axconfig 3.4.2 → 3.5.0

package/dist/agents/opencode-permission-builder.d.ts

@@ -0,0 +1,59 @@
+/**
+ * OpenCode permission config builder helpers.
+ *
+ * Extracted from opencode.ts to reduce cyclomatic complexity.
+ */
+import type { CanonicalTool, PermissionRule } from "../types.js";
+/** OpenCode permission values */
+export type OpenCodePermission = "allow" | "deny" | "ask";
+/** OpenCode permission config type */
+export type OpenCodePermissionConfig = Record<string, OpenCodePermission | Record<string, OpenCodePermission>>;
+/**
+ * Base permissions that override OpenCode's interactive defaults.
+ *
+ * OpenCode v1.1.1 sets these defaults that differ from other agents:
+ * - doom_loop: "ask" (interactive prompt when agent repeats same tool 3x)
+ * - external_directory: "ask" (interactive prompt for external paths)
+ *
+ * For axrun, we need consistent behavior across all agents, so we
+ * explicitly override these. The interactive "ask" actions are replaced
+ * with "allow" since axrun is headless.
+ *
+ * Trade-off for doom_loop: Setting "allow" means the agent won't be stopped
+ * when it appears stuck in a loop. In CI/CD, this relies on job timeouts to
+ * prevent runaway execution. The alternative ("deny") would abort the agent,
+ * and ("ask") would hang waiting for input. "allow" is the least disruptive
+ * for headless operation.
+ *
+ * Note: OpenCode's default "read" protection (denying .env files) is
+ * overridden dynamically by the permission builder logic, not here.
+ */
+export declare const BASE_PERMISSION_OVERRIDES: Record<string, OpenCodePermission>;
+/**
+ * Collect path patterns from permission rules, grouped by OpenCode permission name.
+ *
+ * Note: Only read/write/edit rules can have path patterns per the PathPatternRule type.
+ * The TOOL_TO_OPENCODE mapping includes glob/grep for tool-level permissions, but these
+ * will never appear here since PathRestrictedTool is limited to read/write/edit.
+ */
+export declare function collectPathPatterns(rules: PermissionRule[]): Map<string, string[]>;
+/**
+ * Collect tool names from permission rules.
+ */
+export declare function collectTools(rules: PermissionRule[]): Set<CanonicalTool>;
+/**
+ * Collect bash patterns from permission rules.
+ */
+export declare function collectBashPatterns(rules: PermissionRule[]): string[];
+/**
+ * Build bash permission config from patterns and tool permissions.
+ */
+export declare function buildBashPermission(allowPatterns: string[], denyPatterns: string[], bashAllowed: boolean, bashDenied: boolean): OpenCodePermission | Record<string, OpenCodePermission>;
+/**
+ * Build tool permission config with optional path patterns.
+ */
+export declare function buildToolPermission(canonicalName: CanonicalTool, opencodeName: string, allowedTools: Set<CanonicalTool>, deniedTools: Set<CanonicalTool>, allowPathPatterns: Map<string, string[]>, denyPathPatterns: Map<string, string[]>): OpenCodePermission | Record<string, OpenCodePermission>;
+/**
+ * Build default deny-all permission config for headless security.
+ */
+export declare function buildDenyAllConfig(): OpenCodePermissionConfig;

