mirror of
https://github.com/siteboon/claudecodeui.git
synced 2026-07-07 06:02:43 +08:00
feat(opencode): support permission options
This commit is contained in:
@@ -74,7 +74,10 @@ const PROVIDER_CAPABILITIES: Record<LLMProvider, ProviderCapabilities> = {
|
|||||||
},
|
},
|
||||||
opencode: {
|
opencode: {
|
||||||
provider: 'opencode',
|
provider: 'opencode',
|
||||||
permissionModes: ['default'],
|
// Mapped by the runtime onto OpenCode's controls: `--agent plan` (plan),
|
||||||
|
// `--auto` (bypassPermissions) and the OPENCODE_PERMISSION env var
|
||||||
|
// (acceptEdits). See resolveOpenCodePermissionOptions in opencode-cli.js.
|
||||||
|
permissionModes: ['default', 'acceptEdits', 'bypassPermissions', 'plan'],
|
||||||
defaultPermissionMode: 'default',
|
defaultPermissionMode: 'default',
|
||||||
supportsImages: true,
|
supportsImages: true,
|
||||||
supportsAbort: true,
|
supportsAbort: true,
|
||||||
|
|||||||
@@ -15,6 +15,36 @@ const spawnFunction = process.platform === 'win32' ? crossSpawn : spawn;
|
|||||||
|
|
||||||
const activeOpenCodeProcesses = new Map();
|
const activeOpenCodeProcesses = new Map();
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Maps the UI permission mode onto OpenCode's non-interactive controls.
|
||||||
|
*
|
||||||
|
* OpenCode has no single "permission mode" flag; each mode uses a different
|
||||||
|
* lever of the `opencode run` CLI (verified against v1.17.13):
|
||||||
|
* - plan → the built-in read-only `plan` agent (`--agent plan`).
|
||||||
|
* - bypassPermissions → `--auto`, which auto-approves every permission that
|
||||||
|
* is not explicitly denied in the user's config.
|
||||||
|
* - acceptEdits → the OPENCODE_PERMISSION env var, whose JSON body the
|
||||||
|
* CLI merges into its permission config. Forcing
|
||||||
|
* `edit: allow` guarantees file edits go through while
|
||||||
|
* every other rule stays under the user's own config.
|
||||||
|
* - default → nothing; the user's opencode.json governs. In
|
||||||
|
* non-interactive `run` mode any `ask` rule is denied.
|
||||||
|
*
|
||||||
|
* Exported for tests only.
|
||||||
|
*/
|
||||||
|
export function resolveOpenCodePermissionOptions(permissionMode) {
|
||||||
|
switch (permissionMode) {
|
||||||
|
case 'plan':
|
||||||
|
return { args: ['--agent', 'plan'], env: {} };
|
||||||
|
case 'bypassPermissions':
|
||||||
|
return { args: ['--auto'], env: {} };
|
||||||
|
case 'acceptEdits':
|
||||||
|
return { args: [], env: { OPENCODE_PERMISSION: JSON.stringify({ edit: 'allow' }) } };
|
||||||
|
default:
|
||||||
|
return { args: [], env: {} };
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
function resolveOpenCodeEffort(model, effort, modelsDefinition) {
|
function resolveOpenCodeEffort(model, effort, modelsDefinition) {
|
||||||
const selectedModel = modelsDefinition?.OPTIONS?.find((option) => option.value === model);
|
const selectedModel = modelsDefinition?.OPTIONS?.find((option) => option.value === model);
|
||||||
const allowedEfforts = selectedModel?.effort?.values?.map((value) => value.value) || [];
|
const allowedEfforts = selectedModel?.effort?.values?.map((value) => value.value) || [];
|
||||||
@@ -93,7 +123,7 @@ function readOpenCodeTokenUsage(sessionId) {
|
|||||||
|
|
||||||
async function spawnOpenCode(command, options = {}, ws) {
|
async function spawnOpenCode(command, options = {}, ws) {
|
||||||
return new Promise((resolve, reject) => {
|
return new Promise((resolve, reject) => {
|
||||||
const { sessionId, projectPath, cwd, model, effort, sessionSummary, images } = options;
|
const { sessionId, projectPath, cwd, model, effort, sessionSummary, images, permissionMode } = options;
|
||||||
const workingDir = cwd || projectPath || process.cwd();
|
const workingDir = cwd || projectPath || process.cwd();
|
||||||
const processKey = sessionId || Date.now().toString();
|
const processKey = sessionId || Date.now().toString();
|
||||||
let capturedSessionId = sessionId || null;
|
let capturedSessionId = sessionId || null;
|
||||||
@@ -224,6 +254,8 @@ async function spawnOpenCode(command, options = {}, ws) {
|
|||||||
if (resolvedEffort) {
|
if (resolvedEffort) {
|
||||||
args.push('--variant', resolvedEffort);
|
args.push('--variant', resolvedEffort);
|
||||||
}
|
}
|
||||||
|
const permissionOptions = resolveOpenCodePermissionOptions(permissionMode);
|
||||||
|
args.push(...permissionOptions.args);
|
||||||
if (command && command.trim()) {
|
if (command && command.trim()) {
|
||||||
// Image attachments ride along as an <images_input> path list appended
|
// Image attachments ride along as an <images_input> path list appended
|
||||||
// to the prompt; the session history reader strips the tag back out.
