Permission rework

[thdxr]

Summary

This is a major change that overhauls the permissions system in OpenCode.

Tools Merged into Permission

The tools configuration has been deprecated and merged into the permission field. Previously, you could enable/disable tools like this:

{
  "tools": {
    "bash": true,
    "edit": false
  }
}

Now, this should be configured using permission:

{
  "permission": {
    "bash": "allow",
    "edit": "deny"
  }
}

The old tools config is still supported for backwards compatibility and will be automatically migrated to the permission system.

Granular Permissions with Object Syntax

Permissions now support granular control using an object syntax with pattern matching. When you specify a permission as an object, you can set different rules for different patterns:

{
  "permission": {
    "bash": {
      "npm *": "allow",
      "git *": "allow",
      "rm *": "deny",
      "*": "ask"
    },
    "edit": {
      "*.md": "allow",
      "*.ts": "ask",
      "*": "deny"
    }
  }
}

Each key in the object is a glob pattern that matches against the tool's input, and the value is the action to take:

• "allow" - automatically approve
• "deny" - automatically reject
• "ask" - prompt the user for approval

You can also set a blanket permission using a simple string:

{
  "permission": {
    "bash": "allow",
    "edit": "ask"
  }
}

Or set all permissions at once:

{
  "permission": "allow"
}

Breaking Changes for SDK Users

The permission events have changed significantly. The new PermissionNext module (permission/next.ts) has a different event structure compared to the old Permission module (permission/index.ts):

Old Event Structure (Permission.Event):

• Updated: { id, type, pattern, sessionID, messageID, callID, message, metadata, time }
• Replied: { sessionID, permissionID, response }

New Event Structure (PermissionNext.Event):

• Asked: { id, sessionID, permission, patterns, metadata, always, tool: { messageID, callID } }
• Replied: { sessionID, requestID, reply }

Key differences:

• Event name changed from permission.updated to permission.asked
• type renamed to permission
• pattern is now patterns (array of strings)
• message field removed
• response renamed to reply
• permissionID renamed to requestID
• New always field contains patterns that would be approved for future requests if user selects "always"

The reply values are the same: "once", "always", or "reject"

Server Changes

• New endpoint: POST /permission/:requestID/reply for responding to permission requests
• Old endpoint POST /session/:sessionID/permissions/:permissionID is now deprecated
• GET /permission now returns PermissionNext.Request[] instead of Permission.Info[]
• Added CORS whitelist support via server.cors config option
• Added Content-Type headers for proxied static assets
• mDNS service name now includes port for uniqueness

Other Changes

• Agent tools field is deprecated - use permission instead
• Agent maxSteps is deprecated - use steps instead
• Unknown agent properties are now collected into options
• Mode and plugin globs no longer search subdirectories (simplified to top-level only)

[thdxr]

@copilot review this bitch

[Copilot]

@thdxr I've opened a new pull request, #6554, to work on those changes. Once the pull request is ready, I'll request review from you.

[thdxr]

/review

[github-actions]

Suggestion: This DialogPermission component is defined but never used or exported. Consider either completing and using it, or removing it to keep the codebase clean.

[github-actions]

Suggestion: The Permission component has an empty onMount callback that does nothing. This could be removed unless there are plans to add functionality later.

[github-actions]

Suggestion: The dialog variable is declared but never used in this component. Consider removing it or using it.

[github-actions]

Suggestion: The TextAttributes import is unused in this file (only used in the unused DialogPermission component). Consider removing it along with the cleanup of unused code.

[github-actions]

Suggestion: There is a console.log statement here that appears to be debug code. Consider removing it before merging.