Feature request: global permission cache & supervisor-mode for cross-workspace approvals

[ezadEzanee]

Problem

When a user approves a permission (e.g., read, edit, bash, external_directory) in one workspace and selects "Always", that approval does not carry over to other workspaces. The same prompt reappears even for identical paths/commands, creating friction.

Similarly, there is no mechanism for opencode to learn from past approvals — if a user has consistently approved access to ~/.config/opencode/** across multiple sessions, a "supervisor" mode could auto-approve matching patterns based on history.

Proposed Solutions

1. Global Permission Cache

Persist "Always" approvals to a global file (e.g., ~/.config/opencode/permissions.json) rather than scoping them per-workspace. When a permission prompt fires, matching entries in this cache would auto-approve without prompting.

2. Supervisor Mode

A configurable mode where opencode references past approval history to make decisions:

• Track all approval/deny choices with context (path pattern, command pattern, timestamp)
• When a new permission request matches a pattern that was approved N times consecutively in the past, auto-approve
• Expose sensitivity: number of consecutive approvals required before auto-approving, or a confidence threshold
• Allow the user to review and flush the history

Expected Behavior

{
  "permission": {
    "supervisor": {
      "enabled": true,
      "history_file": "~/.config/opencode/permission-history.json",
      "auto_approve_after": 3,
      "patterns": {
        "external_directory": {
          "~/.config/opencode/**": "auto"
        }
      }
    }
  }
}

Use Case

• I approve read ~/.config/opencode/** in workspace A (always)
• I open workspace B — same approval is auto-granted from the global cache
• After seeing me approve read ~/.ssh/config 3 times across sessions, supervisor mode begins auto-approving it without prompting

[github-actions]

This issue doesn't fully meet our contributing guidelines.

What needs to be fixed:

• Feature requests should use the feature request template, which requires a verification checkbox confirming you've searched for existing issues
• The issue title should start with [FEATURE]: (e.g., [FEATURE]: Global permission cache & supervisor-mode for cross-workspace approvals)

Please edit this issue to address the above within 2 hours, or it will be automatically closed.

---

This issue might be a duplicate of existing issues. Please check:

• [FEATURE]: Make Allow always permission option persist across sessions #20066: "Make Allow always permission option persist across sessions" — directly overlaps with the global permission cache idea (persisting approvals beyond the current session/workspace)
• Permission model: project-local routine approvals + sibling worktree trust are too noisy for autonomous contributor sessions #23258: "Permission model: project-local routine approvals + sibling worktree trust are too noisy" — covers very similar ground around cross-session and cross-workspace permission persistence

If you believe this was flagged incorrectly, please let a maintainer know.

[github-actions]

This issue has been automatically closed because it was not updated to meet our contributing guidelines within the 2-hour window.

Feel free to open a new issue that follows our issue templates.