|
// to the prompt; the session history reader strips the tag back out.
|
||||||
@@ -235,7 +267,7 @@ async function spawnOpenCode(command, options = {}, ws) {
|
|||||||
opencodeProcess = spawnFunction('opencode', args, {
|
opencodeProcess = spawnFunction('opencode', args, {
|
||||||
cwd: workingDir,
|
cwd: workingDir,
|
||||||
stdio: ['pipe', 'pipe', 'pipe'],
|
stdio: ['pipe', 'pipe', 'pipe'],
|
||||||
env: { ...process.env },
|
env: { ...process.env, ...permissionOptions.env },
|
||||||
});
|
});
|
||||||
|
|
||||||
activeOpenCodeProcesses.set(processKey, opencodeProcess);
|
activeOpenCodeProcesses.set(processKey, opencodeProcess);
|
||||||
|
|||||||
@@ -4,7 +4,7 @@ import os from 'node:os';
|
|||||||
import path from 'node:path';
|
import path from 'node:path';
|
||||||
import test from 'node:test';
|
import test from 'node:test';
|
||||||
|
|
||||||
import { spawnOpenCode } from './opencode-cli.js';
|
import { resolveOpenCodePermissionOptions, spawnOpenCode } from './opencode-cli.js';
|
||||||
|
|
||||||
const findEnvKey = (name) =>
|
const findEnvKey = (name) =>
|
||||||
Object.keys(process.env).find((key) => key.toLowerCase() === name.toLowerCase()) || name;
|
Object.keys(process.env).find((key) => key.toLowerCase() === name.toLowerCase()) || name;
|
||||||
@@ -14,7 +14,10 @@ async function createFakeOpenCodeExecutable(binDir) {
|
|||||||
await writeFile(scriptPath, `
|
await writeFile(scriptPath, `
|
||||||
const capturePath = process.env.OPENCODE_ARGS_CAPTURE;
|
const capturePath = process.env.OPENCODE_ARGS_CAPTURE;
|
||||||
if (capturePath) {
|
if (capturePath) {
|
||||||
require('node:fs').writeFileSync(capturePath, JSON.stringify(process.argv.slice(2)));
|
require('node:fs').writeFileSync(capturePath, JSON.stringify({
|
||||||
|
args: process.argv.slice(2),
|
||||||
|
permissionEnv: process.env.OPENCODE_PERMISSION ?? null,
|
||||||
|
}));
|
||||||
}
|
}
|
||||||
|
|
||||||
const events = [
|
const events = [
|
||||||
@@ -86,10 +89,116 @@ test('spawnOpenCode emits session_created before normalized live messages for ne
|
|||||||
assert.equal(complete?.sessionId, 'open-live-1');
|
assert.equal(complete?.sessionId, 'open-live-1');
|
||||||
assert.equal(messages.some((message) => message.kind === 'error'), false);
|
assert.equal(messages.some((message) => message.kind === 'error'), false);
|
||||||
|
|
||||||
const launchedArgs = JSON.parse(await readFile(argsCapturePath, 'utf8'));
|
const capture = JSON.parse(await readFile(argsCapturePath, 'utf8'));
|
||||||
|
const launchedArgs = capture.args;
|
||||||
assert.ok(Array.isArray(launchedArgs));
|
assert.ok(Array.isArray(launchedArgs));
|
||||||
assert.deepEqual(launchedArgs.slice(0, 4), ['run', '--format', 'json', '--dir']);
|
assert.deepEqual(launchedArgs.slice(0, 4), ['run', '--format', 'json', '--dir']);
|
||||||
assert.equal(launchedArgs[4], tempRoot);
|
assert.equal(launchedArgs[4], tempRoot);
|
||||||
|
// No permission mode requested → no permission flags and no env override.
