mirrors/opencode
1
0
Fork 0
mirror of https://github.com/sst/opencode.git synced 2025-12-23 10:11:41 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge branch 'dev' into opentui

Browse source
This commit is contained in:
Dax Raad 2025-10-09 04:24:11 -04:00
commit 8d818c7d50
27 changed files with 2484 additions and 308 deletions
Download patch file Download diff file Expand all files Collapse all files

1
STATS.md
View file

@ -102,3 +102,4 @@
| 2025-10-05 | 455,559 (+2,998) | 374,745 (+4,359) | 830,304 (+7,357) |
| 2025-10-06 | 460,927 (+5,368) | 379,489 (+4,744) | 840,416 (+10,112) |
| 2025-10-07 | 467,336 (+6,409) | 385,438 (+5,949) | 852,774 (+12,358) |
| 2025-10-08 | 474,643 (+7,307) | 394,139 (+8,701) | 868,782 (+16,008) |

1
packages/console/app/src/context/auth.ts
View file

@ -74,6 +74,7 @@ export const getActor = async (workspace?: string): Promise<Actor.Info> => {
userID: user.id,
workspaceID: user.workspaceID,
accountID: user.accountID,
role: user.role,
},
}
}

6
packages/console/app/src/routes/workspace/[id].tsx
View file

@ -8,6 +8,7 @@ import { KeySection } from "./key-section"
import { MemberSection } from "./member-section"
import { SettingsSection } from "./settings-section"
import { ModelSection } from "./model-section"
import { ProviderSection } from "./provider-section"
import { Show } from "solid-js"
import { createAsync, query, useParams } from "@solidjs/router"
import { Actor } from "@opencode-ai/console-core/actor.js"
@ -47,11 +48,14 @@ export default function () {
<div data-slot="sections">
<NewUserSection />
<KeySection />
<Show when={isBeta()}>
<MemberSection />
</Show>
<Show when={userInfo()?.isAdmin}>
<Show when={isBeta()}>
<SettingsSection />
<MemberSection />
<ModelSection />
<ProviderSection />
</Show>
<BillingSection />
<MonthlyLimitSection />

45
packages/console/app/src/routes/workspace/key-section.tsx
View file

@ -108,11 +108,6 @@ export function KeySection() {
const params = useParams()
const keys = createAsync(() => listKeys(params.id))
function formatKey(key: string) {
if (key.length <= 11) return key
return `${key.slice(0, 7)}...${key.slice(-4)}`
}
return (
<section class={styles.root}>
<div data-slot="section-title">
@ -134,7 +129,8 @@ export function KeySection() {
<tr>
<th>Name</th>
<th>Key</th>
<th>Created</th>
<th>Created By</th>
<th>Last Used</th>
<th></th>
</tr>
</thead>
@ -147,24 +143,27 @@ export function KeySection() {
<tr>
<td data-slot="key-name">{key.name}</td>
<td data-slot="key-value">
<button
data-color="ghost"
disabled={copied()}
onClick={async () => {
await navigator.clipboard.writeText(key.key)
setCopied(true)
setTimeout(() => setCopied(false), 1000)
}}
title="Copy API key"
>
<span>{formatKey(key.key)}</span>
<Show when={copied()} fallback={<IconCopy style={{ width: "14px", height: "14px" }} />}>
<IconCheck style={{ width: "14px", height: "14px" }} />
</Show>
</button>
<Show when={key.key} fallback={<span>{key.keyDisplay}</span>}>
<button
data-color="ghost"
disabled={copied()}
onClick={async () => {
await navigator.clipboard.writeText(key.key!)
setCopied(true)
setTimeout(() => setCopied(false), 1000)
}}
title="Copy API key"
>
<span>{key.keyDisplay}</span>
<Show when={copied()} fallback={<IconCopy style={{ width: "14px", height: "14px" }} />}>
<IconCheck style={{ width: "14px", height: "14px" }} />
</Show>
</button>
</Show>
</td>
<td data-slot="key-date" title={formatDateUTC(key.timeCreated)}>
{formatDateForTable(key.timeCreated)}
<td data-slot="key-user-email">{key.email}</td>
<td data-slot="key-last-used" title={key.timeUsed ? formatDateUTC(key.timeUsed) : undefined}>
{key.timeUsed ? formatDateForTable(key.timeUsed) : "-"}
</td>
<td data-slot="key-actions">
<form action={removeKey} method="post">

