Skip to content

feat(opencode): auto-approve safe bash commands using tree-sitter classification#20301

Open
AndresCdo wants to merge 4 commits intoanomalyco:devfrom
AndresCdo:feat/bash-auto-approval
Open

feat(opencode): auto-approve safe bash commands using tree-sitter classification#20301
AndresCdo wants to merge 4 commits intoanomalyco:devfrom
AndresCdo:feat/bash-auto-approval

Conversation

@AndresCdo
Copy link
Copy Markdown

@AndresCdo AndresCdo commented Mar 31, 2026

Issue for this PR

Closes #20298

Type of change

  • Bug fix
  • New feature
  • Refactor / code improvement
  • Documentation

What does this PR do?

Adds an auto-approval classifier for bash commands that uses the existing tree-sitter parser to identify safe, read-only commands and skip permission prompts for them.

How it works: The classify() function analyzes the parsed command AST using three tiers:

  1. Dangerous patterns override everything (pipe to shell, rm -rf /, redirect to disk device)
  2. Dangerous command blacklist — never auto-approved (rm, dd, kill, shutdown, chmod, etc.)
  3. Safe command whitelist — inherently read-only (ls, cat, grep, find, wc, head, tail, git status/log/diff, echo, pwd, etc.)

Context-aware subcommand checks for git, npm, pnpm, yarn, bun, go, and cargo to distinguish safe subcommands from destructive ones (e.g., git status is safe, git push is not).

Impact: Eliminates permission prompts for safe read-only operations, dramatically improving UX during codebase exploration and diagnostic operations.

How did you verify your code works?

  • bun typecheck passes (zero errors in changed files)
  • Conservative approach: any command not explicitly in the safe list still requires permission
  • Dangerous patterns are checked before safe command classification
  • Single file change: +263/-2 lines in tool/bash.ts
  • No API changes, no breaking changes

Screenshots / recordings

Not a UI change.

Checklist

  • I have tested my changes locally
  • I have not included unrelated changes in this PR

AndresCdo and others added 2 commits March 31, 2026 11:09
@AndresCdo
feat(opencode): auto-approve safe bash commands using tree-sitter cla…
5628c5a 
…ssification

Add a classify() function that analyzes the parsed command AST to
determine if a bash command is safe to auto-approve without prompting
the user. Uses three-tier classification:

1. Dangerous patterns override everything (pipe to shell, rm -rf /)
2. Dangerous command blacklist (rm, dd, kill, shutdown)
3. Safe command whitelist (ls, cat, grep, find, git status, etc.)

Context-aware subcommand checks for git, npm, pnpm, yarn, bun, go,
and cargo to distinguish safe subcommands from destructive ones.

Commands classified as safe skip the permission prompt entirely,
dramatically improving UX during codebase exploration and read-only
operations.

Closes anomalyco#20298
@AndresCdo
Merge branch 'dev' into feat/bash-auto-approval
e2ba893
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Mar 31, 2026

The following comment was made by an LLM, it may be inaccurate:

Based on my search, I found one potentially related PR:

PR #12684: feat: add --yolo flag for auto-approving permissions in web/serve mode
#12684

Why it's related: This PR also addresses auto-approval of permissions, though it uses a broad --yolo flag approach. PR #20301 is more sophisticated with intelligent command classification using tree-sitter to selectively auto-approve only safe, read-only commands rather than blanket approval.

These are complementary approaches rather than strict duplicates—one is a global permission flag, the other is context-aware command analysis.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[FEATURE]: Auto-approve safe bash commands using tree-sitter classification

1 participant

@AndresCdo