external directory permissions
but the implementation was incomplete. Write operations to paths outside the
working directory would proceed without requesting user permission.
This is a security concern since writes outside the project directory could be sensitive.
Solution
Implemented the external directory permission check using ctx.ask() with the
external_directory permission type, following the same pattern used in read
and bash tools.
Changes
| File | Change |
|---|---|
packages/opencode/src/tool/write.ts |
Added external directory permission check with parent directory pattern and metadata |
Testing
- Write to external file in /tmp prompts for permission
- Read from external file prompts for permission
- Bash commands show matched patterns with bullet points
- All permission messages display relevant file paths and metadata
Turns out that it's still displaying all commands, even ones which are already allowed. Working on a fix.