npm - @gandalfix/opencode-permission-export - Versions diffs - 1.0.0 - Mend

@gandalfix/opencode-permission-export 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+MIT License
+Copyright (c) 2026 Markus Eberle
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md ADDED Viewed

@@ -0,0 +1,58 @@
+# opencode-permission-export
+OpenCode plugin that exports granted permissions as a config snippet.
+## Installation
+```bash
+npm install @gandalfix/opencode-permission-export
+```
+Add to your `opencode.json`:
+```json
+{
+  "plugin": ["@gandalfix/opencode-permission-export"]
+}
+```
+## Usage
+During an OpenCode session, the plugin tracks all permission requests. When you want to export the granted permissions:
+```
+export my permissions
+```
+or
+```
+run export-permissions
+```
+The tool outputs a JSON snippet you can copy into your `opencode.json`:
+```json
+{
+  "permission": {
+    "bash": {
+      "git status": "allow",
+      "npm run *": "allow"
+    },
+    "edit": {
+      "src/*.ts": "allow"
+    }
+  }
+}
+```
+## How It Works
+1. Hooks into `permission.ask` and `permission.replied` events
+2. Tracks which permissions were granted vs denied
+3. Generates valid OpenCode permission config syntax
+4. Only exports granted permissions (denied are noted but not included)
+## License
+MIT

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,17 @@
+import type { Plugin } from "@opencode-ai/plugin";
+interface PermissionEvent {
+    tool: string;
+    pattern: string;
+    outcome: "granted" | "denied";
+}
+declare function extractCommandGroup(pattern: string): string;
+interface GroupOptions {
+    minGroupSize?: number;
+    excludeCommands?: string[];
+}
+declare function groupPermissions(events: PermissionEvent[], options?: GroupOptions): PermissionEvent[];
+declare function generateConfig(events: PermissionEvent[]): Record<string, unknown>;
+export declare const PermissionExportPlugin: Plugin;
+export default PermissionExportPlugin;
+export { extractCommandGroup, groupPermissions, generateConfig };
+export type { PermissionEvent };

package/dist/index.js ADDED Viewed

@@ -0,0 +1,133 @@
+import { tool } from "@opencode-ai/plugin";
+class PermissionTracker {
+    events = [];
+    pendingPermissions = new Map();
+    storePermission(permission) {
+        this.pendingPermissions.set(permission.id, permission);
+    }
+    getPermission(id) {
+        return this.pendingPermissions.get(id);
+    }
+    add(event) {
+        const exists = this.events.some((e) => e.tool === event.tool && e.pattern === event.pattern && e.outcome === event.outcome);
+        if (!exists) {
+            this.events.push(event);
+        }
+    }
+    getGranted() {
+        return this.events.filter((e) => e.outcome === "granted");
+    }
+    getDenied() {
+        return this.events.filter((e) => e.outcome === "denied");
+    }
+    clear() {
+        this.events = [];
+        this.pendingPermissions.clear();
+    }
+    hasEvents() {
+        return this.events.length > 0;
+    }
+}
+const tracker = new PermissionTracker();
+function extractPattern(permission) {
+    if (permission.patterns && permission.patterns.length > 0) {
+        return permission.patterns.join(",");
+    }
+    const metadata = permission.metadata;
+    if (typeof metadata.command === "string")
+        return metadata.command;
+    if (typeof metadata.filePath === "string")
+        return metadata.filePath;
+    if (typeof metadata.path === "string")
+        return metadata.path;
+    if (typeof metadata.url === "string")
+        return metadata.url;
+    if (typeof metadata.query === "string")
+        return metadata.query;
+    return "*";
+}
+function extractCommandGroup(pattern) {
+    const firstCommand = pattern.split(",")[0]?.trim() ?? pattern;
+    const parts = firstCommand.split(/\s+/);
+    return parts[0] ?? "*";
+}
+const DEFAULT_EXCLUDE_COMMANDS = ["rm", "sudo", "curl", "wget"];
+function groupPermissions(events, options = {}) {
+    const { minGroupSize = 2, excludeCommands = DEFAULT_EXCLUDE_COMMANDS } = options;
+    const groups = new Map();
+    for (const event of events) {
+        if (event.tool !== "bash") {
+            groups.set(`${event.tool}:${event.pattern}`, event);
+            continue;
+        }
+        const commandGroup = extractCommandGroup(event.pattern);
+        if (excludeCommands.includes(commandGroup)) {
+            groups.set(`${event.tool}:${event.pattern}`, event);
+            continue;
+        }
+        const groupKey = `${event.tool}:${commandGroup}:*`;
+        if (groups.has(groupKey))
+            continue;
+        const sameGroupCount = events.filter(e => e.tool === "bash" && extractCommandGroup(e.pattern) === commandGroup).length;
+        if (sameGroupCount >= minGroupSize) {
+            groups.set(groupKey, { tool: "bash", pattern: `${commandGroup}:*`, outcome: event.outcome });
+        }
+        else {
+            groups.set(`${event.tool}:${event.pattern}`, event);
+        }
+    }
+    return Array.from(groups.values());
+}
+function generateConfig(events) {
+    const grouped = groupPermissions(events);
+    const permission = {};
+    for (const event of grouped) {
+        if (!permission[event.tool]) {
+            permission[event.tool] = {};
+        }
+        permission[event.tool][event.pattern] = "allow";
+    }
+    return { permission };
+}
+export const PermissionExportPlugin = async (ctx) => {
+    return {
+        event: async (input) => {
+            const event = input.event;
+            if (event.type === "permission.asked") {
+                const props = event.properties;
+                tracker.storePermission({ id: props.id, type: props.permission, patterns: props.patterns, metadata: props.metadata || {} });
+            }
+            if (event.type === "permission.replied") {
+                const props = event.properties;
+                const permission = tracker.getPermission(props.requestID);
+                if (permission && (props.reply === "once" || props.reply === "always")) {
+                    const tool = permission.type;
+                    const pattern = extractPattern(permission);
+                    tracker.add({ tool, pattern, outcome: "granted" });
+                }
+            }
+        },
+        tool: {
+            "export-permissions": tool({
+                description: "Export granted permissions as opencode config snippet. Paste the output into your opencode.json.",
+                args: {},
+                async execute(_args, _context) {
+                    if (!tracker.hasEvents()) {
+                        return "No permissions have been asked this session.";
+                    }
+                    const granted = tracker.getGranted();
+                    if (granted.length === 0) {
+                        const denied = tracker.getDenied();
+                        return `No permissions were granted. ${denied.length} request(s) were denied.`;
+                    }
+                    const config = generateConfig(granted);
+                    const denied = tracker.getDenied();
+                    const deniedNote = denied.length > 0 ? `\n\nNote: ${denied.length} permission(s) were denied and not included.` : "";
+                    return `Copy this into your opencode.json:\n\n${JSON.stringify(config, null, 2)}${deniedNote}`;
+                },
+            }),
+        },
+    };
+};
+export default PermissionExportPlugin;
+export { extractCommandGroup, groupPermissions, generateConfig };

