Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

feat: add remote permission approval via plugin hook#1

Open
replee-codes[bot] wants to merge 1 commit intodev from
kevin/add-permission-system
Open

feat: add remote permission approval via plugin hook #1
replee-codes[bot] wants to merge 1 commit intodev from
kevin/add-permission-system

Conversation

@replee-codes
Copy link

@replee-codes replee-codes bot commented Jan 27, 2026

Summary

Adds a new permission.remote plugin hook that enables OpenCode to ask for permission via an external system (like a webhook), similar to how Claude Code requests permission through its plugin system.

Changes

New Plugin Hook: permission.remote

Added to packages/plugin/src/index.ts:

"permission.remote"?: (
 input: Permission,
 output: { handled: boolean; decision?: "allow" | "deny"; message?: string },
) => Promise<void>

The hook is called when a permission request would normally be shown to the user. Plugins can:

  • Return { handled: true, decision: "allow" } to immediately allow
  • Return { handled: true, decision: "deny", message?: "reason" } to deny
  • Return { handled: false } to fall through to built-in UI

Permission System Updates

Both permission systems now call the hook:

  • packages/opencode/src/permission/index.ts (legacy)
  • packages/opencode/src/permission/next.ts (current)

Example Plugin

Added packages/plugin/src/example-remote-permission.ts demonstrating:

  • Sending permission requests to an external webhook
  • Synchronous webhook responses (immediate decision)
  • Async webhook responses (202 Accepted + callback)
  • Configurable timeout with fallback behavior

Configuration (Example Plugin)

Environment variables:

  • OPENCODE_PERMISSION_WEBHOOK_URL - URL to POST permission requests to
  • OPENCODE_PERMISSION_WEBHOOK_SECRET - Bearer token for webhook auth
  • OPENCODE_PERMISSION_TIMEOUT_MS - Timeout in ms (default: 60000)
  • OPENCODE_PERMISSION_TIMEOUT_ACTION - Fallback: "deny" | "allow" | "ask" (default: "deny")

Use Cases

  1. Server mode permission approval - External systems can approve/deny AI actions
  2. Slack/Discord integration - Send permission requests to team channels
  3. Custom approval workflows - Integrate with existing approval systems
  4. Time-based policies - Auto-approve certain actions during work hours

Testing

  • Manual testing with example plugin
  • Verify fallback to built-in UI when handled: false
  • Test timeout behavior

Closes REPL-23012

 

- Add new hook to the plugin system that allows
 plugins to handle permissions asynchronously (e.g., via webhook)
- Update both Permission (legacy) and PermissionNext systems to call
 the new hook before falling through to built-in UI
- Add example plugin demonstrating webhook-based permission approval
 with configurable timeout and fallback behavior
The new hook enables:
- Sending permission requests to external webhooks
- Waiting for async approval from external systems (Slack, Discord, etc.)
- Configurable timeout with fallback to deny/allow/ask
- Integration with custom approval workflows
Closes REPL-23012
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

AltStyle によって変換されたページ (->オリジナル) /