core: allow agents to access global tmp directory without permission prompts

Agents can now create temporary files in the global tmp directory without triggering external_directory permission prompts. This enables agents to freely use temporary storage for intermediate files during builds and other operations.
2026-05-08 18:40:29 +00:00 · 2026-04-30 23:57:27 -04:00 · 2026-04-30 23:57:27 -04:00 · c2609cbf04
commit c2609cbf04
parent 2115df57bf
2 changed files with 35 additions and 1 deletions
--- a/packages/core/test/global.test.ts
+++ b/packages/core/test/global.test.ts
@ -0,0 +1,16 @@
+import { describe, expect, test } from "bun:test"
+import fs from "fs/promises"
+import os from "os"
+import path from "path"
+import { Global } from "@opencode-ai/core/global"
+
+describe("global paths", () => {
+  test("tmp path is under the system temp directory", () => {
+    expect(Global.Path.tmp).toBe(path.join(os.tmpdir(), "opencode"))
+    expect(Global.make().tmp).toBe(Global.Path.tmp)
+  })
+
+  test("tmp path is created on module load", async () => {
+    expect((await fs.stat(Global.Path.tmp)).isDirectory()).toBe(true)
+  })
+})
--- a/packages/opencode/test/agent/agent.test.ts
+++ b/packages/opencode/test/agent/agent.test.ts
@ -5,6 +5,7 @@ import { provideInstance, tmpdir } from "../fixture/fixture"
 import { Instance } from "../../src/project/instance"
 import { Agent } from "../../src/agent/agent"
 import { Permission } from "../../src/permission"
+import { Global } from "@opencode-ai/core/global"

 // Helper to evaluate permission for a tool with wildcard pattern
 function evalPerm(agent: Agent.Info | undefined, permission: string): Permission.Action | undefined {
@ -83,7 +84,7 @@ test("explore agent denies edit and write", async () => {
  })
 })

-test("explore agent asks for external directories and allows Truncate.GLOB", async () => {
+test("explore agent asks for external directories and allows whitelisted external paths", async () => {
  const { Truncate } = await import("../../src/tool/truncate")
  await using tmp = await tmpdir()
  await Instance.provide({
@ -93,6 +94,9 @@ test("explore agent asks for external directories and allows Truncate.GLOB", asy
      expect(explore).toBeDefined()
      expect(Permission.evaluate("external_directory", "/some/other/path", explore!.permission).action).toBe("ask")
      expect(Permission.evaluate("external_directory", Truncate.GLOB, explore!.permission).action).toBe("allow")
+      expect(Permission.evaluate("external_directory", path.join(Global.Path.tmp, "agent-work"), explore!.permission).action).toBe(
+        "allow",
+      )
    },
  })
 })
@ -515,6 +519,20 @@ test("Truncate.GLOB is allowed even when user denies external_directory globally
  })
 })

+test("global tmp directory children are allowed for external_directory", async () => {
+  await using tmp = await tmpdir()
+  await Instance.provide({
+    directory: tmp.path,
+    fn: async () => {
+      const build = await load(tmp.path, (svc) => svc.get("build"))
+      expect(Permission.evaluate("external_directory", path.join(Global.Path.tmp, "scratch"), build!.permission).action).toBe(
+        "allow",
+      )
+      expect(Permission.evaluate("external_directory", "/some/other/path", build!.permission).action).toBe("ask")
+    },
+  })
+})
+
 test("Truncate.GLOB is allowed even when user denies external_directory per-agent", async () => {
  const { Truncate } = await import("../../src/tool/truncate")
  await using tmp = await tmpdir({