feat(plan+): add granular bash permissions for file discovery#123
feat(plan+): add granular bash permissions for file discovery#123marcusquinn merged 1 commit intomainfrom
Conversation
- Enable bash tool for Plan+ with granular permissions - Allow read-only commands: git ls-files/status/log/diff/branch/show, fd, rg --files - Deny all other bash commands to maintain safety - Set Plan+ as default_agent for OpenCode startup - Update plan-plus.md and AGENTS.md documentation Closes #t018 (partial - phases 3 & 4)
|
Warning Rate limit exceeded
⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. 📒 Files selected for processing (3)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Summary of ChangesHello @marcusquinn, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request enhances the Plan+ agent by introducing granular Bash permissions for read-only file discovery, significantly improving performance and user experience by eliminating the need for repeated manual approvals. Additionally, it sets Plan+ as the default agent for OpenCode, streamlining the initial setup. These changes aim to make file exploration faster and more intuitive while maintaining the agent's read-only safety profile. Highlights
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
|
🔍 Code Quality Report�[0;35m[MONITOR]�[0m Code Review Monitoring Report �[0;34m[INFO]�[0m Latest Quality Status: �[0;34m[INFO]�[0m Recent monitoring activity: 📈 Current Quality Metrics
Generated on: Sun Jan 18 18:35:58 UTC 2026 Generated by AI DevOps Framework Code Review Monitoring |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces a great enhancement by providing the Plan+ agent with granular bash permissions for read-only file discovery, which improves performance and user experience. Setting Plan+ as the default agent is also a sensible change. The implementation is well-done, particularly the security-conscious approach of an allow-list with a default-deny policy for bash commands. My review includes a few suggestions to improve documentation consistency and remove a small redundancy in the configuration script. Overall, these are excellent changes.
| **Plan+ has granular bash permissions**: Plan+ can run read-only file discovery commands directly: | ||
| - `git ls-files`, `git status`, `git log`, `git diff`, `git branch`, `git show` | ||
| - `fd -e`, `fd -g` (file finder) | ||
| - `rg --files` (ripgrep file listing) |
There was a problem hiding this comment.
The list of allowed commands is inconsistent with the implementation in generate-opencode-agents.sh. The implementation allows wildcards (e.g., git status*) and also includes fd *, fd -e *, and fd -g *. To avoid confusion, please update this documentation to accurately reflect the granted permissions. Including the * and the missing fd commands would be more accurate.
| **Plan+ has granular bash permissions**: Plan+ can run read-only file discovery commands directly: | |
| - `git ls-files`, `git status`, `git log`, `git diff`, `git branch`, `git show` | |
| - `fd -e`, `fd -g` (file finder) | |
| - `rg --files` (ripgrep file listing) | |
| **Plan+ has granular bash permissions**: Plan+ can run read-only file discovery commands directly: | |
| - `git ls-files*`, `git status*`, `git log*`, `git diff*`, `git branch*`, `git show*` | |
| - `fd *`, `fd -e *`, `fd -g *` (file finder) | |
| - `rg --files*` (ripgrep file listing) |
| | Command | Use Case | | ||
| |---------|----------| | ||
| | `git ls-files 'pattern'` | List tracked files (fastest) | | ||
| | `fd -e ext` or `fd -g 'pattern'` | Find files (respects .gitignore) | | ||
| | `rg --files -g 'pattern'` | List files matching pattern | | ||
| | `git status` | Check repo state | | ||
| | `git log` | View commit history | | ||
| | `git diff` | View changes | | ||
| | `git branch` | List/check branches | | ||
| | `git show` | View commit details | |
There was a problem hiding this comment.
