fix: add external_directory permission to Plan+ agent

[marcusquinn]

Summary

Plan+ was prompting for permission to access ~/.aidevops/agents/ when reading the VERSION file for the greeting message.

Fix

Added 'external_directory': 'allow' to Plan+ permissions while maintaining the restricted write/edit permissions for planning files only.

Testing

After this fix, Plan+ will no longer prompt for external directory access on startup.

Summary by CodeRabbit

• New Features
  • Plan+ agent now has permission to access external directories, enabling it to perform version checks and retrieve agent documentation from external sources.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[gemini-code-assist]

Summary of Changes

Hello @marcusquinn, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request resolves an issue with the Plan+ agent that caused it to incorrectly prompt for external directory access during its startup sequence. By granting the necessary external_directory read permission, the agent can now seamlessly access required files, such as its version information, without user intervention, thereby improving its initialisation process.

Highlights

• Plan+ Agent Permissions: Added the external_directory: 'allow' permission to the Plan+ agent's configuration. This change resolves an issue where the agent would prompt for external directory access, specifically when attempting to read its VERSION file for the greeting message.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[coderabbitai]

Walkthrough

Plan+ agent configuration now grants external_directory read permission in the script generation logic, enabling access to external directories like ~/.aidevops/agents/ for version checks and agent documentation tasks, accompanied by explanatory comments.

Changes

Cohort / File(s)	Summary
Plan+ Permission Enhancement .agent/scripts/generate-opencode-agents.sh	Added external_directory: allow permission block to Plan+ agent configuration, enabling read access to external directories (e.g., ~/.aidevops/agents/) for version checks and documentation retrieval; includes contextual comment explaining the rationale.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

• feat(opencode): add path-based write permissions for Plan+ agent #112: Modifies Plan+ permission configuration in the same script—related PR adds path-based write/edit permissions while this PR adds external directory read allowance.

Poem

📁 Plan+ peers beyond the garden walls,
External directories now open their calls,
With permissions granted, precise and fine,
~/.aidevops/ secrets now align,
Version checks and docs—a harmony divine! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main change: adding external_directory permission to the Plan+ agent configuration.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[github-actions]

🔍 Code Quality Report

�[0;35m[MONITOR]�[0m Code Review Monitoring Report

�[0;34m[INFO]�[0m Latest Quality Status:
SonarCloud: 0 bugs, 0 vulnerabilities, 447 code smells

�[0;34m[INFO]�[0m Recent monitoring activity:
Sun Jan 25 14:01:44 UTC 2026: Code review monitoring started
Sun Jan 25 14:01:44 UTC 2026: SonarCloud - Bugs: 0, Vulnerabilities: 0, Code Smells: 447
Sun Jan 25 14:01:45 UTC 2026: Qlty - 0 issues found, auto-formatting applied
Sun Jan 25 14:01:47 UTC 2026: Codacy analysis completed with auto-fixes

📈 Current Quality Metrics

• BUGS: 0
• CODE SMELLS: 447
• VULNERABILITIES: 0

Generated on: Sun Jan 25 14:03:12 UTC 2026

---

Generated by AI DevOps Framework Code Review Monitoring

[augmentcode]

🤖 Augment PR Summary

Summary: Updates Plan+’s generated OpenCode agent config to allow external directory access.
Why: Prevents Plan+ from prompting on startup when reading ~/.aidevops/agents/ (e.g., VERSION) for the greeting/version check.

_{🤖 Was this summary useful? React with 👍 or 👎}

[augmentcode]

Review completed. 1 suggestions posted.

Comment augment review to trigger a new review at any time.

[augmentcode]

external_directory: "allow" removes the user prompt for any external path access, which could unintentionally let Plan+ read sensitive files in $HOME (e.g., ~/.ssh, ~/.config). Is it possible/desirable to scope external access to just ~/.aidevops/agents/ (or the specific VERSION file) to keep Plan+ as locked down as intended?

_{🤖 Was this useful? React with 👍 or 👎}

[gemini-code-assist]

Code Review

This pull request adds the external_directory permission to the Plan+ agent to allow it to read the VERSION file on startup without prompting the user. The fix is correct, but the implementation introduces a potential security risk by granting overly broad read permissions. My review includes a suggestion to scope down this permission to only the required directory, following the principle of least privilege.

[gemini-code-assist]

While this change fixes the immediate issue, granting a blanket allow for external_directory access introduces a significant security risk. This could potentially allow the agent to read any file on the user's filesystem outside of the project directory, which is contrary to the principle of least privilege.

Given the history of security hardening for the Plan+ agent (e.g., path-based write permissions in #112, permission bypass fix in v2.5.3), it would be much safer to use a more granular, path-based permission.

The suggested change restricts read access to only the ~/.aidevops/agents/ directory, which is what's required according to the PR description. This significantly reduces the potential attack surface.

Suggested change

	# Allow reading from external directories (e.g., ~/.aidevops/agents/)
	# Required for version check greeting and reading agent documentation
	"external_directory": "allow",
	# Allow reading from the aidevops agent directory for version checks and documentation.
	"external_directory": {
	"read": ["~/.aidevops/agents/"]
	},