88
packages/console/app/src/routes/workspace/member-section.tsx
View file

@ -10,10 +10,10 @@ import { User } from "@opencode-ai/console-core/user.js"
const listMembers = query(async (workspaceID: string) => {
"use server"
return withActor(async () => {
const actor = Actor.assert("user")
return {
members: await User.list(),
currentUserID: actor.properties.userID,
actorID: Actor.userID(),
actorRole: Actor.userRole(),
}
}, workspaceID)
}, "member.list")
@ -158,10 +158,11 @@ export function MemberCreateForm() {
)
}
function MemberRow(props: { member: any; workspaceID: string; currentUserID: string | null }) {
function MemberRow(props: { member: any; workspaceID: string; actorID: string; actorRole: string }) {
const [editing, setEditing] = createSignal(false)
const submission = useSubmission(updateMember)
const isCurrentUser = () => props.currentUserID === props.member.id
const isCurrentUser = () => props.actorID === props.member.id
const isAdmin = () => props.actorRole === "admin"
createEffect(() => {
if (!submission.pending && submission.result && !submission.result.error) {
@ -200,19 +201,19 @@ function MemberRow(props: { member: any; workspaceID: string; currentUserID: str
<td data-slot="member-email">{props.member.accountEmail ?? props.member.email}</td>
<td data-slot="member-role">{props.member.role}</td>
<td data-slot="member-usage">{getUsageDisplay()}</td>
<Show when={!props.member.timeSeen} fallback={<td data-slot="member-joined"></td>}>
<td data-slot="member-joined">invited</td>
</Show>
<td data-slot="member-joined">{props.member.timeSeen ? "" : "invited"}</td>
<td data-slot="member-actions">
<button data-color="ghost" onClick={() => setEditing(true)}>
Edit
</button>
<Show when={!isCurrentUser()}>
<form action={removeMember} method="post">
<input type="hidden" name="id" value={props.member.id} />
<input type="hidden" name="workspaceID" value={props.workspaceID} />
<button data-color="ghost">Delete</button>
</form>
<Show when={isAdmin()}>
<button data-color="ghost" onClick={() => setEditing(true)}>
Edit
</button>
<Show when={!isCurrentUser()}>
<form action={removeMember} method="post">
<input type="hidden" name="id" value={props.member.id} />
<input type="hidden" name="workspaceID" value={props.workspaceID} />
<button data-color="ghost">Delete</button>
</form>
</Show>
</Show>
</td>
</tr>
@ -293,37 +294,34 @@ export function MemberSection() {
<section class={styles.root}>
<div data-slot="section-title">
<h2>Members</h2>
<p>Manage your members for accessing opencode services.</p>
</div>
<MemberCreateForm />
<Show when={data()?.actorRole === "admin"}>
<MemberCreateForm />
</Show>
<div data-slot="members-table">
<Show
when={data()?.members.length}
fallback={
<div data-component="empty-state">
<p>Invite a member to your workspace</p>
</div>
}
>
<table data-slot="members-table-element">
<thead>
<tr>
<th>Email</th>
<th>Role</th>
<th>Usage</th>
<th></th>
<th></th>
</tr>
</thead>
<tbody>
<For each={data()!.members}>
{(member) => (
<MemberRow member={member} workspaceID={params.id} currentUserID={data()!.currentUserID} />
)}
</For>
</tbody>
</table>
</Show>
<table data-slot="members-table-element">
<thead>
<tr>
<th>Email</th>
<th>Role</th>
<th>Usage</th>
<th></th>
<th></th>
</tr>
</thead>
<tbody>
<For each={data()?.members || []}>
{(member) => (
<MemberRow
member={member}
workspaceID={params.id}
actorID={data()!.actorID}
actorRole={data()!.actorRole}
/>
)}
</For>
</tbody>
</table>
</div>
</section>
)

107
packages/console/app/src/routes/workspace/provider-section.module.css Normal file
View file

@ -0,0 +1,107 @@
.root {
[data-slot="providers-table"] {
overflow-x: auto;
}
[data-slot="providers-table-element"] {
width: 100%;
border-collapse: collapse;
font-size: var(--font-size-sm);
thead {
border-bottom: 1px solid var(--color-border);
}
th {
padding: var(--space-3) var(--space-4);
text-align: left;
font-weight: normal;
color: var(--color-text-muted);
text-transform: uppercase;
}
td {
padding: var(--space-3) var(--space-4);
border-bottom: 1px solid var(--color-border-muted);
color: var(--color-text-muted);
font-family: var(--font-mono);
&[data-slot="provider-name"] {
color: var(--color-text);
font-family: var(--font-mono);
font-weight: 500;
}
&[data-slot="provider-status"] {
text-align: left;
color: var(--color-text);
}
&[data-slot="provider-toggle"] {
text-align: left;
font-family: var(--font-sans);
[data-slot="edit-form"] {
display: flex;
flex-direction: column;
gap: var(--space-3);
[data-slot="input-wrapper"] {
display: flex;
flex-direction: column;
gap: var(--space-1);
input {
padding: var(--space-2) var(--space-3);
border: 1px solid var(--color-border);
border-radius: var(--border-radius-sm);
background-color: var(--color-bg);
color: var(--color-text);
font-size: var(--font-size-sm);
font-family: var(--font-mono);
&:focus {
outline: none;
border-color: var(--color-accent);
}
&::placeholder {
color: var(--color-text-disabled);
}
}
[data-slot="form-error"] {
color: var(--color-danger);
font-size: var(--font-size-sm);
line-height: 1.4;
}
}
[data-slot="form-actions"] {
display: flex;
gap: var(--space-2);
}
}
}
}
tbody tr {
&[data-enabled="false"] {
opacity: 0.6;
}
&:last-child td {
border-bottom: none;
}
}
@media (max-width: 40rem) {
th,
td {
padding: var(--space-2) var(--space-3);
font-size: var(--font-size-xs);
}
}
}
}

163
packages/console/app/src/routes/workspace/provider-section.tsx Normal file
View file

