Skip to content

feat: Permissions dialog #8859

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
BackSlasher wants to merge 3 commits into
base: dev
Choose a base branch
from
Open

feat: Permissions dialog #8859

BackSlasher wants to merge 3 commits into from
+2,456 −0

Conversation

@BackSlasher
Copy link

@BackSlasher BackSlasher commented Jan 16, 2026
edited
Loading

What does this PR do?

Fixes #3261

Happy for feedback/pushback, implemented the way I would I have liked it, but it doesn't mean it fits everyone.

First, fixed small bug in TUI, causing edit-cancel to exit the dialog

Created a "permissions" dialog that shows the permissions from:

  1. session level ("allow always" in the dialog)
  2. project level (in opencode.json)
  3. global level (in ~/.config/opencode/opencode.json)
  4. "default" (hardcoded, agent specific)

1-3 are editable (CRUD) in the dialog. 2-3 show confirmations prompts when writing.
Changes are persisted to the relevant files.
Small hint on how execute perms work with wildcards

Added debug command to show permissions for a quicker feedback loop.

How did you verify your code works?

Tested locally with the following:

$ cat ~/.config/opencode/opencode.json
{
  "$schema": "https://opencode.ai/config.json",
  "permission": {
    "read": {
      "*.password": "deny",
      "*.key": "deny",
      "credentials.json": "deny"
    },
    "bash": {
      "dnf *": "deny",
      "yum *": "deny",
      "apt *": "deny"
    },
    "webfetch": "deny",
    "external_directory": {
      "/var/*": "deny",
      "/etc/*": "deny",
      "/sys/*": "deny"
    }
  }
}

$ cat opencode.json 
{
  "$schema": "https://opencode.ai/config.json",
  "permission": {
    "read": {
      "*": "allow",
      "*.secret": "deny",
      ".env*": "ask",
      "node_modules/**": "allow"
    },
    "edit": {
      "*": "allow",
      "package.json": "ask",
      "*.lock": "deny"
    },
    "bash": {
      "ffeff*": "ask",
      "rm *": "deny"
    },
    "glob": "allow",
    "grep": "allow",
    "webfetch": "allow",
    "websearch": "ask",
    "codesearch": "allow",
    "todowrite": "allow",
    "todoread": "allow",
    "question": "allow",
    "external_directory": {
      "/tmp/*": "allow",
      "/home/*": "ask"
    }
  }
}

Screenshots from bun dev:
image
image
image
When editing
image
When editing a non-session permission, after pressing enter
image
image
image

@BackSlasher
fix(opencode): prevent escape from closing dialog when textarea is fo…
bbe518e 
…cused

When a textarea is focused inside a dialog, pressing escape should only
affect the textarea (e.g., exit edit mode), not close the entire dialog.

Previously, escape would always close the dialog, making it impossible to
cancel textarea edits without losing the entire dialog state.

This fix checks if the currently focused element is a TextareaRenderable
and skips dialog close handling if so, allowing the textarea's own escape
handler to run first.
@BackSlasher
feat(opencode): add permissions management dialog
8fbe351 
- Add full CRUD dialog for viewing/editing/creating/deleting permissions
- Add 'View permissions' command to command palette
- Add backend CRUD operations: approved(), remove(), update(), add()
- Add API endpoints: GET/DELETE/PUT/POST /permission/approved
- Contextual help tips for file patterns and bash wildcards
- Keybindings: tab/shift-tab for tabs, up/down for actions, e/n/d for edit/new/delete
- Regenerate SDK with new permission endpoints
@BackSlasher
feat(opencode): add multi-source permission management with CRUD
f5b9915 
- Add unified permissions dialog showing all sources (default, global, project, session)
- Add full CRUD for project and global permissions with inline confirmation
- Add permission.all() API to fetch permissions from all sources with metadata
- Add project/global permission config file writers
- Add debug command to inspect permission hierarchy
- Enforce binary permissions (*-only pattern) at project/global level
- Hide internal permissions (todowrite, todoread, lsp) from UI
- Remove 'Other' tab, keeping only File, Execute, Network, External tabs

API endpoints:
- GET /permission/all - fetch all permissions with source metadata
- PUT/DELETE /permission/project - manage project config
- PUT/DELETE /permission/global - manage global config (~/.config/opencode/opencode.json)

UI features:
- Source badges: [default], [global], [project], (none for session)
- Inline confirmation preserves dialog state
- Ctrl+P to cycle source when creating: session → project → global
- Binary permissions auto-lock pattern to '*' at project/global level
- Clear warnings for global changes (affects ALL projects)
@github-actions
Copy link
Contributor

github-actions bot commented Jan 16, 2026

Hey! Your PR title Permissions dialog doesn't follow conventional commit format.

Please update it to start with one of:

  • feat: or feat(scope): new feature
  • fix: or fix(scope): bug fix
  • docs: or docs(scope): documentation changes
  • chore: or chore(scope): maintenance tasks
  • refactor: or refactor(scope): code refactoring
  • test: or test(scope): adding or updating tests

Where scope is the package name (e.g., app, desktop, opencode).

See CONTRIBUTING.md for details.

@BackSlasher BackSlasher mentioned this pull request Jan 16, 2026
Open
@github-actions
Copy link
Contributor

github-actions bot commented Jan 16, 2026

The following comment was made by an LLM, it may be inaccurate:

No duplicate PRs found

@BackSlasher BackSlasher changed the title Permissions dialog feat: Permissions dialog Jan 16, 2026
@github-actions
Copy link
Contributor

github-actions bot commented Jan 16, 2026

Thanks for your contribution!

This PR doesn't have a linked issue. All PRs must reference an existing issue.

Please:

  1. Open an issue describing the bug/feature (if one doesn't exist)
  2. Add Fixes #<number> or Closes #<number> to this PR description

See CONTRIBUTING.md for details.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Feature Request: Streamlined Agent Permission Management with an Interactive TUI

1 participant

@BackSlasher