package/dist/agents/opencode-permission-builder.js

@@ -0,0 +1,142 @@
+/**
+ * OpenCode permission config builder helpers.
+ *
+ * Extracted from opencode.ts to reduce cyclomatic complexity.
+ */
+/**
+ * Mapping from canonical tool names to OpenCode permission names.
+ */
+const TOOL_TO_OPENCODE = {
+    read: "read",
+    edit: "edit",
+    write: "edit", // OpenCode uses single "edit" for both
+    glob: "glob",
+    grep: "grep",
+    web: "webfetch",
+    bash: "bash",
+};
+/**
+ * Base permissions that override OpenCode's interactive defaults.
+ *
+ * OpenCode v1.1.1 sets these defaults that differ from other agents:
+ * - doom_loop: "ask" (interactive prompt when agent repeats same tool 3x)
+ * - external_directory: "ask" (interactive prompt for external paths)
+ *
+ * For axrun, we need consistent behavior across all agents, so we
+ * explicitly override these. The interactive "ask" actions are replaced
+ * with "allow" since axrun is headless.
+ *
+ * Trade-off for doom_loop: Setting "allow" means the agent won't be stopped
+ * when it appears stuck in a loop. In CI/CD, this relies on job timeouts to
+ * prevent runaway execution. The alternative ("deny") would abort the agent,
+ * and ("ask") would hang waiting for input. "allow" is the least disruptive
+ * for headless operation.
+ *
+ * Note: OpenCode's default "read" protection (denying .env files) is
+ * overridden dynamically by the permission builder logic, not here.
+ */
+export const BASE_PERMISSION_OVERRIDES = {
+    doom_loop: "allow",
+    external_directory: "allow",
+};
+/**
+ * Collect path patterns from permission rules, grouped by OpenCode permission name.
+ *
+ * Note: Only read/write/edit rules can have path patterns per the PathPatternRule type.
+ * The TOOL_TO_OPENCODE mapping includes glob/grep for tool-level permissions, but these
+ * will never appear here since PathRestrictedTool is limited to read/write/edit.
+ */
+export function collectPathPatterns(rules) {
+    const patterns = new Map();
+    for (const rule of rules) {
+        if (rule.type === "path") {
+            const opencodePerm = TOOL_TO_OPENCODE[rule.tool];
+            if (opencodePerm === undefined)
+                continue;
+            const existing = patterns.get(opencodePerm) ?? [];
+            existing.push(rule.pattern);
+            patterns.set(opencodePerm, existing);
+        }
+    }
+    return patterns;
+}
+/**
+ * Collect tool names from permission rules.
+ */
+export function collectTools(rules) {
+    return new Set(rules
+        .filter((r) => r.type === "tool")
+        .map((r) => r.name));
+}
+/**
+ * Collect bash patterns from permission rules.
+ */
+export function collectBashPatterns(rules) {
+    return rules
+        .filter((r) => r.type === "bash")
+        .map((r) => r.pattern);
+}
+/**
+ * Build bash permission config from patterns and tool permissions.
+ */
+export function buildBashPermission(allowPatterns, denyPatterns, bashAllowed, bashDenied) {
+    if (bashDenied && allowPatterns.length === 0) {
+        return "deny";
+    }
+    if (allowPatterns.length > 0 || denyPatterns.length > 0) {
+        const bashConfig = {};
+        for (const pattern of allowPatterns) {
+            bashConfig[pattern] = "allow";
+        }
+        for (const pattern of denyPatterns) {
+            bashConfig[pattern] = "deny";
+        }
+        bashConfig["*"] = bashAllowed ? "allow" : "deny";
+        return bashConfig;
+    }
+    return bashAllowed ? "allow" : "deny";
+}
+/**
+ * Build tool permission config with optional path patterns.
+ */
+export function buildToolPermission(canonicalName, opencodeName, allowedTools, deniedTools, allowPathPatterns, denyPathPatterns) {
+    const hasAllowPatterns = allowPathPatterns.has(opencodeName);
+    const hasDenyPatterns = denyPathPatterns.has(opencodeName);
+    // Handle write -> edit mapping (both map to same OpenCode permission)
+    const isEditOrWrite = canonicalName === "edit" || canonicalName === "write";
+    const effectiveAllowed = isEditOrWrite
+        ? allowedTools.has("edit") || allowedTools.has("write")
+        : allowedTools.has(canonicalName);
+    const effectiveDenied = isEditOrWrite
+        ? deniedTools.has("edit") || deniedTools.has("write")
+        : deniedTools.has(canonicalName);
+    if (effectiveDenied && !hasDenyPatterns && !hasAllowPatterns) {
+        return "deny";
+    }
+    if (hasAllowPatterns || hasDenyPatterns) {
+        const patternConfig = {};
+        for (const pattern of allowPathPatterns.get(opencodeName) ?? []) {
+            patternConfig[pattern] = "allow";
+        }
+        for (const pattern of denyPathPatterns.get(opencodeName) ?? []) {
+            patternConfig[pattern] = "deny";
+        }
+        patternConfig["*"] = effectiveAllowed ? "allow" : "deny";
+        return patternConfig;
+    }
+    return effectiveAllowed ? "allow" : "deny";
+}
+/**
+ * Build default deny-all permission config for headless security.
+ */
+export function buildDenyAllConfig() {
+    return {
+        ...BASE_PERMISSION_OVERRIDES,
+        read: "deny",
+        edit: "deny",
+        glob: "deny",
+        grep: "deny",
+        bash: "deny",
+        webfetch: "deny",
+    };
+}

