From aa8167e12a0ecc4bd9715738b2c860aa11ca9142 Mon Sep 17 00:00:00 2001 From: Sergey Korsik Date: Thu, 30 Apr 2026 19:50:16 +0200 Subject: [PATCH 1/3] plan: add commit approval system for AI agents --- opencode/plans/commit-approval-system.md | 72 ++++++++++++++++++++++++ 1 file changed, 72 insertions(+) create mode 100644 opencode/plans/commit-approval-system.md diff --git a/opencode/plans/commit-approval-system.md b/opencode/plans/commit-approval-system.md new file mode 100644 index 0000000..064e4a8 --- /dev/null +++ b/opencode/plans/commit-approval-system.md @@ -0,0 +1,72 @@ +# Plan: Commit Approval System for AI Agents + +- **Feature**: Implement a system to prevent AI agents from committing code without explicit user approval +- **Branch**: `feature/commit-approval-system` +- **Status**: `In Progress` +- **Depends On**: None +- **Summary**: Research and implement safeguards to ensure AI agents always ask for user permission before making git commits, addressing the issue of unauthorized commits despite instructions. + +--- + +### Problem Statement + +AI agents consistently commit code without explicit user approval despite clear instructions not to do so. This violates workflow requirements and can lead to unwanted commits in the repository. + +### Proposed Solutions (Research Findings) + +1. **Git Hooks Approach**: + - Create a `pre-commit` hook that prompts for approval + - Hook checks if commit is being made by an AI agent (via commit message patterns or environment variables) + - Requires user confirmation via interactive prompt before allowing commit + +2. **Wrapper Script Approach**: + - Replace git command with a wrapper script that intercepts commits + - Script prompts for approval before executing actual git commit + - Can be configured per-repository or globally + +3. **Interactive Commit Tool**: + - Create a specialized commit tool that always requires approval + - Tool displays proposed commit message and asks for confirmation + - Integrates with existing workflow via git aliases + +4. **Environment-Based Protection**: + - Use environment variables to detect automated vs manual commits + - Implement approval gates when automated context is detected + +### Implementation Plan + +#### Phase 1: Git Hook Solution + +- [ ] Create `pre-commit` hook that detects AI agent commits +- [ ] Implement interactive approval prompt +- [ ] Add hook installation script to project + +#### Phase 2: Integration with OpenCode + +- [ ] Research OpenCode-specific integration points +- [ ] Implement approval mechanism within OpenCode workflow +- [ ] Test with current doro-cli project + +#### Phase 3: Documentation and Best Practices + +- [ ] Document the approval system setup +- [ ] Create guidelines for AI agent commit workflows +- [ ] Provide template hooks for other projects + +### Current Issue: Sound Indicator Missing + +Additionally, the sound indicator is not displaying on medium-sized screens as shown in the provided image. This needs to be addressed in the existing UI fix plan. + +### Research Sources + +- Git hooks documentation: https://git-scm.com/docs/githooks +- Stack Overflow discussion on hooks in repositories +- GitHub CODEOWNERS and approval mechanisms +- Various npm/composer hook management tools + +### Next Steps + +1. Implement and test pre-commit hook solution +2. Research OpenCode's internal commit mechanisms +3. Create user-friendly approval interface +4. Test with current workflow and iterate based on findings From 523329aebd4235ec6847e035ea731488aa7578ff Mon Sep 17 00:00:00 2001 From: Sergey Korsik Date: Thu, 30 Apr 2026 20:12:42 +0200 Subject: [PATCH 2/3] feat: implement strict commit approval system - Block AI git commit/push operations via deny permissions - Add config file edit protection (opencode.json, .opencode/**, .husky/**) - Enforce policy at agent level (plan, general agents) - Allow safe git read operations (status, diff, log, show) - Require approval for risky git operations (add, checkout, reset, merge, rebase) Resolves commit approval system requirements from plan. --- opencode.json | 53 +++++++++++++++++++++++++++++++++++---------------- 1 file changed, 37 insertions(+), 16 deletions(-) diff --git a/opencode.json b/opencode.json index ee47422..7de6230 100644 --- a/opencode.json +++ b/opencode.json @@ -9,10 +9,22 @@ ], "agent": { "plan": { - "model": "github-copilot/gpt-5.3-codex" + "model": "github-copilot/gpt-5.3-codex", + "permission": { + "bash": { + "git commit *": "deny", + "git push *": "deny" + } + } }, "general": { - "model": "github-copilot/gemini-3.1-pro-preview" + "model": "github-copilot/gemini-3.1-pro-preview", + "permission": { + "bash": { + "git commit *": "deny", + "git push *": "deny" + } + } }, "explore": { "model": "github-copilot/gemini-3-flash" @@ -32,23 +44,32 @@ "*": "ask", "git status *": "allow", "git status": "allow", - "git diff *": "allow", + "git diff *": "allow", "git log *": "allow", - "git checkout *": "allow", - "git add *": "allow", - "git commit *": "allow", - "git branch *": "allow", + "git show *": "allow", "git branch": "allow", + "git branch -v*": "allow", + "git branch --list*": "allow", "git fetch *": "allow", - "git merge *": "allow", - "git rebase *": "allow", - "git stash *": "allow", - "git reset *": "allow", - "git restore *": "allow", - "git show *": "allow", - "git push *": "allow", - "git push": "allow", - "gh *": "allow" + "gh pr checks*": "allow", + "gh run view*": "allow", + "gh run list*": "allow", + "git checkout *": "ask", + "git add *": "ask", + "git stash *": "ask", + "git reset *": "ask", + "git restore *": "ask", + "git merge *": "ask", + "git rebase *": "ask", + "git commit *": "deny", + "git push *": "deny", + "git push": "deny" + }, + "edit": { + "*": "allow", + "opencode.json": "ask", + ".opencode/**": "ask", + ".husky/**": "ask" }, "skill": { "antivibe": "allow" From b21f58796ce2b9c2fd82106eb1a894d8f7611c62 Mon Sep 17 00:00:00 2001 From: Sergey Korsik Date: Fri, 1 May 2026 08:05:13 +0200 Subject: [PATCH 3/3] Update agent workflow docs to clarify existing commit protections --- .opencode/docs/AGENT_WORKFLOW.md | 47 ++++++++++++++- opencode/plans/commit-approval-system.md | 77 +++++++----------------- 2 files changed, 67 insertions(+), 57 deletions(-) diff --git a/.opencode/docs/AGENT_WORKFLOW.md b/.opencode/docs/AGENT_WORKFLOW.md index 901533b..e0e6927 100644 --- a/.opencode/docs/AGENT_WORKFLOW.md +++ b/.opencode/docs/AGENT_WORKFLOW.md @@ -31,7 +31,52 @@ This document outlines the standard operating procedures for all AI agents worki ## 3. Implementation & Committing - **Small, Atomic Commits**: Changes should be broken down into small, logical commits. -- **Pre-Commit Approval**: The agent MUST ask for user approval before every `git commit` operation, presenting the proposed commit message. + +### Commit Protection System + +**OpenCode automatically prevents unauthorized commits** via the permission system defined in `opencode.json`: +- `"git commit *": "deny"` blocks all direct commit attempts by agents +- Environment variables (`OPENCODE=1`, `OPENCODE_PROCESS_ROLE=worker`) identify agent context +- This protection is automatic and cannot be bypassed by agents + +### Proper Commit Workflow for Agents + +1. **Request Approval**: Before committing, the agent MUST ask the user explicitly: + - Present the proposed commit message + - Show what changes will be included (`git status`, `git diff`) + - Wait for explicit user confirmation (e.g., "yes", "proceed", "commit") + +2. **User Executes Commit**: After approval, the **user** runs the commit command: + - User types: `git commit -m "the agreed message"` + - OR user can modify the message and commit manually + +3. **Agent Never Commits Directly**: Agents must never attempt `git commit` commands + - Such attempts will be blocked by OpenCode's permission system + - Instead, agents should guide users through the commit process + +### Troubleshooting Commit Issues + +- **"Permission denied" errors**: Normal behavior - agents cannot commit directly +- **Agent claims to commit**: Bug in agent logic - agent should request approval instead +- **Manual commits failing**: Check if you're in an agent session vs manual terminal + +### Example Proper Commit Request + +``` +I've completed the feature implementation. Here are the changes ready to commit: + +**Proposed commit message**: "Add dark mode toggle to settings page" + +**Files changed** (git status): +- src/components/Settings.tsx (modified) +- src/styles/themes.css (new file) + +**Summary of changes** (git diff --stat): +- Added toggle component