From 6beba2c04f00ff86dbae72582bb5d7c16e03a149 Mon Sep 17 00:00:00 2001 From: Aiden Cline <63023139+rekram1-node@users.noreply.github.com> Date: Wed, 6 Aug 2025 05:18:08 -0500 Subject: [PATCH] docs: document permissions (#1638) --- packages/opencode/src/tool/registry.ts | 3 +++ .../web/src/content/docs/docs/permissions.mdx | 17 ++++++++++++++++- 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/packages/opencode/src/tool/registry.ts b/packages/opencode/src/tool/registry.ts index c49dbb00..1ff89f72 100644 --- a/packages/opencode/src/tool/registry.ts +++ b/packages/opencode/src/tool/registry.ts @@ -75,6 +75,9 @@ export namespace ToolRegistry { result["patch"] = false result["write"] = false } + if (cfg?.permission?.bash === "deny") { + result["bash"] = false + } if (modelID.toLowerCase().includes("claude")) { result["patch"] = false diff --git a/packages/web/src/content/docs/docs/permissions.mdx b/packages/web/src/content/docs/docs/permissions.mdx index 651546f7..a3de452d 100644 --- a/packages/web/src/content/docs/docs/permissions.mdx +++ b/packages/web/src/content/docs/docs/permissions.mdx @@ -21,6 +21,7 @@ Use the `permission.edit` key to control whether file editing operations require - `"ask"` - Prompt for approval before editing files - `"allow"` - Allow all file editing operations without approval +- `"deny"` - Make all file editing tools disabled and unavailable ```json title="opencode.json" {4} { @@ -41,7 +42,8 @@ Controls whether bash commands require user approval. You can specify which commands you want to have run without approval. ::: -This can be configured globally or with specific patterns. Setting this to `"ask"` is the strictest mode, requiring approval for all bash commands. +This can be configured globally or with specific patterns. Setting this to `"ask"`, requiring approval for all bash commands. +Setting this to `"deny"` is the strictest option, blocking LLM from running that command or command pattern. For example. @@ -56,6 +58,19 @@ For example. } ``` +- **Disable all Terraform commands** + + ```json title="opencode.json" + { + "$schema": "https://opencode.ai/config.json", + "permission": { + "bash": { + "terraform *": "deny" + } + } + } + ``` + - **Approve specific commands** ```json title="opencode.json"