Description
Here's what I'm doing:
As you can see, the read permission for * is set to ask, and for src/* it's set to allow.
Yet for some reason, it's prompting me to read src/App.tsx.
The patterns are simple enough, and I'm pretty sure I'm doing what the docs suggest:
I don't have a global config - this is a project config in opencode.json in the root of the project.
opencode debug config confirms this is the only config file being read.
opencode debug agent plan confirms the permissions have been applied.
I'm unsure about the meaning of the order of the rules? I noticed it's an array in the output from opencode debug agent - does the order matter? I asked people on the Discord, and they seemed to think it does - but this being a .json file, I can't see how the order would even be available to OpenCode? The order of object properties in JS is undefined.
According to the docs:
Rules are evaluated by pattern match, with the last matching rule winning.
This seems to imply the order matters?
Yet, in the same sentence:
A common pattern is to put the catch-all "*" rule first, and more specific rules after it.
Which seems to imply it doesn't matter, and specificity is what matters.
But what makes a rule more or less specific? The length of the matched pattern? It's not explained.
I've looked at all of the following issues:
#4642
#7029
#7554
#6856
Apparently there's been a lot of issues and changes and confusion?
Yet, I still can't find an explanation, and still can't seem to come up with a working configuration.
Plugins
none
OpenCode version
1.3.10
Steps to reproduce
You can try my config file if you like:
{
"$schema": "https://opencode.ai/config.json",
"model": "stepfun/step-3.5-flash:free",
"autoupdate": true,
"permission": {
"*": "ask",
"list": "allow",
"grep": "allow",
"glob": "allow",
"read": {
"*": "ask",
"src/*": "allow"
},
"edit": {
"*": "ask",
"src/*": "allow"
},
"lsp": "allow",
"question": "allow",
"skill": "allow",
"bash": {
"*": "ask",
"git *": "deny"
}
}
}Screenshot and/or share link
No response
Operating System
Zorin OS 18 (Ubuntu based)
Terminal
VS Code terminal
Description
Here's what I'm doing:
As you can see, the
readpermission for*is set toask, and forsrc/*it's set toallow.Yet for some reason, it's prompting me to read
src/App.tsx.The patterns are simple enough, and I'm pretty sure I'm doing what the docs suggest:
I don't have a global config - this is a project config in
opencode.jsonin the root of the project.opencode debug configconfirms this is the only config file being read.opencode debug agent planconfirms the permissions have been applied.I'm unsure about the meaning of the order of the rules? I noticed it's an array in the output from
opencode debug agent- does the order matter? I asked people on the Discord, and they seemed to think it does - but this being a.jsonfile, I can't see how the order would even be available to OpenCode? The order of object properties in JS is undefined.According to the docs:
This seems to imply the order matters?
Yet, in the same sentence:
Which seems to imply it doesn't matter, and specificity is what matters.
But what makes a rule more or less specific? The length of the matched pattern? It's not explained.
I've looked at all of the following issues:
#4642
#7029
#7554
#6856
Apparently there's been a lot of issues and changes and confusion?
Yet, I still can't find an explanation, and still can't seem to come up with a working configuration.
Plugins
none
OpenCode version
1.3.10
Steps to reproduce
You can try my config file if you like:
{ "$schema": "https://opencode.ai/config.json", "model": "stepfun/step-3.5-flash:free", "autoupdate": true, "permission": { "*": "ask", "list": "allow", "grep": "allow", "glob": "allow", "read": { "*": "ask", "src/*": "allow" }, "edit": { "*": "ask", "src/*": "allow" }, "lsp": "allow", "question": "allow", "skill": "allow", "bash": { "*": "ask", "git *": "deny" } } }Screenshot and/or share link
No response
Operating System
Zorin OS 18 (Ubuntu based)
Terminal
VS Code terminal