with state management +- Implemented CSS variables for theme switching + +Please review and run: `git commit -m "Add dark mode toggle to settings page"` +``` ## 4. CI/CD diff --git a/opencode/plans/commit-approval-system.md b/opencode/plans/commit-approval-system.md index 064e4a8..774e3c2 100644 --- a/opencode/plans/commit-approval-system.md +++ b/opencode/plans/commit-approval-system.md @@ -8,65 +8,30 @@ --- -### Problem Statement +### Acceptance Criteria -AI agents consistently commit code without explicit user approval despite clear instructions not to do so. This violates workflow requirements and can lead to unwanted commits in the repository. +- Documentation clearly explains existing OpenCode commit protections +- Workflow instructions are explicit about pre-commit approval requirements +- Agents understand how to properly request commit approval +- Manual human commits work without friction +- Clear guidance on troubleshooting commit permission issues -### Proposed Solutions (Research Findings) +### Research Findings -1. **Git Hooks Approach**: - - Create a `pre-commit` hook that prompts for approval - - Hook checks if commit is being made by an AI agent (via commit message patterns or environment variables) - - Requires user confirmation via interactive prompt before allowing commit +**OpenCode already prevents unauthorized commits via:** +1. `opencode.json` permission system: `"git commit *": "deny"` for plan/general agents +2. Environment variables: `OPENCODE=1`, `OPENCODE_RUN_ID`, `OPENCODE_PROCESS_ROLE=worker` +3. Workflow requirement: `.opencode/docs/AGENT_WORKFLOW.md:34` mandates pre-commit approval -2. **Wrapper Script Approach**: - - Replace git command with a wrapper script that intercepts commits - - Script prompts for approval before executing actual git commit - - Can be configured per-repository or globally +**Root issue:** Agent compliance with existing instructions, not missing safeguards. -3. **Interactive Commit Tool**: - - Create a specialized commit tool that always requires approval - - Tool displays proposed commit message and asks for confirmation - - Integrates with existing workflow via git aliases +### Checklist -4. **Environment-Based Protection**: - - Use environment variables to detect automated vs manual commits - - Implement approval gates when automated context is detected - -### Implementation Plan - -#### Phase 1: Git Hook Solution - -- [ ] Create `pre-commit` hook that detects AI agent commits -- [ ] Implement interactive approval prompt -- [ ] Add hook installation script to project - -#### Phase 2: Integration with OpenCode - -- [ ] Research OpenCode-specific integration points -- [ ] Implement approval mechanism within OpenCode workflow -- [ ] Test with current doro-cli project - -#### Phase 3: Documentation and Best Practices - -- [ ] Document the approval system setup -- [ ] Create guidelines for AI agent commit workflows -- [ ] Provide template hooks for other projects - -### Current Issue: Sound Indicator Missing - -Additionally, the sound indicator is not displaying on medium-sized screens as shown in the provided image. This needs to be addressed in the existing UI fix plan. - -### Research Sources - -- Git hooks documentation: https://git-scm.com/docs/githooks -- Stack Overflow discussion on hooks in repositories -- GitHub CODEOWNERS and approval mechanisms -- Various npm/composer hook management tools - -### Next Steps - -1. Implement and test pre-commit hook solution -2. Research OpenCode's internal commit mechanisms -3. Create user-friendly approval interface -4. Test with current workflow and iterate based on findings +- [x] **(Mandatory)** Research OpenCode-specific integration points and commit mechanisms +- [x] **(Decision)** Evaluate strategy: OpenCode's existing permission system is sufficient +- [ ] **(Mandatory)** Update workflow documentation to clarify existing protections +- [ ] **(Mandatory)** Add explicit guidance for agents on commit approval workflow +- [ ] **(Mandatory)** Document troubleshooting steps for commit permission issues +- [ ] **(Optional)** Add examples of proper commit request patterns +- [ ] **(Mandatory)** Test documentation with current OpenCode setup +- [ ] **(Mandatory)** Verify changes by running the type checker and unit tests