OpenCode 中文教程

English

简体中文

English

简体中文

Appearance

v1.1.1: Permission System Overhaul

Release Date: 2026-01-04

One-line summary: Comprehensive permission system upgrade with fine-grained rule matching, tool configuration merged into permission field.

New Features

Fine-grained Permission Control

Now you can precisely control each tool's behavior with rule matching. For example:

  • npm * commands auto-allowed
  • git * commands auto-allowed
  • rm * commands auto-denied
  • Other commands ask you

How to use: Configure it like this:

json
{
  "permission": {
    "bash": {
      "npm *": "allow",
      "git *": "allow",
      "rm *": "deny",
      "*": "ask"
    }
  }
}

Benefits: No need to confirm npm install or git status every time, but dangerous commands are automatically blocked.

Tools Configuration Migrated to Permission

The old tools configuration method is deprecated, now unified under permission:

Old syntax (deprecated):

json
{
  "tools": {
    "bash": true,
    "edit": false
  }
}

New syntax:

json
{
  "permission": {
    "bash": "allow",
    "edit": "deny"
  }
}

Old configuration is still compatible and will be auto-migrated. But we recommend updating soon.

One-click Global Permission

Want to simplify configuration? One line does it all:

json
{
  "permission": "allow"
}

All operations are automatically allowed, suitable for users who trust the AI.

Bug Fixes

  • Fixed Cloudflare AI Gateway SDK call issues
  • Fixed shared session not found error during session sync
  • Fixed memory leak issues
  • less command fallback handling on Windows

Should You Upgrade?

Your SituationRecommendation
Want fine-grained control over what commands AI can execute✅ Highly recommended
Using SDK integration⚠️ Note event structure changes
Only using basic featuresOptional, not affected

Upgrade Command

bash
opencode upgrade

Technical Details

Click to view full changes

Permission System Changes

  • tools field deprecated, migrated to permission
  • Permission event changed from permission.updated to permission.asked
  • Added object syntax support for glob pattern matching

Server-side Changes

  • New endpoint: POST /permission/:requestID/reply
  • Old endpoint POST /session/:sessionID/permissions/:permissionID deprecated
  • GET /permission return type changed

Others

  • Agent maxSteps deprecated, use steps instead
  • Added Kotlin LSP integration
  • MCP resource support
  • Added Osaka Jade theme
  • Desktop image preview support

Contributors (30)

@monotykamary, @Leka74, @aryasaatvik, @alcpereira, @dbpolito, @itsrainingmani, @dmmulroy, @Hona, @OpeOginni, @albingroen, @st-eez, @edlsh, @englishm, @elithrar, @spoons-and-mirrors, @tjg184, @code-yeongyu, @shuv1337, @JBou, @jknlsn, @sin4ch, @RhysSullivan, @jerilynzheng, @benjaminshafii, @ShpetimA, @johnconnor-sec, @felipeorlando, @jerome-benoit, @paoloricciuti, @aspiers

← Back to Changelog