@ -0,0 +1,163 @@
import { json, query, action, useParams, createAsync, useSubmission } from "@solidjs/router"
import { createEffect, For, Show } from "solid-js"
import { Provider } from "@opencode-ai/console-core/provider.js"
import { withActor } from "~/context/auth.withActor"
import { createStore } from "solid-js/store"
import styles from "./provider-section.module.css"
const PROVIDERS = [
{ name: "OpenAI", key: "openai", prefix: "sk-" },
{ name: "Anthropic", key: "anthropic", prefix: "sk-ant-" },
] as const
type Provider = (typeof PROVIDERS)[number]
const removeProvider = action(async (form: FormData) => {
"use server"
const provider = form.get("provider")?.toString()
if (!provider) return { error: "Provider is required" }
const workspaceID = form.get("workspaceID")?.toString()
if (!workspaceID) return { error: "Workspace ID is required" }
return json(await withActor(() => Provider.remove({ provider }), workspaceID), { revalidate: listProviders.key })
}, "provider.remove")
const saveProvider = action(async (form: FormData) => {
"use server"
const provider = form.get("provider")?.toString()
const credentials = form.get("credentials")?.toString()
if (!provider) return { error: "Provider is required" }
if (!credentials) return { error: "API key is required" }
const workspaceID = form.get("workspaceID")?.toString()
if (!workspaceID) return { error: "Workspace ID is required" }
return json(
await withActor(
() =>
Provider.create({ provider, credentials })
.then(() => ({ error: undefined }))
.catch((e) => ({ error: e.message as string })),
workspaceID,
),
{ revalidate: listProviders.key },
)
}, "provider.save")
const listProviders = query(async (workspaceID: string) => {
"use server"
return withActor(() => Provider.list(), workspaceID)
}, "provider.list")
function ProviderRow(props: { provider: Provider }) {
const params = useParams()
const providers = createAsync(() => listProviders(params.id))
const saveSubmission = useSubmission(saveProvider, ([fd]) => fd.get("provider")?.toString() === props.provider.key)
const removeSubmission = useSubmission(
removeProvider,
([fd]) => fd.get("provider")?.toString() === props.provider.key,
)
const [store, setStore] = createStore({ editing: false })
let input: HTMLInputElement
const isEnabled = () => providers()?.some((p) => p.provider === props.provider.key)
createEffect(() => {
if (!saveSubmission.pending && saveSubmission.result && !saveSubmission.result.error) {
hide()
}
})
function show() {
while (true) {
saveSubmission.clear()
if (!saveSubmission.result) break
}
setStore("editing", true)
setTimeout(() => input?.focus(), 0)
}
function hide() {
setStore("editing", false)
}
return (
<tr data-slot="provider-row" data-enabled={isEnabled()}>
<td data-slot="provider-name">{props.provider.name}</td>
<td data-slot="provider-status">{isEnabled() ? "Configured" : "Not Configured"}</td>
<td data-slot="provider-toggle">
<Show
when={store.editing}
fallback={
<Show
when={isEnabled()}
fallback={
<button data-color="ghost" onClick={() => show()}>
Configure
</button>
}
>
<form action={removeProvider} method="post">
<input type="hidden" name="provider" value={props.provider.key} />
<input type="hidden" name="workspaceID" value={params.id} />
<button data-color="ghost" type="submit" disabled={removeSubmission.pending}>
Disable
</button>
</form>
</Show>
}
>
<form action={saveProvider} method="post" data-slot="edit-form">
<div data-slot="input-wrapper">
<input
ref={(r) => (input = r)}
name="credentials"
type="text"
placeholder={`Enter ${props.provider.name} API key (${props.provider.prefix}...)`}
autocomplete="off"
data-form-type="other"
data-lpignore="true"
/>
<Show when={saveSubmission.result && saveSubmission.result.error}>
{(err) => <div data-slot="form-error">{err()}</div>}
</Show>
</div>
<input type="hidden" name="provider" value={props.provider.key} />
<input type="hidden" name="workspaceID" value={params.id} />
<div data-slot="form-actions">
<button type="reset" data-color="ghost" onClick={() => hide()}>
Cancel
</button>
<button type="submit" data-color="ghost" disabled={saveSubmission.pending}>
{saveSubmission.pending ? "Saving..." : "Save"}
</button>
</div>
</form>
</Show>
</td>
</tr>
)
}
export function ProviderSection() {
return (
<section class={styles.root}>
<div data-slot="section-title">
<h2>Bring Your Own Key</h2>
<p>Configure your own API keys from AI providers.</p>
</div>
<div data-slot="providers-table">
<table data-slot="providers-table-element">
<thead>
<tr>
<th>Provider</th>
<th>Status</th>
<th>Action</th>
</tr>
</thead>
<tbody>
<For each={PROVIDERS}>{(provider) => <ProviderRow provider={provider} />}</For>
</tbody>
</table>
</div>
</section>
)
}

31
packages/console/app/src/routes/zen/handler.ts
View file

@ -13,6 +13,7 @@ import { WorkspaceTable } from "@opencode-ai/console-core/schema/workspace.sql.j
import { ZenModel } from "@opencode-ai/console-core/model.js"
import { UserTable } from "@opencode-ai/console-core/schema/user.sql.js"
import { ModelTable } from "@opencode-ai/console-core/schema/model.sql.js"
import { ProviderTable } from "@opencode-ai/console-core/schema/provider.sql.js"
export async function handler(
input: APIEvent,
@ -67,9 +68,10 @@ export async function handler(
})
const modelInfo = validateModel(body.model)
const providerInfo = selectProvider(modelInfo)
const authInfo = await authenticate(modelInfo)
const authInfo = await authenticate(modelInfo, providerInfo)
validateBilling(modelInfo, authInfo)
validateModelSettings(authInfo)
updateProviderKey(authInfo, providerInfo)
logger.metric({ provider: providerInfo.id })
// Request to model provider
@ -232,7 +234,10 @@ export async function handler(
return providers[Math.floor(Math.random() * providers.length)]
}
async function authenticate(model: Awaited<ReturnType<typeof validateModel>>) {
async function authenticate(
model: Awaited<ReturnType<typeof validateModel>>,
providerInfo: Awaited<ReturnType<typeof selectProvider>>,
) {
const apiKey = opts.parseApiKey(input.request.headers)
if (!apiKey) {
if (model.allowAnonymous) return
@ -257,6 +262,9 @@ export async function handler(
monthlyUsage: UserTable.monthlyUsage,
timeMonthlyUsageUpdated: UserTable.timeMonthlyUsageUpdated,
},
provider: {
credentials: ProviderTable.credentials,
},
timeDisabled: ModelTable.timeCreated,
})
.from(KeyTable)
@ -264,6 +272,10 @@ export async function handler(
.innerJoin(BillingTable, eq(BillingTable.workspaceID, KeyTable.workspaceID))
.innerJoin(UserTable, and(eq(UserTable.workspaceID, KeyTable.workspaceID), eq(UserTable.id, KeyTable.userID)))
.leftJoin(ModelTable, and(eq(ModelTable.workspaceID, KeyTable.workspaceID), eq(ModelTable.model, model.id)))
.leftJoin(
ProviderTable,
and(eq(ProviderTable.workspaceID, KeyTable.workspaceID), eq(ProviderTable.provider, providerInfo.id)),
)
.where(and(eq(KeyTable.key, apiKey), isNull(KeyTable.timeDeleted)))
.then((rows) => rows[0]),
)
@ -279,6 +291,7 @@ export async function handler(
workspaceID: data.workspaceID,
billing: data.billing,
user: data.user,
provider: data.provider,
isFree: FREE_WORKSPACES.includes(data.workspaceID),
isDisabled: !!data.timeDisabled,
}
@ -327,6 +340,15 @@ export async function handler(
if (authInfo.isDisabled) throw new ModelError("Model is disabled")
}
function updateProviderKey(
authInfo: Awaited<ReturnType<typeof authenticate>>,
providerInfo: Awaited<ReturnType<typeof selectProvider>>,
) {
if (!authInfo) return
if (!authInfo.provider?.credentials) return
providerInfo.apiKey = authInfo.provider.credentials
}
async function trackUsage(
authInfo: Awaited<ReturnType<typeof authenticate>>,
modelInfo: ReturnType<typeof validateModel>,
@ -389,7 +411,7 @@ export async function handler(
if (!authInfo) return
const cost = authInfo.isFree ? 0 : centsToMicroCents(totalCostInCent)
const cost = authInfo.isFree || authInfo.provider?.credentials ? 0 : centsToMicroCents(totalCostInCent)
await Database.transaction(async (tx) => {
await tx.insert(UsageTable).values({
workspaceID: authInfo.workspaceID,
@ -403,6 +425,7 @@ export async function handler(
cacheWrite5mTokens,
cacheWrite1hTokens,
cost,
keyID: authInfo.apiKeyId,
})
await tx
.update(BillingTable)
@ -441,6 +464,8 @@ export async function handler(
async function reload(authInfo: Awaited<ReturnType<typeof authenticate>>) {
if (!authInfo) return
if (authInfo.isFree) return
if (authInfo.provider?.credentials) return
const lock = await Database.use((tx) =>
tx

11
packages/console/core/migrations/0031_outgoing_outlaw_kid.sql Normal file
View file

@ -0,0 +1,11 @@
CREATE TABLE `provider` (
`id` varchar(30) NOT NULL,
`workspace_id` varchar(30) NOT NULL,
`time_created` timestamp(3) NOT NULL DEFAULT (now()),
`time_updated` timestamp(3) NOT NULL DEFAULT CURRENT_TIMESTAMP(3) ON UPDATE CURRENT_TIMESTAMP(3),
`time_deleted` timestamp(3),
`provider` varchar(64) NOT NULL,
`credentials` text NOT NULL,
CONSTRAINT `provider_workspace_id_id_pk` PRIMARY KEY(`workspace_id`,`id`),
CONSTRAINT `workspace_provider` UNIQUE(`workspace_id`,`provider`)
);

1
packages/console/core/migrations/0032_white_doctor_doom.sql Normal file
View file

@ -0,0 +1 @@
ALTER TABLE `usage` ADD `key_id` varchar(30);

879
packages/console/core/migrations/meta/0031_snapshot.json Normal file
View file

