Complete toolkit for configuring and extending OpenCode: agent creation, custom slash commands, configuration management, plugin development, and SDK usage.
75
94%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Passed
No known issues
A developer added their project's npm run deploy:prod command to the global OpenCode allowlist at ~/.config/opencode/opencode.json because they were tired of seeing permission prompts. Now other projects on their machine are also allowed to run npm run deploy:prod without prompting.
Explain why this is a problem and show the correct way to configure this permission.
~/.config/opencode/opencode.json applies them to ALL projects on the machine, not just the intended oneopencode.json to scope it to only that projectopencode.jsonopencode.json instead of global config~/.config/opencode/opencode.json~/.config/opencode/opencode.json