feat: Add glob pattern-based external_directory permission settings

Author: fpdy

packages/opencode/src/config/config.ts

@@ -391,13 +391,24 @@ export namespace Config {
   export const Permission = z.enum(["ask", "allow", "deny"])
   export type Permission = z.infer<typeof Permission>
 
+  export const PermissionPatternMap = z.record(z.string(), Permission).describe(
+    "Map of glob patterns to permissions. Patterns are evaluated in insertion order; first match wins. Use '*' as a catch-all default.",
+  )
+  export type PermissionPatternMap = z.infer<typeof PermissionPatternMap>
+
   export const ExternalDirectoryPermission = z
     .union([
       Permission,
       z
         .object({
-          read: Permission.optional().describe("Permission for reading files outside working directory"),
-          write: Permission.optional().describe("Permission for writing files outside working directory"),
+          read: z
+            .union([Permission, PermissionPatternMap])
+            .optional()
+            .describe("Permission for reading files outside working directory"),
+          write: z
+            .union([Permission, PermissionPatternMap])
+            .optional()
+            .describe("Permission for writing files outside working directory"),
         })
         .strict(),
     ])
@@ -411,6 +422,7 @@ export namespace Config {
   ): Permission | undefined {
     if (permission === undefined) return undefined
     if (typeof permission === "string") return permission
+    if (typeof permission.read === "object") return undefined // Pattern map requires filepath
     return permission.read
   }
 
@@ -419,9 +431,73 @@ export namespace Config {
   ): Permission | undefined {
     if (permission === undefined) return undefined
     if (typeof permission === "string") return permission
+    if (typeof permission.write === "object") return undefined // Pattern map requires filepath
     return permission.write
   }
 
+  /**
+   * Resolves the read permission for a specific file path.
+   * When permission is a pattern map, patterns are evaluated in insertion order (first match wins).
+   * The "*" pattern is treated as a catch-all default and only evaluated if no other pattern matches.
+   */
+  export function getExternalDirectoryReadForPath(
+    permission: ExternalDirectoryPermission | undefined,
+    filepath: string,
+  ): Permission | undefined {
+    if (permission === undefined) return undefined
+    if (typeof permission === "string") return permission
+
+    const readPerm = permission.read
+    if (readPerm === undefined) return undefined
+    if (typeof readPerm === "string") return readPerm
+
+    return resolvePermissionFromPatternMap(readPerm, filepath)
+  }
+
+  /**
+   * Resolves the write permission for a specific file path.
+   * When permission is a pattern map, patterns are evaluated in insertion order (first match wins).
+   * The "*" pattern is treated as a catch-all default and only evaluated if no other pattern matches.
+   */
+  export function getExternalDirectoryWriteForPath(
+    permission: ExternalDirectoryPermission | undefined,
+    filepath: string,
+  ): Permission | undefined {
+    if (permission === undefined) return undefined
+    if (typeof permission === "string") return permission
+
+    const writePerm = permission.write
+    if (writePerm === undefined) return undefined
+    if (typeof writePerm === "string") return writePerm
+
+    return resolvePermissionFromPatternMap(writePerm, filepath)
+  }
+
+  /**
+   * Resolves permission from a pattern map for a given filepath.
+   * Patterns are evaluated in insertion order; "*" is skipped and used as fallback.
+   */
+  function resolvePermissionFromPatternMap(
+    patternMap: PermissionPatternMap,
+    filepath: string,
+  ): Permission | undefined {
+    for (const [pattern, perm] of Object.entries(patternMap)) {
+      // Skip "*" (catch-all default) - evaluate it last
+      if (pattern === "*") continue
+
+      // Expand ~ to home directory
+      const normalizedPattern = pattern.startsWith("~/") ? pattern.replace("~", os.homedir()) : pattern
+
+      const glob = new Bun.Glob(normalizedPattern)
+      if (glob.match(filepath)) {
+        return perm
+      }
+    }
+
+    // Return catch-all default if present
+    return patternMap["*"]
+  }
+
   export const Command = z.object({
     template: z.string(),
     description: z.string().optional(),

