Skip to content

fix: avoid truncate permission import cycle#18292

Merged
thdxr merged 3 commits intoanomalyco:devfrom
Hona:fix/truncate-effect-cycle
Mar 20, 2026
Merged

fix: avoid truncate permission import cycle#18292
thdxr merged 3 commits intoanomalyco:devfrom
Hona:fix/truncate-effect-cycle

Conversation

@Hona
Copy link
Member

@Hona Hona commented Mar 19, 2026

Summary

  • move permission rule evaluation into a leaf helper so truncate-effect can check task access without importing the runtime-backed permission module
  • update truncation to use the shared helper, breaking the circular dependency that crashed todo updates and other truncate calls
  • add a fresh-process regression test so the suite fails if the truncate, permission, and runtime modules form a cycle again

Testing

  • bun test test/tool/truncation.test.ts
  • bun typecheck

Hona added 3 commits March 20, 2026 07:50
@Hona
fix: avoid permission cycle in truncate effect
81b3672 
Move permission rule evaluation into a leaf helper so truncate effect can check task access without importing the runtime-backed permission module.
@Hona
test: cover truncate circular import regression
d35bac1 
Run truncation through a fresh Bun process so the suite fails if the truncate, permission, and runtime modules form a cycle again.
@Hona
test: exercise truncate cycle in fresh process
712c1f9 
Load the real truncate-effect module in a fresh Bun process so the regression fails when the permission/runtime circular dependency is reintroduced.
@Hona Hona marked this pull request as ready for review March 19, 2026 22:12
Copilot AI review requested due to automatic review settings March 19, 2026 22:12
Copilot AI reviewed Mar 19, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR breaks a circular dependency between truncation and the runtime-backed permission module by extracting permission rule evaluation into a leaf helper and updating truncation to use it, plus adding a regression test that ensures the module graph remains loadable in a fresh process.

Changes:

  • Extracted permission rule matching into permission/evaluate.ts and delegated PermissionNext.evaluate() to it.
  • Updated truncate-effect to use the leaf evaluate() helper instead of importing the permission runtime module.
  • Added a fresh-process test to catch future import-cycle regressions.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.

File Description
packages/opencode/test/tool/truncation.test.ts Adds a regression test that loads truncate-effect in a fresh process to detect circular imports.
packages/opencode/src/tool/truncate-effect.ts Switches task-permission checks to use the leaf evaluate() helper, avoiding the permission module import cycle.
packages/opencode/src/permission/index.ts Delegates PermissionNext.evaluate() implementation to the extracted leaf helper while preserving logging.
packages/opencode/src/permission/evaluate.ts Introduces a leaf helper implementing the wildcard rule evaluation logic.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

packages/opencode/src/permission/index.ts
(rule) => Wildcard.match(permission, rule.permission) && Wildcard.match(pattern, rule.pattern),
)
return match ?? { action: "ask", permission, pattern: "*" }
log.info("evaluate", { permission, pattern, ruleset: rulesets.flat() })
Copy link

Copilot AI Mar 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PermissionNext.evaluate() now flattens rulesets for logging and then evalRule() flattens again internally. This adds avoidable work on every permission check. Consider flattening once and passing the flattened list into the helper (e.g., change the helper to accept a single rules array), or move the logging/flattening into the helper so it only happens once.

Suggested change
log.info("evaluate", { permission, pattern, ruleset: rulesets.flat() })
log.info("evaluate", { permission, pattern, rulesets })

Copilot uses AI. Check for mistakes.
@thdxr thdxr added the beta label Mar 20, 2026
@thdxr thdxr enabled auto-merge (squash) March 20, 2026 03:51
@thdxr thdxr disabled auto-merge March 20, 2026 03:51
@thdxr thdxr merged commit 7866dbc into anomalyco:dev Mar 20, 2026
11 of 13 checks passed
demostanis pushed a commit to demostanis/opencode that referenced this pull request Mar 20, 2026
@Hona @demostanis
fix: avoid truncate permission import cycle (anomalyco#18292)
2e6c31d
@e6qu e6qu mentioned this pull request Mar 21, 2026
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

beta

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Hona @thdxr