fix: defer OpenCode permission policy to local config#374
Conversation
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 1a51c2737d
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| '--format', | ||
| 'json', |
There was a problem hiding this comment.
When the OS user's OpenCode config contains any permission: "ask" rule (including the documented external_directory/doom_loop defaults), this headless opencode run --format json path now relies on OpenCode prompting for approval after the removed auto-approval flag, but runCli closes stdin immediately and this adapter does not implement resolveApproval. OpenCode documents ask as prompting for approval and --dangerously-skip-permissions as auto-approving non-denied permissions, so Freshopencode sends will hang until timeout or fail whenever a valid local policy requires approval; either reject unsupported ask policies clearly or wire OpenCode approval events through the existing Freshell approval UI.
Useful? React with 👍 / 👎.
2 participants
Summary
Freshell now defers OpenCode permission policy to the OS user's local OpenCode configuration instead of injecting Freshell-specific OpenCode permission overrides. Claude and Codex permission behavior is unchanged.
OPENCODE_PERMISSIONenv var or add a permission-mode CLI arg. Removed the permission metadata from the built-in CLI manifest (extensions/opencode/freshell.json) and the fallback seed inserver/terminal-registry.ts.opencode) no longer carry or transmitpermissionMode— not in picker-created content, resumed content, orfreshAgent.create/freshAgent.sendmessages. The Freshopencode registry entry hides the permission control (settingsVisibility.permissionMode: false).--dangerously-skip-permissionstoopencode run, so runs honor the user's local OpenCode policy.Implemented task-by-task via TDD (Red→Green) with per-task spec + code-quality review and a final holistic review.
Notes for reviewers
opencode run: correctness now depends on the user's local OpenCode config being non-interactive-friendly for the Freshopencode JSON flow. The adapter closes stdin and has a run timeout backstop, so the server won't hang — but asendcould error for users whose OpenCode config demands interactive approval. This is the intended tradeoff (policy moves to the OS user's config).permissionModevia the registrysettingsVisibility.permissionMode === falseflag, whileFreshAgentViewsuppresses via aprovider === 'opencode'check. They agree today (opencode is the only provider with the flag false); a future non-opencode provider setting the flag false would diverge. Candidate for a small follow-up to unify on the registry flag.OPENCODE_PERMISSIONto a neutralAGENT_PERMISSION_MODEto decouple the generic-mechanism tests from the OpenCode product decision.Test Plan
npm run check(typecheck + coordinated full suite) green: server config 228 passed / 1 skipped, client config 3731 passed.OPENCODE_PERMISSION/--dangerously-skip-permissionsinextensions/,server/,src/, ortest/unitproduct paths (only intentional negative assertions, README prose, and the upstream-CLItest/integration/realprobe remain).OPENCODE_PERMISSIONin its environment; run a Freshopencode send and confirm it honors local OpenCode config.🤖 Generated with Claude Code