harald/nixcfg
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

feat(opencode): allow agents to read external Rust crate source

Browse source 
@make, @test, @check often need to inspect dependency source (trait
definitions, impl details, test patterns) to inform implementation or
verify findings. Opencode applies a CWD check on tool access, so reads
outside the worktree previously prompted for each access.

- Add permission.read/grep/glob path allowlists for the three locations
  cargo deps live: ~/.cargo/registry/src/, ~/.cargo/git/checkouts/, and
  /nix/store/*-vendor-*/ for crane / buildRustPackage projects.
- Document the discovery pattern in each agent: `cargo metadata
  --format-version 1` returns absolute paths via packages[].manifest_path.
- Cross-reference the registry paths from the permission.bash allowlist
  comment so future readers see the bash inspection commands (rg/ls)
  intentionally accept paths outside CWD.
- @check gets its first permission block (was tools-only before).

Path-pattern syntax for read/grep/glob isn't fully documented; if
opencode rejects it, fall back to `permission: { external_directory:
allow }` at the project config level.
This commit is contained in:
Harald Hoyer 2026-05-08 13:24:30 +02:00
parent af6481a5a7
commit 3e515d54eb
3 changed files with 129 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

28
config/opencode/agents/check.md
View file

@ -6,6 +6,24 @@ tools:
write: false
edit: false
bash: false
permission:
# ── External-directory reads (registry / git deps / nix-vendored) ──
# Opencode applies a CWD check on tool access; these patterns whitelist
# the cargo dependency source trees so the Read/Grep/Glob tools don't
# prompt for each access. @check sometimes needs to verify a finding
# against a dependency's actual source (trait bounds, impl details).
read:
"~/.cargo/registry/src/**": allow
"~/.cargo/git/checkouts/**": allow
"/nix/store/*-vendor-*/**": allow
grep:
"~/.cargo/registry/src/**": allow
"~/.cargo/git/checkouts/**": allow
"/nix/store/*-vendor-*/**": allow
glob:
"~/.cargo/registry/src/**": allow
"~/.cargo/git/checkouts/**": allow
"/nix/store/*-vendor-*/**": allow
---
@ -15,6 +33,16 @@ You are a senior engineer who catches expensive mistakes before they ship. Your
**Note:** This agent reviews user-provided artifacts (diffs, specs, configs). It does not independently fetch code from repos.
**External crate source (Rust):** when verifying a finding against a dependency's actual source (trait bounds, impl details, behavior under specific inputs), you can read from these paths via Read/Grep/Glob (no permission prompt — see frontmatter):
| Source | Path pattern |
|---|---|
| Registry crates | `~/.cargo/registry/src/index.crates.io-*/<crate>-<version>/` |
| Git deps | `~/.cargo/git/checkouts/<crate>-<hash>/<branch>/` |
| Nix-vendored deps | `/nix/store/<hash>-vendor-*/<crate>-<version>/` |
The caller (`@check`'s dispatcher in the workflow) typically passes the dependency's name and version inline; you locate the path under the registry root. Use this sparingly — only when the finding's correctness genuinely depends on knowing the dep's source, not for general curiosity.
## Scope
You review: