fix: yolo mode deny rule uses substring matching — false positives possible #372
Description
Problem
Yolo mode deny rule matching uses p.includes(r.pattern) which is substring-based. This causes false positives:
// Deny rule: { pattern: "rm" }
// "format disk" → p.includes("rm") → true → BLOCKED (false positive)Location
packages/opencode/src/cli/cmd/run.ts — yolo mode permission handling
Current Behavior
return p.includes(r.pattern) || r.pattern.includes(p)Suggested Fix
Use glob matching (consistent with how permissions work elsewhere):
import { Wildcard } from "@/util/wildcard"
return Wildcard.match(r.pattern, p)Or at minimum, match on word boundaries:
return new RegExp(`\\b${escapeRegex(r.pattern)}\\b`).test(p)Impact
Low — this is an improvement over the previous behavior (which auto-approved everything in yolo mode). The false positives are on the safe side (blocking when shouldn't) rather than dangerous (allowing when shouldn't).
Found During
PR #350 adversarial testing.