Skip to content

fix(cli): honor external directory allows in Ask mode#9838

Merged
marius-kilocode merged 2 commits intomainfrom
gossamer-servant
May 4, 2026
Merged

fix(cli): honor external directory allows in Ask mode#9838
marius-kilocode merged 2 commits intomainfrom
gossamer-servant

Conversation

@marius-kilocode
Copy link
Copy Markdown
Collaborator

@marius-kilocode marius-kilocode commented May 4, 2026

Summary

  • Honor explicit and saved external_directory approvals when Ask/Plan hard rules evaluate the external-directory boundary check.
  • Keep Ask/Plan write protections intact by only relaxing the mode-wide * deny for the external_directory permission check, while explicit external_directory denies still win.

Regression

This regressed after #9556 (fix(cli): harden ask and plan modes). That PR correctly made Ask/Plan hard-deny writes even when session or saved permissions would otherwise allow them, but the mode-wide * deny also started hard-vetoing external-directory read approvals.

The failing user flow was:

  1. Configure an external source directory as allowed, for example permission.external_directory["/tmp/kilo-external-permission-smoke/*"] = "allow".
  2. Use Ask or Plan mode to read a file under that external directory.
  3. The read could fail with The user has specified a rule which prevents you from using this specific tool call, even though the directory was explicitly approved.

Fix

The fix keeps the stricter Ask/Plan hard rules for actual tools like edit and mutating bash, but evaluates the external_directory boundary permission without the Ask/Plan mode-wide * deny. Permission-specific denies still apply, so external_directory["/path/*"] = "deny" continues to block access.

Manual Testing

Used a local fixture outside the worktree: /tmp/kilo-external-permission-smoke/legacy-service.ts.

  1. Ask mode with external_directory allow for the fixture path: read succeeded without a hard permission denial.
  2. Ask mode write attempt to the same file: Ask refused to modify files and did not write.
  3. Ask mode with explicit external_directory deny for the fixture path, after reloading the window so config was refreshed: read failed with the permission-rule denial.

Automated Testing

  • bun test test/kilocode/permission/next.always-rules.test.ts
  • bun test test/kilocode/permission/external-directory-allow.test.ts test/tool/read.test.ts test/tool/bash.test.ts test/tool/external-directory.test.ts
  • bun run typecheck from packages/opencode
  • bun run script/check-opencode-annotations.ts

@kilo-code-bot
Copy link
Copy Markdown
Contributor

kilo-code-bot Bot commented May 4, 2026
edited
Loading

Code Review Summary

Status: No Issues Found | Recommendation: Merge

Files Reviewed (4 files)
  • .changeset/silver-maps-read.md
  • packages/opencode/src/kilocode/permission/external-directory.ts
  • packages/opencode/src/permission/index.ts
  • packages/opencode/test/kilocode/permission/next.always-rules.test.ts

Reviewed by gpt-5.5-20260423 · 301,951 tokens

@marius-kilocode marius-kilocode merged commit f499257 into main May 4, 2026
17 checks passed
@marius-kilocode marius-kilocode deleted the gossamer-servant branch May 4, 2026 16:17
@marius-kilocode marius-kilocode mentioned this pull request May 4, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lambertjosh lambertjosh lambertjosh approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@marius-kilocode @lambertjosh