core: fix question tool permissions to prevent usage in non-CLI environments

2026-01-07 20:17:14 -05:00 · 2026-01-07 20:17:14 -05:00 · 0c3cb95f64
parent 21cd0482ba
commit 0c3cb95f64
2 changed files with 10 additions and 1 deletions
--- a/packages/opencode/src/agent/agent.ts
+++ b/packages/opencode/src/agent/agent.ts
@ -51,6 +51,7 @@ export namespace Agent {
        "*": "ask",
        [Truncate.DIR]: "allow",
      },
+      question: "deny",
      // mirrors github.com/github/gitignore Node.gitignore pattern for .env files
      read: {
        "*": "allow",
@ -65,7 +66,13 @@ export namespace Agent {
      build: {
        name: "build",
        options: {},
-        permission: PermissionNext.merge(defaults, user),
+        permission: PermissionNext.merge(
+          defaults,
+          PermissionNext.fromConfig({
+            question: "allow",
+          }),
+          user,
+        ),
        mode: "primary",
        native: true,
      },
@ -75,6 +82,7 @@ export namespace Agent {
        permission: PermissionNext.merge(
          defaults,
          PermissionNext.fromConfig({
+            question: "allow",
            edit: {
              "*": "deny",
              ".opencode/plan/*.md": "allow",
--- a/packages/opencode/src/config/config.ts
+++ b/packages/opencode/src/config/config.ts
@ -450,6 +450,7 @@ export namespace Config {
          external_directory: PermissionRule.optional(),
          todowrite: PermissionAction.optional(),
          todoread: PermissionAction.optional(),
+          question: PermissionAction.optional(),
          webfetch: PermissionAction.optional(),
          websearch: PermissionAction.optional(),
          codesearch: PermissionAction.optional(),