| layout | default |
|---|---|
| title | Chapter 4: Tools, Permissions, and Execution |
| nav_order | 4 |
| parent | OpenCode Tutorial |
Welcome to Chapter 4: Tools, Permissions, and Execution. In this part of OpenCode Tutorial: Open-Source Terminal Coding Agent at Scale, you will build an intuitive mental model first, then move into concrete implementation details and practical production tradeoffs.
The tool layer determines whether OpenCode is safe and reliable in real repositories.
| Layer | Control |
|---|---|
| command scope | allowlist or reviewed command boundaries |
| file edits | review before apply |
| high-risk ops | explicit confirmation |
| audit trail | structured log of actions |
- keep destructive operations behind explicit review
- treat shell commands as privileged actions
- enforce small, reversible edit batches
- run tests/lint after non-trivial patches
- define approved command families
- require review for package and infra changes
- log all executed operations in CI contexts
- rotate credentials and avoid implicit env leakage
You now have a practical safety baseline for running OpenCode against important codebases.
Next: Chapter 5: Agents, Subagents, and Planning
flowchart TD
A[Task Request] --> B[Permission Check]
B -->|Allowed| C[Tool Dispatch]
B -->|Denied| D[Prompt for Approval]
C --> E[File Operations]
C --> F[Shell Commands]
C --> G[Search / Read]
E --> H[Result]
F --> H