Skip to content

feat: YOLO Mode - Skip All Permission Prompts (CLI + Desktop) #9073

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
mguttmann wants to merge 18 commits into
base: dev
Choose a base branch
from
Open

feat: YOLO Mode - Skip All Permission Prompts (CLI + Desktop) #9073

mguttmann wants to merge 18 commits into from
+3,397 −163

Conversation

@mguttmann
Copy link

@mguttmann mguttmann commented Jan 17, 2026
edited
Loading

Summary

Comprehensive implementation of YOLO mode that allows users to skip all permission prompts. This addresses multiple community requests (#8463, #7928, #1813) with a complete solution for both CLI and Desktop.

Closes #9070

Features

CLI Support

Method Usage
Flag opencode --yolo or opencode --dangerously-skip-permissions
Environment Variable OPENCODE_YOLO=true opencode
Commands opencode yolo status / enable / disable 
# Check current status
$ opencode yolo status
YOLO mode: ENABLED (saved in config)
Config: /Users/.../.config/opencode/config.json

# Enable permanently
$ opencode yolo enable
YOLO mode ENABLED - saved to config
Warning: All permission prompts will be skipped!

# Disable
$ opencode yolo disable
YOLO mode disabled - removed from config

Desktop App Support

New Settings → Danger Zone tab with:

  • This Session Only - Toggle for current session (resets on restart)
  • Always Enabled - Persists to ~/.config/opencode/config.json
  • Clear visual indicators showing active state
  • Live switching without app restart
  • Warning messaging about the risks

Config File Support

{
  "yolo": true
}

Works in both project-level opencode.json and global ~/.config/opencode/config.json.

Technical Implementation

  • Yolo Module (packages/opencode/src/yolo/index.ts): Centralized state management
  • Permission Bypass (permission/next.ts): Auto-approves in PermissionNext.ask() when YOLO enabled
  • API Endpoints: GET/POST /config/yolo for runtime control
  • Safety: Explicit deny rules are still respected even in YOLO mode

Files Changed

File Changes
packages/opencode/src/yolo/index.ts New module for YOLO state management
packages/opencode/src/cli/cmd/yolo.ts New CLI commands
packages/opencode/src/permission/next.ts Auto-approve logic
packages/opencode/src/server/routes/config.ts YOLO API endpoints
packages/opencode/src/flag/flag.ts OPENCODE_YOLO env var
packages/opencode/src/config/config.ts Config schema
packages/opencode/src/index.ts CLI flag + command registration
packages/app/src/components/dialog-settings.tsx Desktop UI (Danger Zone tab)

Testing

Manually tested:

  • CLI --yolo flag
  • CLI opencode yolo commands
  • Environment variable
  • Desktop UI YOLO toggles
  • Config persistence
  • Live toggle without restart
  • Permission prompts appear when disabled
  • Permission prompts skipped when enabled
  • Switching between session-only and permanent modes

Related Issues

This PR provides a comprehensive solution that addresses:

This was referenced Jan 17, 2026
Open
Open
Open
Open
@github-actions
Copy link
Contributor

github-actions bot commented Jan 17, 2026

The following comment was made by an LLM, it may be inaccurate:

Based on my search, I found one potential duplicate:

PR #7137: feat: add --dangerously-skip-permissions flag
#7137

This PR appears to be directly related as it implements a --dangerously-skip-permissions flag, which is one of the methods mentioned in PR #9073 for skipping permission prompts. The current PR #9073 consolidates this feature under the broader "YOLO mode" umbrella with additional functionality for Desktop UI and runtime configuration.

Note: PR #6968 mentions "Autonomous Mode" in the documentation context but appears less directly related to the implementation.

@mguttmann
Copy link
Author

mguttmann commented Jan 17, 2026

Thanks for flagging PR #7137!

Comparison of the two implementations:

Feature PR #7137 (surma) PR #9073 (this PR)
CLI --dangerously-skip-permissions ✅ (+ --yolo alias)
Environment variable
TUI warning indicator ✅ (Desktop "ACTIVE" badge)
CLI commands (yolo status/enable/disable)
Desktop UI (Settings → Danger Zone)
Config file support ("yolo": true)
Runtime API (GET/POST /config/yolo)
Session vs Permanent modes
Live toggle without restart

Summary:

If PR #7137's simpler approach is preferred, the maintainers could merge that instead. However, this PR provides a more complete solution that addresses all related feature requests (#8463, #7928, #1813) with full parity between CLI and Desktop.

