Skip to content
opencode
HomeDocs

Permissions

Control what agents can do in your codebase.

By default, opencode allows all operations without requiring explicit approval.

The permissions system provides granular control to restrict what actions AI agents can perform in your codebase, allowing you to configure explicit approval requirements for sensitive operations like file editing, bash commands, and more.

Configure

Permissions are configured in your opencode.json file under the permission key. Here are the available options.

edit

Use the permission.edit key to control whether file editing operations require user approval.

  • "ask" - Prompt for approval before editing files
  • "allow" - Allow all file editing operations without approval
opencode.json
{
  "$schema": "https://opencode.ai/config.json",
  "permission": {
    "edit": "ask"
  }
}

bash

Controls whether bash commands require user approval.

This can be configured globally or with specific patterns. Setting this to "ask" is the strictest mode, requiring approval for all bash commands.

For example.

  • Ask for approval for all commands

    opencode.json
    {
      "$schema": "https://opencode.ai/config.json",
      "permission": {
        "bash": "ask"
      }
    }

  • Approve specific commands

    opencode.json
    {
      "$schema": "https://opencode.ai/config.json",
      "permission": {
        "bash": {
          "git status": "allow",
          "git diff": "allow",
          "npm run build": "allow",
          "ls": "allow",
          "pwd": "allow"
        }
      }
    }

  • Use wildcard patterns to restrict specific commands

    opencode.json
    {
      "$schema": "https://opencode.ai/config.json",
      "permission": {
        "bash": {
          "git push": "ask",
          "*": "allow"
        }
      }
    }

    This configuration allows all commands by default ("*": "allow") but requires approval for git push commands.