package/dist/agents/opencode-reader.d.ts

@@ -2,6 +2,15 @@
  * OpenCode ConfigReader.
  *
  * Reads and writes OpenCode configuration from opencode.json.
+ *
+ * Supports OpenCode v1.1.1+ permission format with:
+ * - Simple string values: "allow" | "deny" | "ask"
+ * - Object syntax with pattern matching for path/command patterns
+ *
+ * Note: The "ask" permission action is treated as "allow" when reading.
+ * This is intentional because axrun is designed for headless operation
+ * and doesn't support interactive prompts. Configs containing "ask" will
+ * be interpreted as "allow" to maintain consistent non-interactive behavior.
  */
 import type { ConfigReader } from "../types.js";
 /** OpenCode ConfigReader */

package/dist/agents/opencode-reader.js

@@ -2,6 +2,15 @@
  * OpenCode ConfigReader.
  *
  * Reads and writes OpenCode configuration from opencode.json.
+ *
+ * Supports OpenCode v1.1.1+ permission format with:
+ * - Simple string values: "allow" | "deny" | "ask"
+ * - Object syntax with pattern matching for path/command patterns
+ *
+ * Note: The "ask" permission action is treated as "allow" when reading.
+ * This is intentional because axrun is designed for headless operation
+ * and doesn't support interactive prompts. Configs containing "ask" will
+ * be interpreted as "allow" to maintain consistent non-interactive behavior.
  */
 import { mkdirSync } from "node:fs";
 import path from "node:path";
@@ -9,6 +18,17 @@ import { getAgentPathInfo } from "axshared";
 import { atomicWriteFileSync } from "../atomic-write.js";
 import { registerConfigReader } from "../reader.js";
 import { createJsonConfigOperations, readJsonConfig, } from "../read-write-json-config.js";
+/**
+ * Mapping from OpenCode permission names to canonical tool names.
+ */
+const OPENCODE_TO_TOOL = {
+    read: "read",
+    edit: ["edit", "write"], // OpenCode's "edit" maps to both canonical tools
+    glob: "glob",
+    grep: "grep",
+    webfetch: "web",
+    bash: "bash",
+};
 /**
  * Get the opencode.json path for a config directory.
  */
@@ -23,6 +43,59 @@ function readConfig(configDirectory) {
 }
 // Create shared raw config operations
 const { readRaw, writeRaw, deleteRaw } = createJsonConfigOperations(getConfigPath, "OpenCode");
+/**
+ * Check if an action should be treated as "allow".
+ * The "ask" action is treated as "allow" for reading purposes since
+ * axrun doesn't support interactive prompts.
+ */
+function isAllowAction(action) {
+    return action === "allow" || action === "ask";
+}
+/**
+ * Parse a permission value (simple or object-based) and add rules to the arrays.
+ */
+function parsePermissionValue(opencodeName, value, allowRules, denyRules) {
+    const canonicalTools = OPENCODE_TO_TOOL[opencodeName];
+    if (!canonicalTools)
+        return; // Unknown permission, skip
+    const tools = Array.isArray(canonicalTools)
+        ? canonicalTools
+        : [canonicalTools];
+    if (typeof value === "string") {
+        // Simple value: "allow", "deny", or "ask"
+        const rules = isAllowAction(value) ? allowRules : denyRules;
+        for (const tool of tools) {
+            rules.push({ type: "tool", name: tool });
+        }
+    }
+    else if (typeof value === "object") {
+        // Object with patterns
+        for (const [pattern, action] of Object.entries(value)) {
+            const rules = isAllowAction(action) ? allowRules : denyRules;
+            if (pattern === "*") {
+                // Catch-all represents tool-level permission
+                for (const tool of tools) {
+                    rules.push({ type: "tool", name: tool });
+                }
+                continue;
