Skip to content

opencode.json permission block silently ignores unknown/PascalCase keys — no warning or diagnostic #15507

New issue
New issue
Open
#15601
Open
opencode.json permission block silently ignores unknown/PascalCase keys — no warning or diagnostic#15507
#15601
Assignees
thdxr
Labels
coreAnything pertaining to core functionality of the application (opencode server stuff)
@fglogan

Description

@fglogan
fglogan
opened on Mar 1, 2026

Summary

The permissions block in opencode.json uses a Zod schema with .catchall(PermissionRule). This means any unknown key is silently accepted — no error, no warning, no log line. Permissions are simply not applied.

Root Cause

In packages/opencode/src/config/config.ts (around line 620–640), the permission schema enumerates known canonical keys (all lowercase: bash, read, edit, write, glob, grep, list, task, webfetch, etc.) and then uses .catchall(PermissionRule) to absorb everything else.

// Canonical lowercase keys defined explicitly, then:
.catchall(PermissionRule)   // ← silently accepts ANY unknown key

Minimal Reproduction

Add this to opencode.json:

{
  "permission": {
    "Bash": "allow",
    "Read": "allow",
    "Write": "allow"
  }
}

Expected: error or warning — "Bash" is not a recognized key; did you mean "bash"?
Actual: silently accepted, zero effect. OpenCode runs as if no permissions were set.

Common Confusion Vector — Claude Code Migration

Claude Code uses PascalCase with glob syntax in its permission format: "Bash(*)", "Read(*)", "Write(*)". Users (and tools) migrating configs from Claude Code to OpenCode commonly copy this syntax. The silent acceptance means they get no signal that their security constraints are not in effect.

Real-World Impact

Genesis Agent Builder (fglogan/genesis-agent-builder) programmatically generates opencode.json for agent fleet instances. Due to this silent acceptance, all 13 fleet agents ran for multiple sessions with PascalCase permission keys that had zero effect — agents were effectively unrestricted despite explicit permission config. The bug was only discovered by reading the source, not from any runtime signal.

Suggested Fix

When a key in the permission block does not match any canonical key, emit a warning:

warn: opencode.json permission block contains unrecognized key "Bash" — did you mean "bash"? Permission not applied.

A strict mode option (reject unknown keys entirely) would also be welcome but a warning on startup is the minimum useful signal.

Environment

  • OpenCode version: latest (anomalyco/opencode main)
  • Platform: macOS (darwin arm64)
  • Config location: .opencode/opencode.json (project-level)

Metadata

Metadata

Assignees

Labels

coreAnything pertaining to core functionality of the application (opencode server stuff)

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions