[BUG] “Always allow” TUI approvals override restrictions for all agents #9554
Description
Description
When a user chooses “Always allow” in a permission prompt, the approval is stored in a process‑wide in‑memory ruleset keyed only by permission + pattern. During evaluation, the approved rules are appended after the agent/session rules and win due to findLast, causing the approval to apply across all agents and sessions in the same OpenCode process. This overrides agent‑specific permission configurations, which is unexpected and unsafe. I believe the expected behavior is just for the specified agent to be granted that permission.
Strong suggestion
Scope “always allow” to both agent and session (not just agent). Store approvals with {agent, sessionID, permission, pattern} and only match approvals where both agent and session ID match the current request, or at least allow it as an option (Always Allow/Always Allow for this Session)
Plugins
None
OpenCode version
1.1.19
Steps to reproduce
- Configure Plan Agent with restrictive permissions (e.g., deny write), Build with ask permissions.
- Start a session with Build Agent and trigger a permission prompt for write.
- Choose “Always allow”.
- Start a session with Plan and trigger a writett.
- Observe that the permission is auto‑approved despite Plan Agent’s restrictions.
Screenshot and/or share link
No response
Operating System
Fedora and Arch
Terminal
Ghostty and Wezterm