+            }
+            if (opencodeName === "bash") {
+                // Bash uses command patterns
+                rules.push({ type: "bash", pattern });
+            }
+            else {
+                // Only read/write/edit support path patterns in axconfig's type system.
+                // OpenCode's glob/grep patterns match against glob patterns or regexes,
+                // not file paths, so they're intentionally excluded here.
+                for (const tool of tools) {
+                    if (tool === "read" || tool === "write" || tool === "edit") {
+                        rules.push({ type: "path", tool, pattern });
+                    }
+                }
+            }
+        }
+    }
+}
 /**
  * Read permissions from OpenCode config.
  */
@@ -35,41 +108,13 @@ function readPermissions(configDirectory) {
         }
         const allowRules = [];
         const denyRules = [];
-        // Parse edit permission (covers edit, write)
-        if (permission.edit === "allow") {
-            allowRules.push({ type: "tool", name: "edit" }, { type: "tool", name: "write" });
-        }
-        else if (permission.edit === "deny") {
-            denyRules.push({ type: "tool", name: "edit" }, { type: "tool", name: "write" });
-        }
-        // Parse webfetch permission
-        if (permission.webfetch === "allow") {
-            allowRules.push({ type: "tool", name: "web" });
-        }
-        else if (permission.webfetch === "deny") {
-            denyRules.push({ type: "tool", name: "web" });
+        // Parse all known permissions
+        for (const [name, value] of Object.entries(permission)) {
+            parsePermissionValue(name, value, allowRules, denyRules);
         }
-        // Parse bash permission
-        if (typeof permission.bash === "string") {
-            if (permission.bash === "allow") {
-                allowRules.push({ type: "tool", name: "bash" });
-            }
-            else if (permission.bash === "deny") {
-                denyRules.push({ type: "tool", name: "bash" });
-            }
-        }
-        else if (typeof permission.bash === "object") {
-            // Pattern-based bash config
-            for (const [pattern, decision] of Object.entries(permission.bash)) {
-                if (pattern === "*")
-                    continue; // Skip catch-all
-                if (decision === "allow") {
-                    allowRules.push({ type: "bash", pattern });
-                }
-                else if (decision === "deny") {
-                    denyRules.push({ type: "bash", pattern });
-                }
-            }
+        // Only return config if there are actual rules
+        if (allowRules.length === 0 && denyRules.length === 0) {
+            return { ok: true, value: undefined };
         }
         const permConfig = {
             allow: allowRules,

package/dist/agents/opencode.d.ts

@@ -3,10 +3,13 @@
  *
  * Translates AxrunConfig into OpenCode's opencode.json format.
  *
- * OpenCode supports:
- * - Tool permissions via permission.{edit,bash,webfetch}
+ * OpenCode v1.1.1+ supports:
+ * - Tool permissions via permission.{read,edit,glob,grep,bash,webfetch,...}
  * - Bash patterns via permission.bash object with glob patterns
- * - Does NOT support path restrictions
+ * - Path patterns via permission.{read,edit} objects with file patterns
+ *
+ * This builder explicitly overrides OpenCode's default permission rules
+ * (like .env denial) to ensure consistent behavior across all agents.
  */
 import type { ConfigBuilder } from "../types.js";
 export { openCodeConfigReader } from "./opencode-reader.js";

