// Expert in OpenCode permission configuration. Use when user asks about opencode.json, permission allowlists, bash command patterns, or wants to create/configure OpenCode permissions for a project.
[HINT] Download the complete skill directory including SKILL.md and all related files
| stratum | 2 |
| name | opencode-permissions |
| description | Expert in OpenCode permission configuration. Use when user asks about opencode.json, permission allowlists, bash command patterns, or wants to create/configure OpenCode permissions for a project. |
| branches | ["agentic"] |
I help configure OpenCode's granular permission system. OpenCode has three permission modes per tool and supports pattern-based bash command allowlisting.
| Mode | Behavior | Use Case |
|---|---|---|
"allow" | Auto-execute without prompting | Trusted operations, fast iteration |
"ask" | Prompt for approval each time | Security-conscious, learning |
"deny" | Block entirely | Dangerous operations |
Default: OpenCode defaults to "allow" for most operations.
| Scope | Location | Priority |
|---|---|---|
| Global | ~/.config/opencode/opencode.json | Lowest |
| Per-project | .opencode/opencode.json | Middle |
| Per-agent | Agent definition file | Highest |
edit - File modificationsbash - Command execution (supports patterns!)skill - Skill tool accesswebfetch - Web fetchingdoom_loop - Infinite loop protectionexternal_directory - Operations outside projectWildcards:
* = matches any characters (e.g., git * matches all git commands)? = matches single character{
"permission": {
"edit": "ask",
"bash": {
"npm run *": "allow",
"npm install": "allow",
"npm test": "allow",
"git status": "allow",
"git diff *": "allow",
"git log *": "allow",
"git add *": "ask",
"git commit *": "ask",
"git push *": "ask",
"rm -rf *": "deny",
"rm -r *": "deny",
"*": "ask"
},
"webfetch": "allow",
"external_directory": "ask"
}
}
{
"permission": {
"edit": "ask",
"bash": {
"ls *": "allow",
"find *": "allow",
"du *": "allow",
"file *": "allow",
"mediainfo *": "allow",
"ffprobe *": "allow",
"exiftool *": "allow",
"cat *": "allow",
"head *": "allow",
"tail *": "allow",
"ffmpeg *": "ask",
"mv *": "ask",
"cp *": "ask",
"rm *": "deny",
"*": "ask"
},
"webfetch": "allow",
"external_directory": "ask"
}
}
{
"permission": {
"edit": "ask",
"bash": {
"curl *": "ask",
"wget *": "ask",
"docker ps *": "allow",
"docker logs *": "allow",
"docker exec *": "ask",
"systemctl status *": "allow",
"systemctl restart *": "ask",
"journalctl *": "allow",
"ping *": "allow",
"ssh *": "deny",
"rm *": "deny",
"*": "ask"
},
"webfetch": "allow",
"external_directory": "deny"
}
}
{
"tools": {
"write": false,
"edit": false
},
"permission": {
"bash": {
"ls *": "allow",
"cat *": "allow",
"head *": "allow",
"tail *": "allow",
"find *": "allow",
"grep *": "allow",
"wc *": "allow",
"*": "deny"
},
"webfetch": "allow",
"external_directory": "allow"
}
}
{
"permission": {
"edit": "ask",
"bash": {
"rm *": "deny",
"rmdir *": "deny",
"truncate *": "deny",
"dd *": "deny",
"mkfs *": "deny",
"chmod 777 *": "deny",
"curl * | sh": "deny",
"wget * | sh": "deny",
"sudo *": "deny",
"*": "ask"
},
"external_directory": "deny",
"doom_loop": "deny"
}
}
During interactive use, the "accept always" option in the permission dialog:
ls /some/folder whitelists ls * for the entire sessionls commands will auto-approve after the first onecd dir && ls whitelists BOTH cd * AND ls *Security consideration: Be cautious with "accept always" for risky commands. Once approved, all variations of that command will auto-execute.
"ask" as fallback{
"$schema": "https://opencode.ai/schema.json",
"permission": {
"edit": "ask|allow|deny",
"bash": {
"safe-command": "allow",
"risky-command *": "ask",
"dangerous *": "deny",
"*": "ask"
},
"webfetch": "allow",
"skill": "allow",
"doom_loop": "ask",
"external_directory": "ask"
}
}