Description
Once a user clicks "Allow always" on any edit permission prompt, all deny rules in the permission config stop working for the rest of the session.
The edit tool passes always: ["*"], which stores {permission: "edit", pattern: "*", action: "allow"} in the approved list. Because evaluate() uses findLast across [...ruleset, ...approved], this broad approved allow always wins over specific deny rules from the user's config.
Example config that stops being enforced:
"permission": {
"edit": {
"*": "ask",
"AGENTS.md": "deny"
}
}After clicking "Allow always" on any single edit prompt, edits to AGENTS.md go through without any denial or prompt.
Plugins
None
OpenCode version
1.14.30 (also reproduced on latest dev)
Steps to reproduce
- Configure "edit": { "*": "ask", "SECRET.md": "deny" } in opencode.json
- Ask the agent to edit any file (e.g., test.txt)
- When the permission prompt appears, click "Allow always"
- Ask the agent to edit SECRET.md
- The edit goes through — no denial, no prompt. The deny rule is silently bypassed.
Screenshot and/or share link
No response
Operating System
macOS but but exists on any OS.
Terminal
macOS Terminal
Description
Once a user clicks "Allow always" on any edit permission prompt, all
denyrules in the permission config stop working for the rest of the session.The edit tool passes
always: ["*"], which stores{permission: "edit", pattern: "*", action: "allow"}in the approved list. Becauseevaluate()usesfindLastacross[...ruleset, ...approved], this broad approved allow always wins over specific deny rules from the user's config.Example config that stops being enforced:
After clicking "Allow always" on any single edit prompt, edits to
AGENTS.mdgo through without any denial or prompt.Plugins
None
OpenCode version
1.14.30 (also reproduced on latest dev)
Steps to reproduce
Screenshot and/or share link
No response
Operating System
macOS but but exists on any OS.
Terminal
macOS Terminal