@ -0,0 +1,879 @@
{
"version": "5",
"dialect": "mysql",
"id": "9dceb591-8e08-4991-a49c-1f1741ec1e57",
"prevId": "eae45fcf-dc0f-4756-bc5d-30791f2965a2",
"tables": {
"account": {
"name": "account",
"columns": {
"id": {
"name": "id",
"type": "varchar(30)",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"time_created": {
"name": "time_created",
"type": "timestamp(3)",
"primaryKey": false,
"notNull": true,
"autoincrement": false,
"default": "(now())"
},
"time_updated": {
"name": "time_updated",
"type": "timestamp(3)",
"primaryKey": false,
"notNull": true,
"autoincrement": false,
"default": "CURRENT_TIMESTAMP(3) ON UPDATE CURRENT_TIMESTAMP(3)"
},
"time_deleted": {
"name": "time_deleted",
"type": "timestamp(3)",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"email": {
"name": "email",
"type": "varchar(255)",
"primaryKey": false,
"notNull": true,
"autoincrement": false
}
},
"indexes": {
"email": {
"name": "email",
"columns": [
"email"
],
"isUnique": true
}
},
"foreignKeys": {},
"compositePrimaryKeys": {},
"uniqueConstraints": {},
"checkConstraint": {}
},
"billing": {
"name": "billing",
"columns": {
"id": {
"name": "id",
"type": "varchar(30)",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"workspace_id": {
"name": "workspace_id",
"type": "varchar(30)",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"time_created": {
"name": "time_created",
"type": "timestamp(3)",
"primaryKey": false,
"notNull": true,
"autoincrement": false,
"default": "(now())"
},
"time_updated": {
"name": "time_updated",
"type": "timestamp(3)",
"primaryKey": false,
"notNull": true,
"autoincrement": false,
"default": "CURRENT_TIMESTAMP(3) ON UPDATE CURRENT_TIMESTAMP(3)"
},
"time_deleted": {
"name": "time_deleted",
"type": "timestamp(3)",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"customer_id": {
"name": "customer_id",
"type": "varchar(255)",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"payment_method_id": {
"name": "payment_method_id",
"type": "varchar(255)",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"payment_method_last4": {
"name": "payment_method_last4",
"type": "varchar(4)",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"balance": {
"name": "balance",
"type": "bigint",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"monthly_limit": {
"name": "monthly_limit",
"type": "int",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"monthly_usage": {
"name": "monthly_usage",
"type": "bigint",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"time_monthly_usage_updated": {
"name": "time_monthly_usage_updated",
"type": "timestamp(3)",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"reload": {
"name": "reload",
"type": "boolean",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"reload_error": {
"name": "reload_error",
"type": "varchar(255)",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"time_reload_error": {
"name": "time_reload_error",
"type": "timestamp(3)",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"time_reload_locked_till": {
"name": "time_reload_locked_till",
"type": "timestamp(3)",
"primaryKey": false,
"notNull": false,
"autoincrement": false
}
},
"indexes": {
"global_customer_id": {
"name": "global_customer_id",
"columns": [
"customer_id"
],
"isUnique": true
}
},
"foreignKeys": {},
"compositePrimaryKeys": {
"billing_workspace_id_id_pk": {
"name": "billing_workspace_id_id_pk",
"columns": [
"workspace_id",
"id"
]
}
},
"uniqueConstraints": {},
"checkConstraint": {}
},
"payment": {
"name": "payment",
"columns": {
"id": {
"name": "id",
"type": "varchar(30)",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"workspace_id": {
"name": "workspace_id",
"type": "varchar(30)",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"time_created": {
"name": "time_created",
"type": "timestamp(3)",
"primaryKey": false,
"notNull": true,
"autoincrement": false,
"default": "(now())"
},
"time_updated": {
"name": "time_updated",
"type": "timestamp(3)",
"primaryKey": false,
"notNull": true,
"autoincrement": false,
"default": "CURRENT_TIMESTAMP(3) ON UPDATE CURRENT_TIMESTAMP(3)"
},
"time_deleted": {
"name": "time_deleted",
"type": "timestamp(3)",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"customer_id": {
"name": "customer_id",
"type": "varchar(255)",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"invoice_id": {
"name": "invoice_id",
"type": "varchar(255)",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"payment_id": {
"name": "payment_id",
"type": "varchar(255)",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"amount": {
"name": "amount",
"type": "bigint",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"time_refunded": {
"name": "time_refunded",
"type": "timestamp(3)",
"primaryKey": false,
"notNull": false,
"autoincrement": false
}
},
"indexes": {},
"foreignKeys": {},
"compositePrimaryKeys": {
"payment_workspace_id_id_pk": {
"name": "payment_workspace_id_id_pk",
"columns": [
"workspace_id",
"id"
]
}
},
"uniqueConstraints": {},
"checkConstraint": {}
},
"usage": {
"name": "usage",
"columns": {
"id": {
"name": "id",
"type": "varchar(30)",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"workspace_id": {
"name": "workspace_id",
"type": "varchar(30)",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"time_created": {
"name": "time_created",
"type": "timestamp(3)",
"primaryKey": false,
"notNull": true,
"autoincrement": false,
"default": "(now())"
},
"time_updated": {
"name": "time_updated",
"type": "timestamp(3)",
"primaryKey": false,
"notNull": true,
"autoincrement": false,
"default": "CURRENT_TIMESTAMP(3) ON UPDATE CURRENT_TIMESTAMP(3)"
},
"time_deleted": {
"name": "time_deleted",
"type": "timestamp(3)",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"model": {
"name": "model",
"type": "varchar(255)",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"provider": {
"name": "provider",
"type": "varchar(255)",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"input_tokens": {
"name": "input_tokens",
"type": "int",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"output_tokens": {
"name": "output_tokens",
"type": "int",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"reasoning_tokens": {
"name": "reasoning_tokens",
"type": "int",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"cache_read_tokens": {
"name": "cache_read_tokens",
"type": "int",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"cache_write_5m_tokens": {
"name": "cache_write_5m_tokens",
"type": "int",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"cache_write_1h_tokens": {
"name": "cache_write_1h_tokens",
"type": "int",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"cost": {
"name": "cost",
"type": "bigint",
"primaryKey": false,
"notNull": true,
"autoincrement": false
}
},
"indexes": {},
"foreignKeys": {},
"compositePrimaryKeys": {
"usage_workspace_id_id_pk": {
"name": "usage_workspace_id_id_pk",
"columns": [
"workspace_id",
"id"
]
}
},
"uniqueConstraints": {},
"checkConstraint": {}
},
"key": {
"name": "key",
"columns": {
"id": {
"name": "id",
"type": "varchar(30)",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"workspace_id": {
"name": "workspace_id",
"type": "varchar(30)",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"time_created": {
