flk
This commit is contained in:
@@ -28,15 +28,94 @@ in {
|
||||
model = "anthropic/claude-opus-4-6";
|
||||
small_model = "anthropic/claude-haiku-4-5";
|
||||
theme = "rosepine";
|
||||
plugin = ["opencode-claude-auth"];
|
||||
plugin = [
|
||||
"opencode-claude-auth"
|
||||
];
|
||||
permission = {
|
||||
external_directory = {
|
||||
"*" = "allow";
|
||||
"**/.gnupg/**" = "deny";
|
||||
"**/.ssh/**" = "deny";
|
||||
"~/.config/gh/hosts.yml" = "deny";
|
||||
"~/.config/sops/age/keys.txt" = "deny";
|
||||
"~/.local/share/opencode/mcp-auth.json" = "deny";
|
||||
"/etc/ssh/ssh_host_*" = "deny";
|
||||
"/run/secrets/*" = "deny";
|
||||
};
|
||||
bash = {
|
||||
"*" = "allow";
|
||||
env = "deny";
|
||||
"env *" = "deny";
|
||||
printenv = "deny";
|
||||
"printenv *" = "deny";
|
||||
"export *" = "deny";
|
||||
"gh auth *" = "deny";
|
||||
ssh = "ask";
|
||||
"ssh *" = "ask";
|
||||
mosh = "ask";
|
||||
"mosh *" = "ask";
|
||||
"cat *.env" = "deny";
|
||||
"cat *.env.*" = "deny";
|
||||
"cat **/.env" = "deny";
|
||||
"cat **/.env.*" = "deny";
|
||||
"cat *.envrc" = "deny";
|
||||
"cat **/.envrc" = "deny";
|
||||
"cat .dev.vars" = "deny";
|
||||
"cat **/.dev.vars" = "deny";
|
||||
"cat *.pem" = "deny";
|
||||
"cat *.key" = "deny";
|
||||
"cat **/.gnupg/**" = "deny";
|
||||
"cat **/.ssh/**" = "deny";
|
||||
"cat ~/.config/gh/hosts.yml" = "deny";
|
||||
"cat ~/.config/sops/age/keys.txt" = "deny";
|
||||
"cat ~/.local/share/opencode/mcp-auth.json" = "deny";
|
||||
"cat /etc/ssh/ssh_host_*" = "deny";
|
||||
"cat /run/secrets/*" = "deny";
|
||||
};
|
||||
edit = {
|
||||
"*" = "allow";
|
||||
"**/.gnupg/**" = "deny";
|
||||
"**/.ssh/**" = "deny";
|
||||
"**/secrets/**" = "deny";
|
||||
"secrets/*" = "deny";
|
||||
"~/.config/gh/hosts.yml" = "deny";
|
||||
"~/.config/sops/age/keys.txt" = "deny";
|
||||
"~/.local/share/opencode/mcp-auth.json" = "deny";
|
||||
"/etc/ssh/ssh_host_*" = "deny";
|
||||
"/run/secrets/*" = "deny";
|
||||
};
|
||||
glob = "allow";
|
||||
grep = "allow";
|
||||
list = "allow";
|
||||
lsp = "allow";
|
||||
question = "allow";
|
||||
read = {
|
||||
"*" = "allow";
|
||||
"*.env" = "deny";
|
||||
"*.env.*" = "deny";
|
||||
"*.envrc" = "deny";
|
||||
"**/.env" = "deny";
|
||||
"**/.env.*" = "deny";
|
||||
"**/.envrc" = "deny";
|
||||
".dev.vars" = "deny";
|
||||
"**/.dev.vars" = "deny";
|
||||
"**/.gnupg/**" = "deny";
|
||||
"**/.ssh/**" = "deny";
|
||||
"*.key" = "deny";
|
||||
"*.pem" = "deny";
|
||||
"**/secrets/**" = "deny";
|
||||
"secrets/*" = "deny";
|
||||
"~/.config/gh/hosts.yml" = "deny";
|
||||
"~/.config/sops/age/keys.txt" = "deny";
|
||||
"~/.local/share/opencode/mcp-auth.json" = "deny";
|
||||
"/etc/ssh/ssh_host_*" = "deny";
|
||||
"/run/secrets/*" = "deny";
|
||||
};
|
||||
skill = "allow";
|
||||
task = "allow";
|
||||
webfetch = "allow";
|
||||
websearch = "allow";
|
||||
codesearch = "allow";
|
||||
};
|
||||
agent = {
|
||||
plan = {
|
||||
@@ -90,10 +169,6 @@ in {
|
||||
source = ./_opencode/skill;
|
||||
recursive = true;
|
||||
};
|
||||
"opencode/tool" = {
|
||||
source = ./_opencode/tool;
|
||||
recursive = true;
|
||||
};
|
||||
"opencode/plugin" = {
|
||||
source = ./_opencode/plugin;
|
||||
recursive = true;
|
||||
|
||||
Reference in New Issue
Block a user