package/dist/agents/opencode.js

@@ -3,139 +3,69 @@
  *
  * Translates AxrunConfig into OpenCode's opencode.json format.
  *
- * OpenCode supports:
- * - Tool permissions via permission.{edit,bash,webfetch}
+ * OpenCode v1.1.1+ supports:
+ * - Tool permissions via permission.{read,edit,glob,grep,bash,webfetch,...}
  * - Bash patterns via permission.bash object with glob patterns
- * - Does NOT support path restrictions
+ * - Path patterns via permission.{read,edit} objects with file patterns
+ *
+ * This builder explicitly overrides OpenCode's default permission rules
+ * (like .env denial) to ensure consistent behavior across all agents.
  */
 import { existsSync, mkdirSync, readFileSync } from "node:fs";
 import path from "node:path";
 import { buildAgentRuntimeEnvironment } from "axshared";
 import { atomicWriteFileSync } from "../atomic-write.js";
 import { registerConfigBuilder } from "../builder.js";
+import { BASE_PERMISSION_OVERRIDES, buildBashPermission, buildDenyAllConfig, buildToolPermission, collectBashPatterns, collectPathPatterns, collectTools, } from "./opencode-permission-builder.js";
 // Re-export reader
 export { openCodeConfigReader } from "./opencode-reader.js";
-/** OpenCode capabilities */
+/** OpenCode capabilities (v1.1.1+) */
 const CAPABILITIES = {
     toolPermissions: true,
     bashPatterns: true,
-    pathRestrictions: false, // OpenCode doesn't support path patterns
+    pathRestrictions: true, // OpenCode v1.1.1+ supports path patterns
     canDenyRead: true,
 };
+/**
+ * Build permission config from parsed permissions.
+ */
+function buildPermissionConfig(permissions) {
+    const permissionConfig = {
+        ...BASE_PERMISSION_OVERRIDES,
+    };
+    const allowedTools = collectTools(permissions.allow);
+    const deniedTools = collectTools(permissions.deny);
+    const allowPathPatterns = collectPathPatterns(permissions.allow);
+    const denyPathPatterns = collectPathPatterns(permissions.deny);
+    // Set permissions for standard tools
+    const tools = [
+        { canonical: "read", opencode: "read" },
+        { canonical: "edit", opencode: "edit" },
+        { canonical: "glob", opencode: "glob" },
+        { canonical: "grep", opencode: "grep" },
+        { canonical: "web", opencode: "webfetch" },
+    ];
+    for (const { canonical, opencode } of tools) {
+        permissionConfig[opencode] = buildToolPermission(canonical, opencode, allowedTools, deniedTools, allowPathPatterns, denyPathPatterns);
+    }
+    // Build bash permission with command patterns
+    const allowBash = collectBashPatterns(permissions.allow);
+    const denyBash = collectBashPatterns(permissions.deny);
+    permissionConfig.bash = buildBashPermission(allowBash, denyBash, allowedTools.has("bash"), deniedTools.has("bash"));
+    return permissionConfig;
+}
 /**
  * Build OpenCode configuration.
  */
 function build(config, output) {
     mkdirSync(output, { recursive: true });
     const warnings = [];
-    const errors = [];
-    const permissions = config.permissions;
-    // Check for unsupported rules
-    if (permissions) {
-        // Path restrictions not supported - warn for allow, error for deny
-        for (const rule of permissions.allow) {
-            if (rule.type === "path") {
-                warnings.push({
-                    rule,
-                    reason: "OpenCode does not support path restrictions",
-                    suggestions: [
-                        `Use "${rule.tool}" to allow all ${rule.tool} operations`,
-                        "Remove the path restriction",
-                    ],
-                });
-            }
-        }
-        for (const rule of permissions.deny) {
-            if (rule.type === "path") {
-                errors.push({
-                    rule,
-                    reason: "OpenCode does not support path restrictions",
-                    suggestions: [
-                        `Use "${rule.tool}" to deny all ${rule.tool} operations`,
-                        "Use a different agent that supports path restrictions (e.g., claude)",
-                    ],
-                });
-            }
-        }
-    }
-    // If there are errors, abort
-    if (errors.length > 0) {
-        return { ok: false, errors };
-    }
     // OpenCode config is at {configDir}/opencode.json
-    // The output directory is used directly as the config directory.
     const configPath = path.join(output, "opencode.json");
     // Build permission config
-    const permissionConfig = {};
-    if (permissions) {
-        // Collect tool permissions
-        const allowedTools = new Set(permissions.allow
-            .filter((r) => r.type === "tool")
-            .map((r) => r.name));
-        const deniedTools = new Set(permissions.deny
-            .filter((r) => r.type === "tool")
-            .map((r) => r.name));
-        // Set edit permission (covers read, write, edit)
-        if (deniedTools.has("edit") || deniedTools.has("write")) {
-            permissionConfig.edit = "deny";
-        }
-        else if (allowedTools.has("edit") || allowedTools.has("write")) {
-            permissionConfig.edit = "allow";
-        }
-        else {
-            permissionConfig.edit = "deny"; // Default deny
-        }
-        // Set webfetch permission
-        if (deniedTools.has("web")) {
-            permissionConfig.webfetch = "deny";
-        }
-        else if (allowedTools.has("web")) {
-            permissionConfig.webfetch = "allow";
-        }
-        else {
-            permissionConfig.webfetch = "deny"; // Default deny
-        }
-        // Build bash permission with patterns
-        const allowBash = permissions.allow
-            .filter((r) => r.type === "bash")
-            .map((r) => r.pattern);
-        const denyBash = permissions.deny
-            .filter((r) => r.type === "bash")
-            .map((r) => r.pattern);
-        const bashAllowed = allowedTools.has("bash");
-        const bashDenied = deniedTools.has("bash");
-        if (bashDenied) {
-            // Deny all bash
-            permissionConfig.bash = "deny";
-        }
-        else if (allowBash.length > 0 || denyBash.length > 0) {
-            // Use pattern-based config
-            const bashConfig = {};
-            // Add allow patterns
-            for (const pattern of allowBash) {
-                bashConfig[pattern] = "allow";
-            }
-            // Add deny patterns
-            for (const pattern of denyBash) {
-                bashConfig[pattern] = "deny";
-            }
-            // Default deny for unmatched patterns
-            bashConfig["*"] = "deny";
-            permissionConfig.bash = bashConfig;
-        }
-        else if (bashAllowed) {
-            permissionConfig.bash = "allow";
-        }
-        else {
-            permissionConfig.bash = "deny"; // Default deny
-        }
-    }
-    else {
-        // No permissions = deny all
-        permissionConfig.edit = "deny";
-        permissionConfig.bash = "deny";
-        permissionConfig.webfetch = "deny";
-    }
+    const permissionConfig = config.permissions
+        ? buildPermissionConfig(config.permissions)
+        : buildDenyAllConfig();
     // Read existing config to preserve non-permission settings
     let existingConfig = {};
     if (existsSync(configPath)) {

