feat: add workspace multi-directory support #2921
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Introduces workspace-based multi-directory access control: - Workspace module manages allowed directories allowlist - Always includes cwd and worktree as defaults - Supports additional directories via opencode.json config - PathValidation module unifies workspace + permission checks - Adds workspace.directories field to config schema
Adds three new endpoints: - GET /workspace/directories - List allowed workspace directories - POST /workspace/directories - Add directory to workspace - DELETE /workspace/directories - Remove directory from workspace All endpoints use Workspace module for directory management and return structured WorkspaceInfo responses.
Implements `opencode workspace` command with subcommands: - add <directory> - Add directory to workspace - remove <directory> - Remove from workspace - list - Show all allowed directories - clear - Reset to defaults only Supports both absolute and relative paths (relative to worktree).
Updates all file operation tools to use PathValidation.validate(): - Read tool: Fixed to use Instance.directory instead of process.cwd() - Write, Edit, Patch tools: Replace Filesystem.contains with validation - Bash tool: Validates file operation commands (cd, rm, cp, mv, etc.) Path validation now checks workspace allowlist first, then requests permission for paths outside workspace. Provides unified security model.
Implements /add-dir slash command in TUI: - Command registry with "add-dir" trigger - Editor special handling for directory argument input - Message passing via AddWorkspaceDir type - Handler ready with SDK placeholder NOTE: Requires SDK regeneration to enable actual API calls. Currently shows error message prompting SDK regeneration.
kmk142789
approved these changes
Oct 12, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Implements workspace-based multi-directory access control, allowing opencode to work with files across multiple directories.
Changes
Core Module
Workspacemodule manages directory allowlist with defaults (cwd, worktree) + configurable directoriesPathValidationmodule unifies workspace checks with permission systemworkspace.directoriesfieldAPI & CLI
GET/POST/DELETE /workspace/directoriesopencode workspace add|remove|list|clear/add-dircommand (requires SDK regeneration)Security
Instance.directoryinstead ofprocess.cwd()Usage
# CLI opencode workspace add ../related-project opencode workspace listBreaking Changes
File operations outside workspace now require explicit permission approval.
Notes
TUI
/add-dircommand requires SDK regeneration to function (placeholder implemented).