Skip to content

fix(permission): use absolute paths for external file permission matching#18628

Open
kevinWangSheng wants to merge 1 commit intoanomalyco:devfrom
kevinWangSheng:fix/edit-permission-path-mismatch
Open

fix(permission): use absolute paths for external file permission matching#18628
kevinWangSheng wants to merge 1 commit intoanomalyco:devfrom
kevinWangSheng:fix/edit-permission-path-mismatch

Conversation

@kevinWangSheng
Copy link
Copy Markdown
Contributor

@kevinWangSheng kevinWangSheng commented Mar 22, 2026

Issue for this PR

Closes #18441

Type of change

  • Bug fix

What does this PR do?

The edit, write, and apply_patch tools send permission check patterns as relative paths from the worktree (e.g. ../../.config/opencode/file.txt). Meanwhile, user-defined permission rules in config are expanded to absolute paths (e.g. /Users/x/.config/opencode/** after ~/ expansion in Permission.fromConfig()).

Wildcard.match() compares these two different formats and never matches, so edit/write rules for external files silently fall through to the default { permission: "*", pattern: "*", action: "allow" } rule — bypassing any user-specified "ask" or "deny" restrictions.

The fix checks whether the target file is inside the worktree via Instance.containsPath():

  • Internal files: keep relative paths (preserves existing behavior and matches relative config patterns like "src/**")
  • External files: use absolute paths (correctly matches expanded config rules like "/Users/x/.config/**")

This is consistent with how assertExternalDirectory() already sends absolute glob patterns for the external_directory permission check.

How did you verify your code works?

  • bun run typecheck passes (all 13 packages)
  • Traced the permission evaluation flow: with this fix, an external file path like /Users/x/.config/opencode/settings.json now correctly matches a config rule { "edit": { "~/.config/opencode/**": "ask" } } (expanded to /Users/x/.config/opencode/**)
  • Internal files (inside worktree) remain unchanged — relative paths still match relative config patterns

Screenshots / recordings

N/A

Checklist

  • I have tested my changes locally
  • I have not included unrelated changes in this PR

@kevinWangSheng
fix(permission): use absolute paths for external file permission matc…
d80da9a 
…hing

Edit, write, and apply_patch tools were sending relative paths (e.g.
../../.config/file.txt) in permission check patterns, while config rules
expand to absolute paths (e.g. /Users/x/.config/**). Wildcard.match()
never matched, so edit/write rules for external files silently fell
through to the default "allow" action.

For files outside the worktree, use absolute paths in permission
patterns so they correctly match expanded config rules. Internal files
keep relative paths for backward compatibility.

Closes anomalyco#18441
@github-actions github-actions bot mentioned this pull request Mar 24, 2026
Closed
@github-actions github-actions bot mentioned this pull request Apr 17, 2026
Open
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

contributor

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

edit permission rules do not override external_directory: "allow" for write operations

1 participant

@kevinWangSheng