fix: auto-allow all opencode permissions in sandbox

gluonfield · claude · gluonfield · commit 07c77d363cb3 · 2026-04-10T15:35:17.000-07:00
Sets "permission": "allow" in opencode.json so every permission check
resolves to allow via the findLast rule in permission/evaluate.ts.

Without this, OpenCode's permission system blocks on Deferred.await
with no timeout whenever a tool hits an "ask" rule (e.g., read tool
triggering external_directory on paths outside the worktree, or on
task subagent sessions that upstream code can't approve).

Since the sandbox is an isolated gVisor environment running trusted
agent code, fine-grained permissions add no security value — they
only create deadlock opportunities.

Co-Authored-By: Claude Opus 4.6 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/entrypoint.sh b/entrypoint.sh
@@ -9,6 +9,7 @@ export OPENCODE_DB=/data/opencode/opencode.db
 
 cat > /home/sandbox/.config/opencode/opencode.json <<EOF
 {
+  "permission": "allow",
   "provider": {
     "openrouter": {
       "npm": "@ai-sdk/openai",

Original file line number	Diff line number	Diff line change
`@@ -9,6 +9,7 @@ export OPENCODE_DB=/data/opencode/opencode.db`
`9`	`9`
`10`	`10`	`cat > /home/sandbox/.config/opencode/opencode.json <<EOF`
`11`	`11`	`{`
	`12`	`+ "permission": "allow",`
`12`	`13`	`"provider": {`
`13`	`14`	`"openrouter": {`
`14`	`15`	`"npm": "@ai-sdk/openai",`