Skip to content

docs: fix permission system documentation in agents section #7652

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
rekram1-node merged 2 commits into from
Jan 15, 2026
+22 −6
Merged

docs: fix permission system documentation in agents section #7652

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
0239fd0
fix: update docs to match the new permission system for agents section
IdrisGit Jan 10, 2026
bb9e855
fix: removed duplicate tip
IdrisGit Jan 15, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 4 additions & 2 deletions packages/web/src/content/docs/agents.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -429,6 +429,7 @@ permission:
"*": ask
"git diff": allow
"git log*": allow
"grep *": allow
webfetch: deny
---

Expand All @@ -444,7 +445,8 @@ You can set permissions for specific bash commands.
"build": {
"permission": {
"bash": {
"git push": "ask"
"git push": "ask",
"grep *": "allow"
}
}
}
Expand Down Expand Up @@ -480,7 +482,7 @@ Since the last matching rule takes precedence, put the `*` wildcard first and sp
"permission": {
"bash": {
"*": "ask",
"git status": "allow"
"git status *": "allow"
}
}
}
Expand Down
22 changes: 18 additions & 4 deletions packages/web/src/content/docs/permissions.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,8 @@ For most permissions, you can use an object to apply different actions based on
"*": "ask",
"git *": "allow",
"npm *": "allow",
"rm *": "deny"
"rm *": "deny",
"grep *": "allow"
},
"edit": {
"*": "deny",
Expand Down Expand Up @@ -139,22 +140,31 @@ The set of patterns that `always` would approve is provided by the tool (for exa

You can override permissions per agent. Agent permissions are merged with the global config, and agent rules take precedence. [Learn more](/docs/agents#permissions) about agent permissions.

:::note
Refer to the [Granular Rules (Object Syntax)](#granular-rules-object-syntax) section above for more detailed pattern matching examples.
:::

```json title="opencode.json"
{
"$schema": "https://opencode.ai/config.json",
"permission": {
"bash": {
"*": "ask",
"git status": "allow"
"git *": "allow",
"git commit *": "deny",
"git push *": "deny",
"grep *": "allow"
}
},
"agent": {
"build": {
"permission": {
"bash": {
"*": "ask",
"git status": "allow",
"git push": "allow"
"git *": "allow",
"git commit *": "ask",
"git push *": "deny",
"grep *": "allow"
}
}
}
Expand All @@ -176,3 +186,7 @@ permission:

Only analyze code and suggest changes.
```

:::tip
Copy link
Collaborator

@rekram1-node rekram1-node Jan 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

duplicate tip

Copy link
Contributor Author

@IdrisGit IdrisGit Jan 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

kept this one and removed the duplicate one in agents.mdx

Use pattern matching for commands with arguments. `"grep *"` allows `grep pattern file.txt`, while `"grep"` alone would block it. Commands like `git status` work for default behavior but require explicit permission (like `"git status *"`) when arguments are passed.
:::