sst
Plan Agent does modifications to files.
Hello I encountering that when I'm in the plan mode. It sometimes does modification to my codebase.
This should never be happen. And sometimes in plan mode i get an error that it could not create me code examples in the chat so that i could just look up what the agent would be doing.
This all worked in version v0.3.133 now in version v0.911 it's broken.
This is really unpleasant, it stops the workflow. I hope you guys can fix this in later releases.
Thanks for a such good tool.
@juri-diener mind updating to latest?
The plan agent can't made modifications to files, it does have bash commands but they require approvals so maybe the llm tried to run a bash command that had some side effects to edit a file?
We should probably do better prompting but maybe you can share the session and/or your config?
I created a similar ticket https://github.com/sst/opencode/issues/2631 There are two problems:
- Any action MUST be approved with default settings, no matter how the internal team uses it (with or without approvals)
- Plan agent and subagents should not have access to bash (expect whitelisted commands for search) and file edit/delete
hi @rekram1-node, here is link to promt in plan mode https://opencode.ai/s/HX172WVg#msg_96d9ad80b001HTIN6cib3E5V17-0, it's ended up in code changes.
@juri-diener mind updating to latest?
The plan agent can't made modifications to files, it does have bash commands but they require approvals so maybe the llm tried to run a bash command that had some side effects to edit a file?
We should probably do better prompting but maybe you can share the session and/or your config?
I encountered it again:
this is what is executed on the Plan Mode: Shell Add setLocalLiked before calling likeRespItem
$ cd /Users/juridiener/Projects/react-native/expo-apps/app-connects && sed -i '' 's/ likeRespItem(respId, !liked);/ setLocalLiked(!localLiked);\n likeRespItem(respId, !localLiked);/' src/components/RespItem/index.tsx
Config: { "$schema": "https://opencode.ai/config.json", "theme": "system", "autoupdate": true, "permission": { "bash": { "install": "deny", "uninstall": "deny", "rm": "deny", "rmdir": "deny", "del": "deny", "amplify*": "deny", "git*": "ask", "grep": "allow", "glob": "allow", "*": "allow" } } }
@juri-diener you should remove that "*": "allow" and you will should stop having this issue
right now you are overriding the plan agent permissions and giving it the ability to make edits without approval
can confirm it happened to me too the other day.
i was in a longer interaction with opencode, switching back and forth between "plan" and "build" mode. at some point in "plan" mode opencode edited existing files and created new files.
not exactly sure what was going on or how to reproduce.
i don’t have any custom config, just running defaults.
opencode version: 0.13.7
might be related to having a second opencode process running in another tmux window (possibly in build mode at the same time)?
i’ll try to debug further and report back if i can reproduce.
thanks anyways for the hard work and great tool! ✌️
Hi @juri-diener, please upgrade to the latest version v0.15.16, this should be fixed
Okay thanks i will try it. Do I need to change my config? Because of the "*" or is it now handled correctly that everything is allowed except that where i have ask or deny permission set.
"bash": { "install": "deny", "uninstall": "deny", "rm": "deny", "rmdir": "deny", "del": "deny", "amplify*": "deny", "git*": "ask", "grep": "allow", "glob": "allow", "*": "allow" }
@juri-diener u need to wildcard them I recommend doing it:
"install*": "deny"
etc
can confirm it happened to me too the other day. i was in a longer interaction with opencode, switching back and forth between "plan" and "build" mode. at some point in "plan" mode opencode edited existing files and created new files. not exactly sure what was going on or how to reproduce. i don’t have any custom config, just running defaults. opencode version: 0.13.7 might be related to having a second opencode process running in another tmux window (possibly in build mode at the same time)? i’ll try to debug further and report back if i can reproduce. thanks anyways for the hard work and great tool! ✌️
quick follow up from my side: after some updates, especially since versions above 1.0.0, this behavior never showed up again. i could not reproduce it anymore. seems to be fixed on my setup. thanks again for the great work ✌️
I had this config:
"agent": {
// Build agent - full capability with slight creativity
"build": {
"temperature": 0.3
},
// Plan agent - read-only analysis, no file writes
"plan": {
"temperature": 0.1,
"tools": {
"write": false,
"edit": false,
"patch": false
},
"permission": {
"bash": {
"jj status": "allow",
"jj st": "allow",
"jj diff*": "allow",
"jj log*": "allow",
"jj show*": "allow",
"bd *": "allow",
"rg *": "allow",
"tree *": "allow",
"wc *": "allow",
"head *": "allow",
"tail *": "allow",
"mix format*": "allow",
"mix compile*": "allow",
"mix test*": "allow",
"pnpm exec tsc*": "allow",
"pnpm run lint*": "allow",
"pnpm test*": "allow",
"*": "deny"
}
}
},
},
The plan agent then spawned General agent, that then had permission to edit files and proceeded to implement. Is there a way to deny access to agents that have edit/write capabilities? eg. research-agent: allow general: deny
