chore: cleanup external_dir perm logic (#11845)

2026-04-01 06:42:26 +00:00 · 2026-02-02 16:43:55 -06:00
parent 5e3162b7f4
commit 188cc24bfc
4 changed files with 53 additions and 16 deletions
--- a/packages/opencode/src/agent/agent.ts
+++ b/packages/opencode/src/agent/agent.ts
@@ -55,7 +55,6 @@ export namespace Agent {
      doom_loop: "ask",
      external_directory: {
        "*": "ask",
-        [Truncate.DIR]: "allow",
        [Truncate.GLOB]: "allow",
      },
      question: "deny",
@@ -140,7 +139,6 @@ export namespace Agent {
            codesearch: "allow",
            read: "allow",
            external_directory: {
-              [Truncate.DIR]: "allow",
              [Truncate.GLOB]: "allow",
            },
          }),
@@ -229,19 +227,19 @@ export namespace Agent {
      item.permission = PermissionNext.merge(item.permission, PermissionNext.fromConfig(value.permission ?? {}))
    }

-    // Ensure Truncate.DIR is allowed unless explicitly configured
+    // Ensure Truncate.GLOB is allowed unless explicitly configured
    for (const name in result) {
      const agent = result[name]
      const explicit = agent.permission.some((r) => {
        if (r.permission !== "external_directory") return false
        if (r.action !== "deny") return false
-        return r.pattern === Truncate.DIR || r.pattern === Truncate.GLOB
+        return r.pattern === Truncate.GLOB
      })
      if (explicit) continue

      result[name].permission = PermissionNext.merge(
        result[name].permission,
-        PermissionNext.fromConfig({ external_directory: { [Truncate.DIR]: "allow", [Truncate.GLOB]: "allow" } }),
+        PermissionNext.fromConfig({ external_directory: { [Truncate.GLOB]: "allow" } }),
      )
    }

--- a/packages/opencode/src/tool/bash.ts
+++ b/packages/opencode/src/tool/bash.ts
@@ -128,7 +128,10 @@ export const BashTool = Tool.define("bash", async () => {
                process.platform === "win32" && resolved.match(/^\/[a-z]\//)
                  ? resolved.replace(/^\/([a-z])\//, (_, drive) => `${drive.toUpperCase()}:\\`).replace(/\//g, "\\")
                  : resolved
-              if (!Instance.containsPath(normalized)) directories.add(normalized)
+              if (!Instance.containsPath(normalized)) {
+                const dir = (await Filesystem.isDir(normalized)) ? normalized : path.dirname(normalized)
+                directories.add(dir)
+              }
            }
          }
        }
@@ -141,10 +144,11 @@ export const BashTool = Tool.define("bash", async () => {
      }

      if (directories.size > 0) {
+        const globs = Array.from(directories).map((dir) => path.join(dir, "*"))
        await ctx.ask({
          permission: "external_directory",
-          patterns: Array.from(directories),
-          always: Array.from(directories).map((x) => path.dirname(x) + "*"),
+          patterns: globs,
+          always: globs,
          metadata: {},
        })
      }