hoborg/opencode
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

feat: webfetch permission support (#1772)

Browse Source
This commit is contained in:
Aiden Cline
2025-08-10 08:00:44 -05:00
committed by GitHub
parent c478d1bdbb
commit 542186aa49
4 changed files with 29 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
packages/opencode/src/config/config.ts
View File

@@ -341,6 +341,7 @@ export namespace Config {
.object({ .object({
edit: Permission.optional(), edit: Permission.optional(),
bash: z.union([Permission, z.record(z.string(), Permission)]).optional(), bash: z.union([Permission, z.record(z.string(), Permission)]).optional(),
webfetch: Permission.optional(),
}) })
.optional(), .optional(),
experimental: z experimental: z

3
packages/opencode/src/tool/registry.ts
View File

@@ -79,6 +79,9 @@ export namespace ToolRegistry {
if (cfg?.permission?.bash === "deny") { if (cfg?.permission?.bash === "deny") {
result["bash"] = false result["bash"] = false
} }
if (cfg?.permission?.webfetch === "deny") {
result["webfetch"] = false
}
return result return result
} }

17
packages/opencode/src/tool/webfetch.ts
View File

@@ -2,6 +2,8 @@ import { z } from "zod"
import { Tool } from "./tool" import { Tool } from "./tool"
import TurndownService from "turndown" import TurndownService from "turndown"
import DESCRIPTION from "./webfetch.txt" import DESCRIPTION from "./webfetch.txt"
import { Config } from "../config/config"
import { Permission } from "../permission"
const MAX_RESPONSE_SIZE = 5 * 1024 * 1024 // 5MB const MAX_RESPONSE_SIZE = 5 * 1024 * 1024 // 5MB
const DEFAULT_TIMEOUT = 30 * 1000 // 30 seconds const DEFAULT_TIMEOUT = 30 * 1000 // 30 seconds
@@ -22,6 +24,21 @@ export const WebFetchTool = Tool.define("webfetch", {
throw new Error("URL must start with http:// or https://") throw new Error("URL must start with http:// or https://")
} }
const cfg = await Config.get()
if (cfg.permission?.webfetch === "ask")
await Permission.ask({
type: "webfetch",
sessionID: ctx.sessionID,
messageID: ctx.messageID,
callID: ctx.callID,
title: "Fetch content from: " + params.url,
metadata: {
url: params.url,
format: params.format,
timeout: params.timeout,
},
})
const timeout = Math.min((params.timeout ?? DEFAULT_TIMEOUT / 1000) * 1000, MAX_TIMEOUT) const timeout = Math.min((params.timeout ?? DEFAULT_TIMEOUT / 1000) * 1000, MAX_TIMEOUT)
const controller = new AbortController() const controller = new AbortController()

8
packages/web/src/content/docs/docs/permissions.mdx
View File

@@ -13,6 +13,14 @@ The permissions system provides granular control to restrict what actions AI age
Permissions are configured in your `opencode.json` file under the `permission` key. Here are the available options. Permissions are configured in your `opencode.json` file under the `permission` key. Here are the available options.
### Tool Permission Support
| Tool | Description |
| ---------- | ------------------------------- |
| `edit` | Control file editing operations |
| `bash` | Control bash command execution |
| `webfetch` | Control web content fetching |
--- ---
### edit ### edit