"name": "time_created",
"type": "timestamp(3)",
"primaryKey": false,
"notNull": true,
"autoincrement": false,
"default": "(now())"
},
"time_updated": {
"name": "time_updated",
"type": "timestamp(3)",
"primaryKey": false,
"notNull": true,
"autoincrement": false,
"default": "CURRENT_TIMESTAMP(3) ON UPDATE CURRENT_TIMESTAMP(3)"
},
"time_deleted": {
"name": "time_deleted",
"type": "timestamp(3)",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"name": {
"name": "name",
"type": "varchar(255)",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"key": {
"name": "key",
"type": "varchar(255)",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"user_id": {
"name": "user_id",
"type": "varchar(30)",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"time_used": {
"name": "time_used",
"type": "timestamp(3)",
"primaryKey": false,
"notNull": false,
"autoincrement": false
}
},
"indexes": {
"global_key": {
"name": "global_key",
"columns": [
"key"
],
"isUnique": true
}
},
"foreignKeys": {},
"compositePrimaryKeys": {
"key_workspace_id_id_pk": {
"name": "key_workspace_id_id_pk",
"columns": [
"workspace_id",
"id"
]
}
},
"uniqueConstraints": {},
"checkConstraint": {}
},
"model": {
"name": "model",
"columns": {
"id": {
"name": "id",
"type": "varchar(30)",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"workspace_id": {
"name": "workspace_id",
"type": "varchar(30)",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"time_created": {
"name": "time_created",
"type": "timestamp(3)",
"primaryKey": false,
"notNull": true,
"autoincrement": false,
"default": "(now())"
},
"time_updated": {
"name": "time_updated",
"type": "timestamp(3)",
"primaryKey": false,
"notNull": true,
"autoincrement": false,
"default": "CURRENT_TIMESTAMP(3) ON UPDATE CURRENT_TIMESTAMP(3)"
},
"time_deleted": {
"name": "time_deleted",
"type": "timestamp(3)",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"model": {
"name": "model",
"type": "varchar(64)",
"primaryKey": false,
"notNull": true,
"autoincrement": false
}
},
"indexes": {
"model_workspace_model": {
"name": "model_workspace_model",
"columns": [
"workspace_id",
"model"
],
"isUnique": true
}
},
"foreignKeys": {},
"compositePrimaryKeys": {
"model_workspace_id_id_pk": {
"name": "model_workspace_id_id_pk",
"columns": [
"workspace_id",
"id"
]
}
},
"uniqueConstraints": {},
"checkConstraint": {}
},
"provider": {
"name": "provider",
"columns": {
"id": {
"name": "id",
"type": "varchar(30)",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"workspace_id": {
"name": "workspace_id",
"type": "varchar(30)",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"time_created": {
"name": "time_created",
"type": "timestamp(3)",
"primaryKey": false,
"notNull": true,
"autoincrement": false,
"default": "(now())"
},
"time_updated": {
"name": "time_updated",
"type": "timestamp(3)",
"primaryKey": false,
"notNull": true,
"autoincrement": false,
"default": "CURRENT_TIMESTAMP(3) ON UPDATE CURRENT_TIMESTAMP(3)"
},
"time_deleted": {
"name": "time_deleted",
"type": "timestamp(3)",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"provider": {
"name": "provider",
"type": "varchar(64)",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"credentials": {
"name": "credentials",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
}
},
"indexes": {
"workspace_provider": {
"name": "workspace_provider",
"columns": [
"workspace_id",
"provider"
],
"isUnique": true
}
},
"foreignKeys": {},
"compositePrimaryKeys": {
"provider_workspace_id_id_pk": {
"name": "provider_workspace_id_id_pk",
"columns": [
"workspace_id",
"id"
]
}
},
"uniqueConstraints": {},
"checkConstraint": {}
},
"user": {
"name": "user",
"columns": {
"id": {
"name": "id",
"type": "varchar(30)",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"workspace_id": {
"name": "workspace_id",
"type": "varchar(30)",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"time_created": {
"name": "time_created",
"type": "timestamp(3)",
"primaryKey": false,
"notNull": true,
"autoincrement": false,
"default": "(now())"
},
"time_updated": {
"name": "time_updated",
"type": "timestamp(3)",
"primaryKey": false,
"notNull": true,
"autoincrement": false,
"default": "CURRENT_TIMESTAMP(3) ON UPDATE CURRENT_TIMESTAMP(3)"
},
"time_deleted": {
"name": "time_deleted",
"type": "timestamp(3)",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"account_id": {
"name": "account_id",
"type": "varchar(30)",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"email": {
"name": "email",
"type": "varchar(255)",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"name": {
"name": "name",
"type": "varchar(255)",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"time_seen": {
"name": "time_seen",
"type": "timestamp(3)",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"color": {
"name": "color",
"type": "int",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"role": {
"name": "role",
"type": "enum('admin','member')",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"monthly_limit": {
"name": "monthly_limit",
"type": "int",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"monthly_usage": {
"name": "monthly_usage",
"type": "bigint",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"time_monthly_usage_updated": {
"name": "time_monthly_usage_updated",
"type": "timestamp(3)",
"primaryKey": false,
"notNull": false,
"autoincrement": false
}
},
"indexes": {
"user_account_id": {
"name": "user_account_id",
"columns": [
"workspace_id",
"account_id"
],
"isUnique": true
},
"user_email": {
"name": "user_email",
"columns": [
"workspace_id",
"email"
],
"isUnique": true
},
"global_account_id": {
"name": "global_account_id",
"columns": [
"account_id"
],
"isUnique": false
},
"global_email": {
"name": "global_email",
"columns": [
"email"
],
"isUnique": false
}
},
"foreignKeys": {},
"compositePrimaryKeys": {
"user_workspace_id_id_pk": {
"name": "user_workspace_id_id_pk",
"columns": [
"workspace_id",
"id"
]
}
},
"uniqueConstraints": {},
"checkConstraint": {}
},
"workspace": {
"name": "workspace",
"columns": {
"id": {
"name": "id",
"type": "varchar(30)",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"slug": {
"name": "slug",
"type": "varchar(255)",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"name": {
"name": "name",
"type": "varchar(255)",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"time_created": {
"name": "time_created",
"type": "timestamp(3)",
"primaryKey": false,
"notNull": true,
"autoincrement": false,
"default": "(now())"
},
"time_updated": {
"name": "time_updated",
"type": "timestamp(3)",
"primaryKey": false,
"notNull": true,
"autoincrement": false,
"default": "CURRENT_TIMESTAMP(3) ON UPDATE CURRENT_TIMESTAMP(3)"
},
"time_deleted": {
"name": "time_deleted",
"type": "timestamp(3)",
"primaryKey": false,
"notNull": false,
"autoincrement": false
}
},
"indexes": {
"slug": {
"name": "slug",
"columns": [
"slug"
],
"isUnique": true
}
},
"foreignKeys": {},
"compositePrimaryKeys": {
"workspace_id": {
"name": "workspace_id",
"columns": [
"id"
]
}
},
"uniqueConstraints": {},
"checkConstraint": {}
}
},
"views": {},
"_meta": {
"schemas": {},
"tables": {},
"columns": {}
},
"internal": {
"tables": {},
"indexes": {}
}
}

