Permissions ignored

[MonsieurTib]

Description

I have the following opencode.json configuration

  "$schema": "https://opencode.ai/config.json",
  "permission": {
    "external_directory": "ask",
    "read": {
      "*": "allow",
      "*.env": "deny",
      "*.env.*": "deny",
      "appsettings.json": "deny",
      "appsettings.*.json": "deny",
      "secrets.json": "deny"
    },
    "bash": {
      "*": "allow",
      "git *": "ask",
      "gh *": "ask",
      "az *": "ask",
      "rm -rf *": "deny",
      "dotnet user-secrets *": "deny",
      "docker *": "ask",
      "curl *": "ask"
    },
  },
  "mcp": {
    "context7": {
      "type": "remote",
      "url": "https://mcp.context7.com/mcp",
      "enabled": true
    },
    "grep_app": {
      "type": "remote",
      "url": "https://mcp.grep.app",
      "enabled": true
    }
  }
}

and asked Opencode to validate the format of the .env and appsettings.json files in my project.
Opencode correctly detects that it does not have permission to read the .env file and does not access it. However, for appsettings.json, it reports that it does not have permission but then proceeds to read the file anyway.

Plugins

No response

OpenCode version

1.2.20

Steps to reproduce

No response

Screenshot and/or share link

Operating System

macOS Tahoe 26.3

Terminal

Ghostty

[github-actions]

This issue might be a duplicate of existing issues. Please check:

• Path-based read permissions not enforced; catch-all rules always take precedence #13646: Path-based read permissions not enforced; catch-all rules always take precedence (very similar - specific file patterns in read permissions being ignored)
• Permissions are no longer working after 6 to 8 weeks as is #15754: Permissions are no longer working after 6 to 8 weeks as is (related - permissions not being respected generally)

If your issue is distinct from these, please add a comment explaining how it differs.

[OpeOginni]

@MonsieurTib Was able to reproduce the issue, a solution would be to use this

  "read": {
    "*.env": "deny",
    "*.env.*": "deny",
    "**/appsettings.json": "deny",
    "**/appsettings.*.json": "deny",
    "**/secrets.json": "deny",
  },

I omitted the "*" permission, because that is already added in opencode by default.

Try this and let me know how it works for you

[MonsieurTib]

I will try this approach later, but I’m not sure it will reassure the security team, since OpenCode explicitly states that it does not have the permission (so it wasn’t a configuration issue) but then proceeds anyway.

[avramukk]

Same for me. All permissions are ignored.
And all commands running much longer than before (41 s for curl?)
Also, I don't understand why the context always starting form 70000 input tokens? Any way to debug it? I have almost nothing in config and agents.md.

[OpeOginni]

@avramukk ill check this out too

[OpeOginni]

@avramukk I am not able to reproduce the issue you have, using your exact config I always get asked before curl is run as set

[avramukk]

@avramukk I am not able to reproduce the issue you have, using your exact config I always get asked before curl is run as set

hmmm, which version? (my is 1.2.20)

[OpeOginni]

hmmm, which version? (my is 1.2.20)

1.2.20

[avramukk]

@MonsieurTib I found it. The problem is MCP. Try to remove it from the config, and it will ask for permissions again

[MonsieurTib]

@avramukk This is not a solution, and it doesn’t appear to be a configuration issue since the permission denial was correctly detected but then ignored ( cf the screenshot I shared )

[OpeOginni]

@MonsieurTib I found it. The problem is MCP. Try to remove it from the config, and it will ask for permissions again

What MCPs are you using that prevents permissions from being enforced?