Skip to content

Feature/opencode commands md merge permissions#201

Merged
kieranklaassen merged 9 commits intoEveryInc:mainfrom
0ut5ider:feature/opencode-commands-md-merge-permissions
Feb 21, 2026
Merged

Feature/opencode commands md merge permissions#201
kieranklaassen merged 9 commits intoEveryInc:mainfrom
0ut5ider:feature/opencode-commands-md-merge-permissions

Conversation

@0ut5ider
Copy link

@0ut5ider 0ut5ider commented Feb 20, 2026

feat(opencode): write commands as .md files, merge config, default --permissions none

Problem:

The OpenCode install (--to opencode) had three compounding issues:

  1. Commands were written into the command key of opencode.json, which replaced the user's entire config file on every install -- destroying personal settings like model, theme, provider, and MCP servers.
  2. The --permissions flag defaulted to "broad", silently writing 14 global permission: allow and tools: true entries into opencode.json.
    These affect ALL OpenCode sessions, not just plugin commands. The "from-commands" mode was equally broken -- it unioned per-command allowedTools restrictions into a single global block, inverting the restriction semantics (a command allowing only Read gets merged with one allowing Bash, producing global bash: allow).
  3. There was no way to install the plugin without clobbering existing OpenCode configuration.

Solution:

  • Commands are now written as individual .md files to ~/.config/opencode/commands/.md with YAML frontmatter
    (description, model). The command key is never written to opencode.json. OpenCode resolves commands from the commands/ directory at runtime -- this is the documented equivalent of the JSON format and is fully non-destructive.
  • opencode.json is now deep-merged instead of overwritten. Existing user keys (model, theme, provider, MCP servers) survive across installs. Plugin MCP servers are added by name; if a key already exists, the user's value wins. A timestamped backup is still created before each merge.
  • the --permissions now defaults to "none". No permission or tools entries are written to opencode.json unless the user explicitly passes --permissions broad or --permissions from -commands. This stops the installer from polluting the user's global OpenCode permissions.

OpenCode configuration after install:

  • Commands: ~/.config/opencode/commands/.md
  • Agents: ~/.config/opencode/agents/.md
  • Skills: ~/.config/opencode/skills//
  • Plugins: ~/.config/opencode/plugins/.ts
  • Config: ~/.config/opencode/opencode.json (MCP servers only, merged -- user keys preserved)

Users who previously relied on auto-set permissions can opt back in:
bunx @every-env/compound-plugin install compound-engineering --to opencode --permissions broad

See further documentation in docs/decisions/ and docs/reports/ folders

@kieranklaassen kieranklaassen merged commit 005b5ce into EveryInc:main Feb 21, 2026
@marcindyguda marcindyguda mentioned this pull request Feb 24, 2026
Closed
2 tasks
@Construkted-Reality Construkted-Reality mentioned this pull request Mar 8, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@0ut5ider @kieranklaassen @Construkted-Reality