package/dist/index.test.d.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export {};

package/dist/index.test.js ADDED Viewed

@@ -0,0 +1,65 @@
+import { describe, it, expect } from "vitest";
+import { extractCommandGroup, groupPermissions, generateConfig } from "./index.js";
+describe("extractCommandGroup", () => {
+    it("extracts git command group", () => {
+        expect(extractCommandGroup("git status")).toBe("git");
+        expect(extractCommandGroup("git diff abafd15..a7d1836")).toBe("git");
+    });
+    it("extracts package manager commands", () => {
+        expect(extractCommandGroup("pnpm dev")).toBe("pnpm");
+        expect(extractCommandGroup("npm test -- --run")).toBe("npm");
+    });
+    it("handles comma-separated commands", () => {
+        expect(extractCommandGroup("git status,git diff --stat")).toBe("git");
+    });
+    it("returns first word for unknown commands", () => {
+        expect(extractCommandGroup("mkdir -p dir")).toBe("mkdir");
+    });
+});
+describe("groupPermissions", () => {
+    it("groups git commands under git:*", () => {
+        const events = [
+            { tool: "bash", pattern: "git status", outcome: "granted" },
+            { tool: "bash", pattern: "git diff", outcome: "granted" },
+        ];
+        expect(groupPermissions(events)).toEqual([
+            { tool: "bash", pattern: "git:*", outcome: "granted" },
+        ]);
+    });
+    it("keeps single commands as-is", () => {
+        const events = [
+            { tool: "bash", pattern: "pnpm dev", outcome: "granted" },
+        ];
+        expect(groupPermissions(events)).toEqual(events);
+    });
+    it("preserves non-bash tools unchanged", () => {
+        const events = [
+            { tool: "edit", pattern: "file.ts", outcome: "granted" },
+        ];
+        expect(groupPermissions(events)).toEqual(events);
+    });
+});
+describe("groupPermissions threshold", () => {
+    it("respects minimum threshold", () => {
+        const events = [
+            { tool: "bash", pattern: "git status", outcome: "granted" },
+            { tool: "bash", pattern: "git diff", outcome: "granted" },
+        ];
+        expect(groupPermissions(events, { minGroupSize: 3 })).toEqual(events);
+    });
+});
+describe("generateConfig with grouping", () => {
+    it("outputs grouped permissions", () => {
+        const events = [
+            { tool: "bash", pattern: "git status", outcome: "granted" },
+            { tool: "bash", pattern: "git diff", outcome: "granted" },
+            { tool: "bash", pattern: "pnpm build", outcome: "granted" },
+            { tool: "bash", pattern: "pnpm test", outcome: "granted" },
+        ];
+        const result = generateConfig(events);
+        expect(result.permission.bash).toEqual({
+            "git:*": "allow",
+            "pnpm:*": "allow",
+        });
+    });
+});

package/package.json ADDED Viewed

@@ -0,0 +1,46 @@
+{
+  "name": "@gandalfix/opencode-permission-export",
+  "version": "1.0.0",
+  "description": "OpenCode plugin to export granted permissions as config snippet",
+  "type": "module",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "exports": {
+    ".": {
+      "import": "./dist/index.js",
+      "types": "./dist/index.d.ts"
+    }
+  },
+  "scripts": {
+    "build": "tsc",
+    "dev": "tsc --watch",
+    "test": "vitest run",
+    "prepublishOnly": "npm run build"
+  },
+  "files": [
+    "dist/",
+    "README.md",
+    "LICENSE"
+  ],
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/GandalfIX/opencode-permission-exporter.git"
+  },
+  "bugs": "https://github.com/GandalfIX/opencode-permission-exporter/issues",
+  "homepage": "https://github.com/GandalfIX/opencode-permission-exporter#readme",
+  "peerDependencies": {
+    "@opencode-ai/plugin": ">=1.0.0"
+  },
+  "devDependencies": {
+    "@opencode-ai/plugin": "latest",
+    "@types/node": "^25.5.0",
+    "typescript": "^5.0.0",
+    "vitest": "^4.1.2"
+  },
+  "keywords": [
+    "opencode",
+    "plugin",
+    "permissions"
+  ],
+  "license": "MIT"
+}