The table of commands is helpful, but it's slightly inconsistent with the actual permissions being granted in generate-opencode-agents.sh. The implementation allows wildcards (e.g., git status*) and additional fd commands, which are not fully reflected here. This might be confusing for agent developers. To improve clarity and accuracy, I suggest updating the 'Command' column to include the wildcards and all allowed commands.
| | Command | Use Case | | |
| |---------|----------| | |
| | `git ls-files 'pattern'` | List tracked files (fastest) | | |
| | `fd -e ext` or `fd -g 'pattern'` | Find files (respects .gitignore) | | |
| | `rg --files -g 'pattern'` | List files matching pattern | | |
| | `git status` | Check repo state | | |
| | `git log` | View commit history | | |
| | `git diff` | View changes | | |
| | `git branch` | List/check branches | | |
| | `git show` | View commit details | | |
| | Command | Use Case | | |
| |---------|----------| | |
| | `git ls-files*` | List tracked files (fastest) | | |
| | `fd *`, `fd -e *`, `fd -g *` | Find files (respects .gitignore) | | |
| | `rg --files*` | List files matching pattern | | |
| | `git status*` | Check repo state | | |
| | `git log*` | View commit history | | |
| | `git diff*` | View changes | | |
| | `git branch*` | List/check branches | | |
| | `git show*` | View commit details | |
| "fd -e *": "allow", | ||
| "fd -g *": "allow", |
There was a problem hiding this comment.
The permission "fd *": "allow" on line 294 seems to make these two lines redundant. Assuming the matching logic checks if the command starts with the pattern (without the *), fd * would already cover commands like fd -e ... and fd -g .... To keep the configuration concise, you could remove these two lines.
🤖 Augment PR SummarySummary: This PR updates the Plan+ agent to support faster, read-only file discovery by allowing a small set of Bash commands, and makes Plan+ the default OpenCode agent on startup. Changes:
Technical Notes: Plan+ remains restricted via path-based write/edit permissions (planning files only), while Bash access is intended to be constrained to specific read-only discovery commands. 🤖 Was this summary useful? React with 👍 or 👎 |
![augmentcode[bot]](https://avatars.githubusercontent.com/in/1027498?s=60&v=4){kind=small}
| "write": True, "edit": True, "bash": False, | ||
| # Planning agent - read all, write only to planning files (via permissions) | ||
| # Bash enabled with granular permissions for read-only file discovery commands | ||
| "write": True, "edit": True, "bash": True, |
There was a problem hiding this comment.
Re-enabling bash for Plan+ is security-sensitive given Plan+’s “read-only” positioning; it’d be worth double-checking that OpenCode actually enforces the command-level permission.bash allowlist (and fails closed if the syntax is unsupported). This helps avoid a regression where bash: true effectively becomes unrestricted.
🤖 Was this useful? React with 👍 or 👎
| "git diff*": "allow", | ||
| "git branch*": "allow", | ||
| "git show*": "allow", | ||
| "fd *": "allow", |
There was a problem hiding this comment.
Allowing fd * may unintentionally permit flags like fd -x/--exec, which can run arbitrary commands and break the intended read-only guarantees. Similar risk can apply to other broadly-wildcarded allowlist entries if the underlying tool supports “execute” or “write output to file” options.
🤖 Was this useful? React with 👍 or 👎
| | `git branch` | List/check branches | | ||
| | `git show` | View commit details | | ||
|
|
||
| **All other bash commands are denied** - Plan+ cannot modify files via bash. |
There was a problem hiding this comment.
This statement assumes the granular permission.bash allowlist is reliably enforced; note .agent/tools/opencode/opencode.md currently documents that bash: true can write/modify files. Consider aligning that doc (or clarifying here) so readers don’t get conflicting guidance.
🤖 Was this useful? React with 👍 or 👎
1 participant
Summary
Changes
Granular Bash Permissions for Plan+
Plan+ can now run these read-only commands directly (no more asking for one-time access):
git ls-files*git status*git log*git diff*git branch*git show*fd */fd -e */fd -g *rg --files*All other bash commands remain denied - Plan+ cannot modify files via bash.
Default Agent
default_agent: "Plan+"in OpenCode configWhy
git ls-filesandfdare 10x faster thanmcp_globRelated