package/package.json

@@ -2,7 +2,7 @@
   "name": "axconfig",
   "author": "Łukasz Jerciński",
   "license": "MIT",
-  "version": "3.4.2",
+  "version": "3.5.0",
   "description": "Unified configuration management for AI coding agents - common API for permissions, settings, and config across Claude Code, Codex, Gemini CLI, and OpenCode",
   "repository": {
     "type": "git",
@@ -72,24 +72,18 @@
     "commander": "^14.0.2"
   },
   "devDependencies": {
-    "@eslint/compat": "^2.0.0",
-    "@eslint/js": "^9.39.2",
     "@total-typescript/ts-reset": "^0.6.1",
     "@types/iarna__toml": "^2.0.5",
     "@types/node": "^25.0.3",
     "@vitest/coverage-v8": "^4.0.16",
-    "@vitest/eslint-plugin": "^1.6.5",
     "eslint": "^9.39.2",
-    "eslint-config-prettier": "^10.1.8",
-    "eslint-plugin-unicorn": "^62.0.0",
+    "eslint-config-axpoint": "^1.0.0",
     "fta-check": "^1.5.1",
     "fta-cli": "^3.0.0",
-    "globals": "^17.0.0",
     "knip": "^5.79.0",
     "prettier": "3.7.4",
     "semantic-release": "^25.0.2",
     "typescript": "^5.9.3",
-    "typescript-eslint": "^8.51.0",
     "vitest": "^4.0.16"
   }
 }