|
||||||
|
assert.equal(launchedArgs.includes('--auto'), false);
|
||||||
|
assert.equal(launchedArgs.includes('--agent'), false);
|
||||||
|
assert.equal(capture.permissionEnv, null);
|
||||||
|
} finally {
|
||||||
|
if (previousPath === undefined) {
|
||||||
|
delete process.env[pathKey];
|
||||||
|
} else {
|
||||||
|
process.env[pathKey] = previousPath;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (previousPathExt === undefined) {
|
||||||
|
delete process.env[pathExtKey];
|
||||||
|
} else {
|
||||||
|
process.env[pathExtKey] = previousPathExt;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (previousArgsCapture === undefined) {
|
||||||
|
delete process.env.OPENCODE_ARGS_CAPTURE;
|
||||||
|
} else {
|
||||||
|
process.env.OPENCODE_ARGS_CAPTURE = previousArgsCapture;
|
||||||
|
}
|
||||||
|
|
||||||
|
await rm(tempRoot, { recursive: true, force: true });
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
test('resolveOpenCodePermissionOptions maps UI permission modes onto OpenCode controls', () => {
|
||||||
|
assert.deepEqual(resolveOpenCodePermissionOptions('plan'), {
|
||||||
|
args: ['--agent', 'plan'],
|
||||||
|
env: {},
|
||||||
|
});
|
||||||
|
assert.deepEqual(resolveOpenCodePermissionOptions('bypassPermissions'), {
|
||||||
|
args: ['--auto'],
|
||||||
|
env: {},
|
||||||
|
});
|
||||||
|
assert.deepEqual(resolveOpenCodePermissionOptions('acceptEdits'), {
|
||||||
|
args: [],
|
||||||
|
env: { OPENCODE_PERMISSION: '{"edit":"allow"}' },
|
||||||
|
});
|
||||||
|
// default and anything unknown leave the user's own opencode config in charge.
|
||||||
|
assert.deepEqual(resolveOpenCodePermissionOptions('default'), { args: [], env: {} });
|
||||||
|
assert.deepEqual(resolveOpenCodePermissionOptions(undefined), { args: [], env: {} });
|
||||||
|
});
|
||||||
|
|
||||||
|
test('spawnOpenCode passes permission mode flags and env to the CLI', async () => {
|
||||||
|
const tempRoot = await mkdtemp(path.join(os.tmpdir(), 'opencode-cli-perms-'));
|
||||||
|
const pathKey = findEnvKey('PATH');
|
||||||
|
const pathExtKey = findEnvKey('PATHEXT');
|
||||||
|
const previousPath = process.env[pathKey];
|
||||||
|
const previousPathExt = process.env[pathExtKey];
|
||||||
|
const previousArgsCapture = process.env.OPENCODE_ARGS_CAPTURE;
|
||||||
|
const writer = {
|
||||||
|
userId: null,
|
||||||
|
sessionId: null,
|
||||||
|
send() {},
|
||||||
|
setSessionId(sessionId) {
|
||||||
|
this.sessionId = sessionId;
|
||||||
|
},
|
||||||
|
};
|
||||||
|
|
||||||
|
try {
|
||||||
|
await createFakeOpenCodeExecutable(tempRoot);
|
||||||
|
process.env[pathKey] = `${tempRoot}${path.delimiter}${previousPath || ''}`;
|
||||||
|
if (process.platform === 'win32') {
|
||||||
|
process.env[pathExtKey] = previousPathExt?.toUpperCase().includes('.CMD')
|
||||||
|
? previousPathExt
|
||||||
|
: `.COM;.EXE;.BAT;.CMD${previousPathExt ? `;${previousPathExt}` : ''}`;
|
||||||
|
}
|
||||||
|
|
