Opencode permissions + agent configs

2026-01-06 08:54:17 +01:00
parent 175f971809
commit c8752086a2
7 changed files with 203 additions and 32 deletions
--- a/home/features/coding/opencode.nix
+++ b/home/features/coding/opencode.nix
@@ -1,9 +1,29 @@
-{
+{inputs, ...}: {
+  xdg.configFile = {
+    "opencode/command" = {
+      source = "${inputs.agents}/command";
+      recursive = true;
+    };
+    "opencode/context" = {
+      source = "${inputs.agents}/context";
+      recursive = true;
+    };
+    "opencode/prompts" = {
+      source = "${inputs.agents}/prompts";
+      recursive = true;
+    };
+    "opencode/skill" = {
+      source = "${inputs.agents}/skill";
+      recursive = true;
+    };
+  };
+
  programs.opencode = {
    enable = true;
    settings = {
      theme = "opencode";
      plugin = ["oh-my-opencode"];
+      agent = builtins.fromJSON (builtins.readFile "${inputs.agents}/agent/agents.json");
      formatter = {
        alejandra = {
          command = ["alejandra" "-q" "-"];
@@ -28,37 +48,138 @@
            "OPENAPI_MCP_HEADERS=$(cat /run/agenix/anytype-key) exec bunx @anyproto/anytype-mcp"
          ];
        };
+        Exa = {
+          type = "local";
+          command = [
+            "sh"
+            "-c"
+            "EXA_API_KEY=$(cat /run/agenix/exa-key) exec bunx exa-mcp-server@latest tools=web_search_exa"
+          ];
+          enabled = true;
+        };
      };
    };
  };

-  home.file.".config/opencode/oh-my-opencode.json".text = ''
-    {
-      "$schema": "https://raw.githubusercontent.com/code-yeongyu/oh-my-opencode/master/assets/oh-my-opencode.schema.json",
-      "agents": {
-        "Sisyphus": {
-          "model": "anthropic/claude-opus-4-5"
-        },
-        "librarian": {
-          "model": "anthropic/claude-sonnet-4-5"
-        },
-        "explore": {
-          "model": "opencode/big-pickle"
-        },
-        "oracle": {
-          "model": "anthropic/claude-sonnet-4-5"
-        },
-        "frontend-ui-ux-engineer": {
-          "model": "anthropic/claude-opus-4-5"
-        },
-        "document-writer": {
-          "model": "anthropic/claude-opus-4-5"
-        },
-        "multimodal-looker": {
-          "model": "anthropic/claude-opus-4-5"
-        }
-      },
-      "disabled_mcps": ["context7"]
-    }
-  '';
+  home.file.".config/opencode/oh-my-opencode.json".text = builtins.toJSON {
+    "$schema" = "https://raw.githubusercontent.com/code-yeongyu/oh-my-opencode/master/assets/oh-my-opencode.schema.json";
+    agents = {
+      Sisyphus = {
+        model = "anthropic/claude-opus-4-5";
+        permission = {
+          edit = "allow";
+          bash = {
+            "*" = "allow";
+            "rm *" = "ask";
+            "rmdir *" = "ask";
+            "mv *" = "ask";
+            "chmod *" = "ask";
+            "chown *" = "ask";
+            "git *" = "ask";
+            "git status*" = "allow";
+            "git log*" = "allow";
+            "git diff*" = "allow";
+            "git branch*" = "allow";
+            "git show*" = "allow";
+            "git stash list*" = "allow";
+            "git remote -v" = "allow";
+            "git add *" = "allow";
+            "git commit *" = "allow";
+            "jj *" = "ask";
+            "jj status" = "allow";
+            "jj log*" = "allow";
+            "jj diff*" = "allow";
+            "jj show*" = "allow";
+            "npm *" = "ask";
+            "npx *" = "ask";
+            "bun *" = "ask";
+            "bunx *" = "ask";
+            "uv *" = "ask";
+            "pip *" = "ask";
+            "pip3 *" = "ask";
+            "yarn *" = "ask";
+            "pnpm *" = "ask";
+            "cargo *" = "ask";
+            "go *" = "ask";
+            "make *" = "ask";
+            "dd *" = "deny";
+            "mkfs*" = "deny";
+            "fdisk *" = "deny";
+            "parted *" = "deny";
+            "eval *" = "deny";
+            "source *" = "deny";
+            "curl *|*sh" = "deny";
+            "wget *|*sh" = "deny";
+            "sudo *" = "deny";
+            "su *" = "deny";
+            "systemctl *" = "deny";
+            "service *" = "deny";
+            "shutdown *" = "deny";
+            "reboot*" = "deny";
+            "init *" = "deny";
+            "> /dev/*" = "deny";
+            "cat * > /dev/*" = "deny";
+          };
+          external_directory = "ask";
+          doom_loop = "ask";
+        };
+      };
+      librarian = {
+        model = "anthropic/claude-sonnet-4-5";
+        permission = {
+          edit = "deny";
+          bash = "deny";
+        };
+      };
+      explore = {
+        model = "opencode/big-pickle";
+        permission = {
+          edit = "deny";
+          bash = "deny";
+        };
+      };
+      oracle = {
+        model = "anthropic/claude-sonnet-4-5";
+        permission = {
+          edit = "deny";
+          bash = "deny";
+        };
+      };
+      frontend-ui-ux-engineer = {
+        model = "anthropic/claude-opus-4-5";
+        permission = {
+          edit = "allow";
+          bash = {
+            "*" = "ask";
+            "npm *" = "ask";
+            "npx *" = "ask";
+            "bun *" = "ask";
+            "bunx *" = "ask";
+            "rm *" = "ask";
+            "mv *" = "ask";
+            "dd *" = "deny";
+            "mkfs*" = "deny";
+            "sudo *" = "deny";
+            "curl *|*sh" = "deny";
+            "wget *|*sh" = "deny";
+          };
+        };
+      };
+      document-writer = {
+        model = "anthropic/claude-opus-4-5";
+        permission = {
+          edit = "allow";
+          bash = "deny";
+        };
+      };
+      multimodal-looker = {
+        model = "anthropic/claude-opus-4-5";
+        permission = {
+          edit = "deny";
+          bash = "deny";
+        };
+      };
+    };
+    disabled_mcps = ["context7"];
+  };
 }