Happy to consolidate or adjust based on maintainer feedback!

@freak4pc
Copy link

freak4pc commented Jan 17, 2026

This is such a needed addition IMO, thanks for pushing it!

@mguttmann
Copy link
Author

mguttmann commented Jan 17, 2026
edited
Loading

Added ability to delete individual OAuth accounts

Update: This feature has been moved to PR #9069 (Multi-Account OAuth) where it logically belongs. See my comment below for details.

@iljod
Copy link
Contributor

iljod commented Jan 18, 2026

Added ability to delete individual OAuth accounts:

* **CLI**: `opencode auth logout` now shows account selection for multi-account providers

* **Desktop**: Delete button (X) with confirmation for each account in Provider settings

* **API**: `DELETE /auth/account` endpoint

This was a missing feature - you could add multiple accounts but couldn't remove them individually.

imo not the scope of this pr, should be a different one

@mguttmann
Copy link
Author

mguttmann commented Jan 18, 2026

Good catch @iljod! You're absolutely right - the delete account functionality doesn't belong in this PR.

I've moved it to PR #9069 (Multi-Account OAuth) where it logically belongs. The delete feature is needed for managing multiple OAuth accounts, not for YOLO mode.

Changes made:

This PR now focuses purely on YOLO mode functionality.

gwizz and others added 15 commits January 21, 2026 22:36
feat(auth): oauth multi-account failover
dbe1884
Add OAuth credential failover with toasts
4586e63
fix(auth): improve oauth failover notifications
2036a37
Increase failover toast duration
e846fd4
Improve OAuth rotation resiliency
238066e
Add OAuth retry edge case tests
b63d520
Relax auth store updates under lock contention
103ca9f
Rotate oauth on non-network errors
4287fa6 
Non-network errors seen in logs:

- AI_APICallError (402 deactivated_workspace)

- AI_APICallError (500 server_error)

- AI_LoadAPIKeyError / OpenAI API key is missing

- ProviderInitError

- ConfigInvalidError

- ProviderAuthOauthCallbackFailed

- NotFoundError

- EditBuffer is destroyed
feat(auth): add usage API endpoint with Anthropic rate limits
77e30a4 
- Add getUsage() to fetch OAuth account status and health
- Add fetchAnthropicUsage() to fetch Claude Max rate limits from Anthropic API
- Add GET /auth/usage endpoint to expose usage data
feat(app): add auth usage dashboard dialog
7c932ab 
- Add DialogAuthUsage component with rate limit visualization
- Display Anthropic 5-hour and 7-day limits with progress bars
- Show OAuth account status, cooldown state, and request counts
- Add button in sidebar to open the dialog
feat(cli): add 'auth usage' command
11cc3b9 
- Add AuthUsageCommand to display rate limit info in terminal
- Show account status, cooldown state, and request counts
- Display Anthropic rate limits when available
fix: remove invalid step-start parts from UIMessage conversion
05b2900 
The AI SDK's convertToModelMessages() does not accept 'step-start' as a valid
UIMessagePart type. This caused AI_InvalidPromptError during session compaction.

- Remove step-start from being added to UIMessage parts
- Simplify the filter since step-start is no longer included
- Fixes compaction breaking sessions with context overflow
feat: multi-account OAuth rotation with settings UI and CLI enhancements
abffa95 
Implements comprehensive multi-account OAuth support with automatic rate limit
rotation, manual account switching, and a new Settings menu for the desktop app.

- Add `Auth.OAuthPool.setActive()` to manually switch active OAuth account
- Add `Auth.OAuthPool.snapshot()` returns `activeID` for credential selection
- Update `rotating-fetch.ts` to prefer `activeID` while keeping auto-rotation
- Update `fetchAnthropicUsage()` to respect `provider.active[namespace]`
- Update `getAccounts()` to correctly identify active account

- Add `POST /auth/active` endpoint to switch active OAuth account
- Returns updated `anthropicUsage` for immediate UI updates

- New `DialogSettings` component with tabbed interface
- **Providers Tab**: View connected providers, add new providers with search
- **Provider Detail View**: Account list, usage stats, switch functionality
- **About Tab**: GitHub, docs, Discord links, keyboard shortcuts
- Inline provider search without leaving settings context

- Add Anthropic Rate Limits section in session context panel
- Shows 5-hour, weekly (all models), weekly (sonnet) usage bars
- Account switch buttons when multiple accounts configured
- Only visible when current session uses Anthropic provider