||||||
|
const scenarios = [
|
||||||
|
{
|
||||||
|
permissionMode: 'plan',
|
||||||
|
expectArgs: ['--agent', 'plan'],
|
||||||
|
expectPermissionEnv: null,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
permissionMode: 'bypassPermissions',
|
||||||
|
expectArgs: ['--auto'],
|
||||||
|
expectPermissionEnv: null,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
permissionMode: 'acceptEdits',
|
||||||
|
expectArgs: [],
|
||||||
|
expectPermissionEnv: '{"edit":"allow"}',
|
||||||
|
},
|
||||||
|
];
|
||||||
|
|
||||||
|
for (const scenario of scenarios) {
|
||||||
|
const argsCapturePath = path.join(tempRoot, `opencode-args-${scenario.permissionMode}.json`);
|
||||||
|
process.env.OPENCODE_ARGS_CAPTURE = argsCapturePath;
|
||||||
|
|
||||||
|
await spawnOpenCode('Hi', { cwd: tempRoot, permissionMode: scenario.permissionMode }, writer);
|
||||||
|
|
||||||
|
const capture = JSON.parse(await readFile(argsCapturePath, 'utf8'));
|
||||||
|
for (const expectedArg of scenario.expectArgs) {
|
||||||
|
assert.ok(
|
||||||
|
capture.args.includes(expectedArg),
|
||||||
|
`${scenario.permissionMode}: expected "${expectedArg}" in ${JSON.stringify(capture.args)}`,
|
||||||
|
);
|
||||||
|
}
|
||||||
|
// The prompt stays the last positional argument, after any permission flags.
|
||||||
|
assert.equal(capture.args[capture.args.length - 1], 'Hi');
|
||||||
|
assert.equal(capture.permissionEnv, scenario.expectPermissionEnv);
|
||||||
|
}
|
||||||
} finally {
|
} finally {
|
||||||
if (previousPath === undefined) {
|
if (previousPath === undefined) {
|
||||||
delete process.env[pathKey];
|
delete process.env[pathKey];
|
||||||
|
|||||||
@@ -1005,7 +1005,8 @@ router.post('/', validateExternalApiKey, async (req, res) => {
|
|||||||
cwd: finalProjectPath,
|
cwd: finalProjectPath,
|
||||||
sessionId: sessionId || null,
|
sessionId: sessionId || null,
|
||||||
model: model || opencodeModels.DEFAULT,
|
model: model || opencodeModels.DEFAULT,
|
||||||
effort
|
effort,
|
||||||
|
permissionMode: 'bypassPermissions' // Agent runs are non-interactive, like the other providers above
|
||||||
}, writer);
|
}, writer);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -37,7 +37,7 @@ const FALLBACK_PERMISSION_MODES: Record<LLMProvider, PermissionMode[]> = {
|
|||||||
cursor: ['default', 'acceptEdits', 'bypassPermissions', 'plan'],
|
cursor: ['default', 'acceptEdits', 'bypassPermissions', 'plan'],
|
||||||
codex: ['default', 'acceptEdits', 'bypassPermissions'],
|
codex: ['default', 'acceptEdits', 'bypassPermissions'],
|
||||||
gemini: ['default', 'acceptEdits', 'bypassPermissions', 'plan'],
|
gemini: ['default', 'acceptEdits', 'bypassPermissions', 'plan'],
|
||||||
opencode: ['default'],
|
opencode: ['default', 'acceptEdits', 'bypassPermissions', 'plan'],
|
||||||
};
|
};
|
||||||
|
|
||||||
type ProviderCapabilities = {
|
type ProviderCapabilities = {
|
||||||
|
|||||||
Reference in New Issue
Block a user