chore(ge-urs): complete deny-by-default permissions for all agents#130
chore(ge-urs): complete deny-by-default permissions for all agents#130SorraTheOrc wants to merge 7 commits intomainfrom
Conversation
|
@forge — assigning this to you to finish ge-urs (agent permissions). Please see bd ge-urs and the delegation details in the PR description. If you'd prefer a /delegate opencode handoff, tell me and I'll re-run the delegate command. Timebox: 48h. |
|
@patch — please take ownership of completing ge-urs by updating .opencode/agent/patch.md to use the deny-by-default permissions template (see .opencode/agent/forge.md). Acceptance criteria: 1) patch.md has no wildcard "*": allow entries; dangerous bash commands set to 'ask'; 2) add/update .opencode/agent/PERMISSIONS.md with the template/rationale if missing; 3) open a PR from a feature branch and add a bd comment linking that PR listing changed files. Reply here with 'Accepted' and an ETA or state blockers. Timebox: 48h. —Build |
…deny waif in patch.md
…nd deny waif usage in patch agent; replace waif next with bd ready
…mand should change
|
Aborting per Producer request: closing PR #130 and deleting branch ge-urs/complete-agent-perms. |
1 participant
Ref: bd ge-urs. This PR updates .opencode/agent/*.md to ensure deny-by-default permissions (no wildcard allows), adds .opencode/agent/PERMISSIONS.md describing the template, and includes a small script scripts/check-agent-permissions.sh to validate agent files.\n\nRequested reviewers: @forge @rgardler