886
packages/console/core/migrations/meta/0032_snapshot.json Normal file
View file

@ -0,0 +1,886 @@
{
"version": "5",
"dialect": "mysql",
"id": "b2406421-f22d-4153-a2a4-6deafe70ee54",
"prevId": "9dceb591-8e08-4991-a49c-1f1741ec1e57",
"tables": {
"account": {
"name": "account",
"columns": {
"id": {
"name": "id",
"type": "varchar(30)",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"time_created": {
"name": "time_created",
"type": "timestamp(3)",
"primaryKey": false,
"notNull": true,
"autoincrement": false,
"default": "(now())"
},
"time_updated": {
"name": "time_updated",
"type": "timestamp(3)",
"primaryKey": false,
"notNull": true,
"autoincrement": false,
"default": "CURRENT_TIMESTAMP(3) ON UPDATE CURRENT_TIMESTAMP(3)"
},
"time_deleted": {
"name": "time_deleted",
"type": "timestamp(3)",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"email": {
"name": "email",
"type": "varchar(255)",
"primaryKey": false,
"notNull": true,
"autoincrement": false
}
},
"indexes": {
"email": {
"name": "email",
"columns": [
"email"
],
"isUnique": true
}
},
"foreignKeys": {},
"compositePrimaryKeys": {},
"uniqueConstraints": {},
"checkConstraint": {}
},
"billing": {
"name": "billing",
"columns": {
"id": {
"name": "id",
"type": "varchar(30)",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"workspace_id": {
"name": "workspace_id",
"type": "varchar(30)",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"time_created": {
"name": "time_created",
"type": "timestamp(3)",
"primaryKey": false,
"notNull": true,
"autoincrement": false,
"default": "(now())"
},
"time_updated": {
"name": "time_updated",
"type": "timestamp(3)",
"primaryKey": false,
"notNull": true,
"autoincrement": false,
"default": "CURRENT_TIMESTAMP(3) ON UPDATE CURRENT_TIMESTAMP(3)"
},
"time_deleted": {
"name": "time_deleted",
"type": "timestamp(3)",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"customer_id": {
"name": "customer_id",
"type": "varchar(255)",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"payment_method_id": {
"name": "payment_method_id",
"type": "varchar(255)",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"payment_method_last4": {
"name": "payment_method_last4",
"type": "varchar(4)",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"balance": {
"name": "balance",
"type": "bigint",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"monthly_limit": {
"name": "monthly_limit",
"type": "int",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"monthly_usage": {
"name": "monthly_usage",
"type": "bigint",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"time_monthly_usage_updated": {
"name": "time_monthly_usage_updated",
"type": "timestamp(3)",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"reload": {
"name": "reload",
"type": "boolean",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"reload_error": {
"name": "reload_error",
"type": "varchar(255)",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"time_reload_error": {
"name": "time_reload_error",
"type": "timestamp(3)",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"time_reload_locked_till": {
"name": "time_reload_locked_till",
"type": "timestamp(3)",
"primaryKey": false,
"notNull": false,
"autoincrement": false
}
},
"indexes": {
"global_customer_id": {
"name": "global_customer_id",
"columns": [
"customer_id"
],
"isUnique": true
}
},
"foreignKeys": {},
"compositePrimaryKeys": {
"billing_workspace_id_id_pk": {
"name": "billing_workspace_id_id_pk",
"columns": [
"workspace_id",
"id"
]
}
},
"uniqueConstraints": {},
"checkConstraint": {}
},
"payment": {
"name": "payment",
"columns": {
"id": {
"name": "id",
"type": "varchar(30)",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"workspace_id": {
"name": "workspace_id",
"type": "varchar(30)",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"time_created": {
"name": "time_created",
"type": "timestamp(3)",
"primaryKey": false,
"notNull": true,
"autoincrement": false,
"default": "(now())"
},
"time_updated": {
"name": "time_updated",
"type": "timestamp(3)",
"primaryKey": false,
"notNull": true,
"autoincrement": false,
"default": "CURRENT_TIMESTAMP(3) ON UPDATE CURRENT_TIMESTAMP(3)"
},
"time_deleted": {
"name": "time_deleted",
"type": "timestamp(3)",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"customer_id": {
"name": "customer_id",
"type": "varchar(255)",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"invoice_id": {
"name": "invoice_id",
"type": "varchar(255)",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"payment_id": {
"name": "payment_id",
"type": "varchar(255)",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"amount": {
"name": "amount",
"type": "bigint",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"time_refunded": {
"name": "time_refunded",
"type": "timestamp(3)",
"primaryKey": false,
"notNull": false,
"autoincrement": false
}
},
"indexes": {},