- `opencode auth usage`: Shows individual usage per OAuth account
- `opencode auth switch`: Interactive command to switch active account
- `opencode auth list`: Shows account count per provider
- All provider lists now sorted alphabetically

- `packages/opencode/src/auth/index.ts`: Core OAuth pool functions
- `packages/opencode/src/auth/rotating-fetch.ts`: Credential selection
- `packages/opencode/src/server/server.ts`: API endpoint
- `packages/opencode/src/cli/cmd/auth.ts`: CLI commands
- `packages/app/src/components/dialog-settings.tsx`: New settings UI
- `packages/app/src/components/session/session-context-tab.tsx`: Context panel
- `packages/app/src/pages/layout.tsx`: Settings button integration

1. Request uses `activeID` (manually selected or first available)
2. On 429 rate limit → account gets cooldown, moved to back
3. Next request automatically uses next available account
4. Manual switch via UI/CLI updates `provider.active[namespace]`

Currently only Anthropic provides OAuth usage statistics.
Other providers show multi-account switching but no usage bars.
Contributions welcome for additional provider support.
feat: add ability to delete individual OAuth accounts
b541aca 
- Add Auth.OAuthPool.removeRecord() to remove individual OAuth accounts
- Add DELETE /auth/account API endpoint for Desktop app
- Update CLI 'opencode auth logout' to select specific accounts
- Add delete button with confirmation in Desktop Provider settings
fix: adapt multi-account features to new modular settings structure
3c1140f 
- Move auth endpoints to provider routes
- Add delete account functionality to dialog-auth-usage
- Fix duplicate imports in layout.tsx
- Fix message-v2.ts convertToModelMessages call
- Regenerate SDK types
@mguttmann
Copy link
Author

mguttmann commented Jan 21, 2026

Rebased to latest dev

This PR has been rebased to build on top of PR #9069 (Multi-Account OAuth) and adapted to the latest upstream changes.

Changes in this update:

  • Rebased onto feat/multi-account-oauth-rotation-and-settings
  • Integrated YOLO mode with new modular permission system
  • Added API endpoints in config routes (/config/yolo)
  • Added CLI support (--yolo flag and opencode yolo subcommand)

Features:

  • --yolo CLI flag for single session
  • OPENCODE_YOLO=true environment variable
  • yolo: true in config.json for permanent setting
  • opencode yolo status/enable/disable commands
  • Desktop UI integration via API endpoints
  • Respects explicit deny rules in permission config

Depends on:

Ready for review!

@mguttmann mguttmann mentioned this pull request Jan 21, 2026
Open
Claude Agent added 3 commits January 21, 2026 22:57
fix: add missing /auth/usage endpoint for usage dashboard
39dca67
chore: regenerate SDK
9830977
feat: Add YOLO mode to skip all permission prompts
835a373 
YOLO mode allows users to skip all permission prompts for tools and file edits.
This is useful for automated workflows or when users fully trust the AI's actions.

Features:
- --yolo CLI flag for one session
- OPENCODE_YOLO=true env var
- 'yolo' config option for permanent setting
- 'opencode yolo' subcommand for managing YOLO mode
- API endpoints: GET/POST /config/yolo
- Respects explicit 'deny' rules in permission config

Warning: YOLO mode is dangerous and should be used with caution.
@mguttmann mguttmann mentioned this pull request Jan 21, 2026
Open
8 tasks
@mguttmann
Copy link
Author

mguttmann commented Jan 21, 2026

Update: Rebased onto latest dev (v1.1.30+)

Branch has been rebased onto the updated #9069 (Multi-Account OAuth).

Structure:

origin/dev
    └── #9069 Multi-Account OAuth
            └── #9073 YOLO Mode (this PR)

Features:

  • Skip all permission prompts with --yolo flag or OPENCODE_YOLO=1
  • Config option yolo: true in global config
  • CLI command: opencode yolo [on|off|status]
  • API endpoints: GET/POST /config/yolo

Files:

  • packages/opencode/src/yolo/index.ts - YOLO state management
  • packages/opencode/src/cli/cmd/yolo.ts - CLI commands
  • packages/opencode/src/permission/next.ts - Auto-approve integration
  • packages/opencode/src/server/routes/config.ts - API endpoints

Typecheck passes ✅ | Build passes ✅

Depends on #9069 being merged first.

This was referenced Jan 21, 2026
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@adamdotdevin adamdotdevin Awaiting requested review from adamdotdevin adamdotdevin is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

feat: YOLO Mode - Skip Permission Prompts

3 participants

@mguttmann @freak4pc @iljod