packages/opencode/src/tool/bash.ts

@@ -87,7 +87,7 @@ export const BashTool = Tool.define("bash", async () => {
       const checkExternalDirectory = async (dir: string) => {
         if (Filesystem.contains(Instance.directory, dir)) return
         const title = `This command references paths outside of ${Instance.directory}`
-        const writePermission = Config.getExternalDirectoryWrite(agent.permission.external_directory)
+        const writePermission = Config.getExternalDirectoryWriteForPath(agent.permission.external_directory, dir)
         if (writePermission === "ask") {
           await Permission.ask({
             type: "external_directory",

packages/opencode/src/tool/edit.ts

@@ -47,7 +47,7 @@ export const EditTool = Tool.define("edit", {
     const filePath = path.isAbsolute(params.filePath) ? params.filePath : path.join(Instance.directory, params.filePath)
     if (!Filesystem.contains(Instance.directory, filePath)) {
       const parentDir = path.dirname(filePath)
-      const writePermission = Config.getExternalDirectoryWrite(agent.permission.external_directory)
+      const writePermission = Config.getExternalDirectoryWriteForPath(agent.permission.external_directory, filePath)
       if (writePermission === "ask") {
         await Permission.ask({
           type: "external_directory",

packages/opencode/src/tool/patch.ts

@@ -56,7 +56,7 @@ export const PatchTool = Tool.define("patch", {
 
       if (!Filesystem.contains(Instance.directory, filePath)) {
         const parentDir = path.dirname(filePath)
-        const writePermission = Config.getExternalDirectoryWrite(agent.permission.external_directory)
+        const writePermission = Config.getExternalDirectoryWriteForPath(agent.permission.external_directory, filePath)
         if (writePermission === "ask") {
           await Permission.ask({
             type: "external_directory",

packages/opencode/src/tool/read.ts

@@ -33,7 +33,7 @@ export const ReadTool = Tool.define("read", {
 
     if (!ctx.extra?.["bypassCwdCheck"] && !Filesystem.contains(Instance.directory, filepath)) {
       const parentDir = path.dirname(filepath)
-      const readPermission = Config.getExternalDirectoryRead(agent.permission.external_directory)
+      const readPermission = Config.getExternalDirectoryReadForPath(agent.permission.external_directory, filepath)
       if (readPermission === "ask") {
         await Permission.ask({
           type: "external_directory",

packages/opencode/src/tool/write.ts

@@ -27,7 +27,7 @@ export const WriteTool = Tool.define("write", {
     const filepath = path.isAbsolute(params.filePath) ? params.filePath : path.join(Instance.directory, params.filePath)
     if (!Filesystem.contains(Instance.directory, filepath)) {
       const parentDir = path.dirname(filepath)
-      const writePermission = Config.getExternalDirectoryWrite(agent.permission.external_directory)
+      const writePermission = Config.getExternalDirectoryWriteForPath(agent.permission.external_directory, filepath)
       if (writePermission === "ask") {
         await Permission.ask({
           type: "external_directory",

packages/opencode/test/config/config.test.ts

@@ -1,10 +1,11 @@
-import { test, expect } from "bun:test"
+import { test, expect, describe } from "bun:test"
 import { Config } from "../../src/config/config"
 import { Instance } from "../../src/project/instance"
 import { tmpdir } from "../fixture/fixture"
 import path from "path"
 import fs from "fs/promises"
 import { pathToFileURL } from "url"
+import os from "os"
 
