aljaz/opencode
1
0
Fork 0
mirror of https://github.com/aljazceru/opencode.git synced 2025-12-19 00:34:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

docs: permissions

Browse Source
This commit is contained in:
Aiden Cline
2025-11-16 16:40:48 -06:00
parent f8630fb188
commit 16ccb39459
1 changed files with 39 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
packages/web/src/content/docs/permissions.mdx
View File

@@ -11,12 +11,14 @@ By default, OpenCode **allows all operations** without requiring explicit approv
"permission": {
"edit": "allow",
"bash": "ask",
"webfetch": "deny"
"webfetch": "deny",
"doom_loop": "ask",
"external_directory": "ask"
}
}
```
This lets you configure granular controls for the `edit`, `bash`, and `webfetch` tools.
This lets you configure granular controls for the `edit`, `bash`, `webfetch`, `doom_loop`, and `external_directory` tools.
- `"ask"` — Prompt for approval before running the tool
- `"allow"` — Allow all operations without approval
@@ -26,7 +28,7 @@ This lets you configure granular controls for the `edit`, `bash`, and `webfetch`
## Tools
Currently, the permissions for the `edit`, `bash`, and `webfetch` tools can be configured through the `permission` option.
Currently, the permissions for the `edit`, `bash`, `webfetch`, `doom_loop`, and `external_directory` tools can be configured through the `permission` option.
---
@@ -145,6 +147,40 @@ Use the `permission.webfetch` key to control whether the LLM can fetch web pages
---
### doom_loop
Use the `permission.doom_loop` key to control whether approval is required when a doom loop is detected. A doom loop occurs when the same tool is called 3 times in a row with identical arguments.
This helps prevent infinite loops where the LLM repeatedly attempts the same action without making progress.
```json title="opencode.json" {4}
{
"$schema": "https://opencode.ai/config.json",
"permission": {
"doom_loop": "ask"
}
}
```
---
### external_directory
Use the `permission.external_directory` key to control whether file operations require approval when accessing files outside the working directory.
This provides an additional safety layer to prevent unintended modifications to files outside your project.
```json title="opencode.json" {4}
{
"$schema": "https://opencode.ai/config.json",
"permission": {
"external_directory": "ask"
}
}
```
---
## Agents
You can also configure permissions per agent. Where the agent specific config