Description
Can't disable tools from mcp server that I don't use. I listed "": "ask" in my permissions config - opus found out that this is the issue - I verified that without "": "ask" exclusion works.
Here is short summary:
- Root cause: config.ts:215 — mergeDeep(perms, result.permission) places tools-derived deny rules before the catch-all ask rule, and disabled() at next.ts:252
uses findLast which returns the catch-all instead of the more specific rule
- Fix suggestion: Either use specificity-based matching in disabled(), or reverse the merge order to mergeDeep(result.permission, perms) so deny rules come after
the catch-all
Plugins
No response
OpenCode version
1.2.15
Steps to reproduce
- Create a global config at ~/.config/opencode/opencode.json with both a tools section (deny rules using glob patterns) and a permission section containing a
"*": "ask" catch-all:
{
tools: {
some_tool_*: false
},
permission: {
*: ask,
read: allow
}
}
-
Have an MCP server registered that provides tools matching the glob pattern (e.g., some_tool_foo, some_tool_bar)
-
Restart OpenCode
-
Ask the agent to list its available tools — the denied tools still appear
Screenshot and/or share link
No response
Operating System
No response
Terminal
No response
Description
Can't disable tools from mcp server that I don't use. I listed "": "ask" in my permissions config - opus found out that this is the issue - I verified that without "": "ask" exclusion works.
Here is short summary:
- Root cause: config.ts:215 — mergeDeep(perms, result.permission) places tools-derived deny rules before the catch-all ask rule, and disabled() at next.ts:252
uses findLast which returns the catch-all instead of the more specific rule
- Fix suggestion: Either use specificity-based matching in disabled(), or reverse the merge order to mergeDeep(result.permission, perms) so deny rules come after
the catch-all
Plugins
No response
OpenCode version
1.2.15
Steps to reproduce
"*": "ask" catch-all:
{
tools: {
some_tool_*: false
},
permission: {
*: ask,
read: allow
}
}
Have an MCP server registered that provides tools matching the glob pattern (e.g., some_tool_foo, some_tool_bar)
Restart OpenCode
Ask the agent to list its available tools — the denied tools still appear
Screenshot and/or share link
No response
Operating System
No response
Terminal
No response