 test("loads config with defaults when no files exist", async () => {
   await using tmp = await tmpdir()
@@ -501,3 +502,128 @@ test("deduplicates duplicate plugins from global and local configs", async () =>
     },
   })
 })
+
+// Unit tests for pattern-based external directory permission helpers
+describe("getExternalDirectoryReadForPath", () => {
+  test("returns permission when string", () => {
+    expect(Config.getExternalDirectoryReadForPath("allow", "/any/path")).toBe("allow")
+    expect(Config.getExternalDirectoryReadForPath("deny", "/any/path")).toBe("deny")
+    expect(Config.getExternalDirectoryReadForPath("ask", "/any/path")).toBe("ask")
+  })
+
+  test("returns undefined when permission is undefined", () => {
+    expect(Config.getExternalDirectoryReadForPath(undefined, "/any/path")).toBeUndefined()
+  })
+
+  test("returns permission from pattern map when path matches", () => {
+    const permission = {
+      read: {
+        "/etc/**": "allow" as const,
+        "*": "deny" as const,
+      },
+    }
+    expect(Config.getExternalDirectoryReadForPath(permission, "/etc/hosts")).toBe("allow")
+    expect(Config.getExternalDirectoryReadForPath(permission, "/etc/subdir/file")).toBe("allow")
+    expect(Config.getExternalDirectoryReadForPath(permission, "/other/path")).toBe("deny")
+  })
+
+  test("returns catch-all (*) when no pattern matches", () => {
+    const permission = {
+      read: {
+        "/nonexistent/**": "allow" as const,
+        "*": "ask" as const,
+      },
+    }
+    expect(Config.getExternalDirectoryReadForPath(permission, "/etc/hosts")).toBe("ask")
+  })
+
+  test("returns undefined when no pattern matches and no catch-all", () => {
+    const permission = {
+      read: {
+        "/nonexistent/**": "deny" as const,
+      },
+    }
+    expect(Config.getExternalDirectoryReadForPath(permission, "/etc/hosts")).toBeUndefined()
+  })
+
+  test("first matching pattern takes precedence", () => {
+    const permission = {
+      read: {
+        "/etc/hosts": "allow" as const,
+        "/etc/**": "deny" as const,
+        "*": "ask" as const,
+      },
+    }
+    expect(Config.getExternalDirectoryReadForPath(permission, "/etc/hosts")).toBe("allow")
+  })
+
+  test("expands ~ to home directory in patterns", () => {
+    const homeDir = os.homedir()
+    const permission = {
+      read: {
+        "~/.ssh/**": "deny" as const,
+        "~/reference/**": "allow" as const,
+        "*": "ask" as const,
+      },
+    }
+    expect(Config.getExternalDirectoryReadForPath(permission, `${homeDir}/.ssh/id_rsa`)).toBe("deny")
+    expect(Config.getExternalDirectoryReadForPath(permission, `${homeDir}/reference/doc.txt`)).toBe("allow")
+    expect(Config.getExternalDirectoryReadForPath(permission, `${homeDir}/other/file.txt`)).toBe("ask")
+  })
+
+  test("returns simple read permission when read is string", () => {
+    const permission = {
+      read: "allow" as const,
+      write: "deny" as const,
+    }
+    expect(Config.getExternalDirectoryReadForPath(permission, "/any/path")).toBe("allow")
+  })
+})
+
+describe("getExternalDirectoryWriteForPath", () => {
+  test("returns permission when string", () => {
+    expect(Config.getExternalDirectoryWriteForPath("allow", "/any/path")).toBe("allow")
+    expect(Config.getExternalDirectoryWriteForPath("deny", "/any/path")).toBe("deny")
+    expect(Config.getExternalDirectoryWriteForPath("ask", "/any/path")).toBe("ask")
+  })
+
+  test("returns undefined when permission is undefined", () => {
+    expect(Config.getExternalDirectoryWriteForPath(undefined, "/any/path")).toBeUndefined()
+  })
+
+  test("returns permission from pattern map when path matches", () => {
+    const permission = {
+      write: {
+        "/tmp/**": "allow" as const,
+        "*": "deny" as const,
+      },
+    }
+    expect(Config.getExternalDirectoryWriteForPath(permission, "/tmp/file.txt")).toBe("allow")
+    expect(Config.getExternalDirectoryWriteForPath(permission, "/tmp/subdir/file")).toBe("allow")
+    expect(Config.getExternalDirectoryWriteForPath(permission, "/other/path")).toBe("deny")
+  })
+
+  test("expands ~ to home directory in patterns", () => {
+    const homeDir = os.homedir()
+    const permission = {
+      write: {
+        "~/temp/**": "allow" as const,
+        "*": "deny" as const,
+      },
+    }
+    expect(Config.getExternalDirectoryWriteForPath(permission, `${homeDir}/temp/file.txt`)).toBe("allow")
+    expect(Config.getExternalDirectoryWriteForPath(permission, `${homeDir}/other/file.txt`)).toBe("deny")
+  })
+
+  test("mixed config: pattern map for write, simple value for read", () => {
+    const permission = {
+      read: "allow" as const,
+      write: {
+        "/protected/**": "deny" as const,
+        "*": "ask" as const,
+      },
+    }
+    expect(Config.getExternalDirectoryWriteForPath(permission, "/protected/file.txt")).toBe("deny")
+    expect(Config.getExternalDirectoryWriteForPath(permission, "/other/file.txt")).toBe("ask")
+  })
+})