diff --git a/packages/core/test/global.test.ts b/packages/core/test/global.test.ts
new file mode 100644
index 0000000000..4e13e88424
--- /dev/null
+++ b/packages/core/test/global.test.ts
@@ -0,0 +1,16 @@
+import { describe, expect, test } from "bun:test"
+import fs from "fs/promises"
+import os from "os"
+import path from "path"
+import { Global } from "@opencode-ai/core/global"
+
+describe("global paths", () => {
+  test("tmp path is under the system temp directory", () => {
+    expect(Global.Path.tmp).toBe(path.join(os.tmpdir(), "opencode"))
+    expect(Global.make().tmp).toBe(Global.Path.tmp)
+  })
+
+  test("tmp path is created on module load", async () => {
+    expect((await fs.stat(Global.Path.tmp)).isDirectory()).toBe(true)
+  })
+})
diff --git a/packages/opencode/test/agent/agent.test.ts b/packages/opencode/test/agent/agent.test.ts
index ec384709da..1fc118d0d8 100644
--- a/packages/opencode/test/agent/agent.test.ts
+++ b/packages/opencode/test/agent/agent.test.ts
@@ -5,6 +5,7 @@ import { provideInstance, tmpdir } from "../fixture/fixture"
 import { Instance } from "../../src/project/instance"
 import { Agent } from "../../src/agent/agent"
 import { Permission } from "../../src/permission"
+import { Global } from "@opencode-ai/core/global"
 
 // Helper to evaluate permission for a tool with wildcard pattern
 function evalPerm(agent: Agent.Info | undefined, permission: string): Permission.Action | undefined {
@@ -83,7 +84,7 @@ test("explore agent denies edit and write", async () => {
   })
 })
 
-test("explore agent asks for external directories and allows Truncate.GLOB", async () => {
+test("explore agent asks for external directories and allows whitelisted external paths", async () => {
   const { Truncate } = await import("../../src/tool/truncate")
   await using tmp = await tmpdir()
   await Instance.provide({
@@ -93,6 +94,9 @@ test("explore agent asks for external directories and allows Truncate.GLOB", asy
       expect(explore).toBeDefined()
       expect(Permission.evaluate("external_directory", "/some/other/path", explore!.permission).action).toBe("ask")
       expect(Permission.evaluate("external_directory", Truncate.GLOB, explore!.permission).action).toBe("allow")
+      expect(Permission.evaluate("external_directory", path.join(Global.Path.tmp, "agent-work"), explore!.permission).action).toBe(
+        "allow",
+      )
     },
   })
 })
@@ -515,6 +519,20 @@ test("Truncate.GLOB is allowed even when user denies external_directory globally
   })
 })
 
+test("global tmp directory children are allowed for external_directory", async () => {
+  await using tmp = await tmpdir()
+  await Instance.provide({
+    directory: tmp.path,
+    fn: async () => {
+      const build = await load(tmp.path, (svc) => svc.get("build"))
+      expect(Permission.evaluate("external_directory", path.join(Global.Path.tmp, "scratch"), build!.permission).action).toBe(
+        "allow",
+      )
+      expect(Permission.evaluate("external_directory", "/some/other/path", build!.permission).action).toBe("ask")
+    },
+  })
+})
+
 test("Truncate.GLOB is allowed even when user denies external_directory per-agent", async () => {
   const { Truncate } = await import("../../src/tool/truncate")
   await using tmp = await tmpdir({