core: remove hardcoded .env read block and use new permissions model instead

packages/opencode/src/agent/agent.ts

@@ -47,6 +47,13 @@ export namespace Agent {
       "*": "allow",
       doom_loop: "ask",
       external_directory: "ask",
+      // mirrors github.com/github/gitignore Node.gitignore pattern for .env files
+      read: {
+        "*": "allow",
+        "*.env": "deny",
+        "*.env.*": "deny",
+        "*.env.example": "allow",
+      },
     })
     const user = PermissionNext.fromConfig(cfg.permission ?? {})
 

packages/opencode/src/tool/read.ts

@@ -8,7 +8,6 @@ import DESCRIPTION from "./read.txt"
 import { Filesystem } from "../util/filesystem"
 import { Instance } from "../project/instance"
 import { Identifier } from "../id/id"
-import { iife } from "@/util/iife"
 
 const DEFAULT_READ_LIMIT = 2000
 const MAX_LINE_LENGTH = 2000
@@ -47,21 +46,6 @@ export const ReadTool = Tool.define("read", {
       metadata: {},
     })
 
-    const block = iife(() => {
-      const basename = path.basename(filepath)
-      const whitelist = [".env.sample", ".env.example", ".example", ".env.template"]
-
-      if (whitelist.some((w) => basename.endsWith(w))) return false
-      // Block .env, .env.local, .env.production, etc. but not .envrc
-      if (/^\.env(\.|$)/.test(basename)) return true
-
-      return false
-    })
-
-    if (block) {
-      throw new Error(`The user has blocked you from reading ${filepath}, DO NOT make further attempts to read it`)
-    }
-
     const file = Bun.file(filepath)
     if (!(await file.exists())) {
       const dir = path.dirname(filepath)