"foreignKeys": {},
"compositePrimaryKeys": {
"payment_workspace_id_id_pk": {
"name": "payment_workspace_id_id_pk",
"columns": [
"workspace_id",
"id"
]
}
},
"uniqueConstraints": {},
"checkConstraint": {}
},
"usage": {
"name": "usage",
"columns": {
"id": {
"name": "id",
"type": "varchar(30)",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"workspace_id": {
"name": "workspace_id",
"type": "varchar(30)",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"time_created": {
"name": "time_created",
"type": "timestamp(3)",
"primaryKey": false,
"notNull": true,
"autoincrement": false,
"default": "(now())"
},
"time_updated": {
"name": "time_updated",
"type": "timestamp(3)",
"primaryKey": false,
"notNull": true,
"autoincrement": false,
"default": "CURRENT_TIMESTAMP(3) ON UPDATE CURRENT_TIMESTAMP(3)"
},
"time_deleted": {
"name": "time_deleted",
"type": "timestamp(3)",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"model": {
"name": "model",
"type": "varchar(255)",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"provider": {
"name": "provider",
"type": "varchar(255)",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"input_tokens": {
"name": "input_tokens",
"type": "int",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"output_tokens": {
"name": "output_tokens",
"type": "int",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"reasoning_tokens": {
"name": "reasoning_tokens",
"type": "int",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"cache_read_tokens": {
"name": "cache_read_tokens",
"type": "int",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"cache_write_5m_tokens": {
"name": "cache_write_5m_tokens",
"type": "int",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"cache_write_1h_tokens": {
"name": "cache_write_1h_tokens",
"type": "int",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"cost": {
"name": "cost",
"type": "bigint",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"key_id": {
"name": "key_id",
"type": "varchar(30)",
"primaryKey": false,
"notNull": false,
"autoincrement": false
}
},
"indexes": {},
"foreignKeys": {},
"compositePrimaryKeys": {
"usage_workspace_id_id_pk": {
"name": "usage_workspace_id_id_pk",
"columns": [
"workspace_id",
"id"
]
}
},
"uniqueConstraints": {},
"checkConstraint": {}
},
"key": {
"name": "key",
"columns": {
"id": {
"name": "id",
"type": "varchar(30)",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"workspace_id": {
"name": "workspace_id",
"type": "varchar(30)",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"time_created": {
"name": "time_created",
"type": "timestamp(3)",
"primaryKey": false,
"notNull": true,
"autoincrement": false,
"default": "(now())"
},
"time_updated": {
"name": "time_updated",
"type": "timestamp(3)",
"primaryKey": false,
"notNull": true,
"autoincrement": false,
"default": "CURRENT_TIMESTAMP(3) ON UPDATE CURRENT_TIMESTAMP(3)"
},
"time_deleted": {
"name": "time_deleted",
"type": "timestamp(3)",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"name": {
"name": "name",
"type": "varchar(255)",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"key": {
"name": "key",
"type": "varchar(255)",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"user_id": {
"name": "user_id",
"type": "varchar(30)",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"time_used": {
"name": "time_used",
"type": "timestamp(3)",
"primaryKey": false,
"notNull": false,
"autoincrement": false
}
},
"indexes": {
"global_key": {
"name": "global_key",
"columns": [
"key"
],
"isUnique": true
}
},
"foreignKeys": {},
"compositePrimaryKeys": {
"key_workspace_id_id_pk": {
"name": "key_workspace_id_id_pk",
"columns": [
"workspace_id",
"id"
]
}
},
"uniqueConstraints": {},
"checkConstraint": {}
},
"model": {
"name": "model",
"columns": {
"id": {
"name": "id",
"type": "varchar(30)",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"workspace_id": {
"name": "workspace_id",
"type": "varchar(30)",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"time_created": {
"name": "time_created",
"type": "timestamp(3)",
"primaryKey": false,
"notNull": true,
"autoincrement": false,
"default": "(now())"
},
"time_updated": {
"name": "time_updated",
"type": "timestamp(3)",
"primaryKey": false,
"notNull": true,
"autoincrement": false,
"default": "CURRENT_TIMESTAMP(3) ON UPDATE CURRENT_TIMESTAMP(3)"
},
"time_deleted": {
"name": "time_deleted",
"type": "timestamp(3)",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"model": {
"name": "model",
"type": "varchar(64)",
"primaryKey": false,
"notNull": true,
"autoincrement": false
}
},
"indexes": {
"model_workspace_model": {
"name": "model_workspace_model",
"columns": [
"workspace_id",
"model"
],
"isUnique": true
}
},
"foreignKeys": {},
"compositePrimaryKeys": {
"model_workspace_id_id_pk": {
"name": "model_workspace_id_id_pk",
"columns": [
"workspace_id",
"id"
]
}
},
"uniqueConstraints": {},
"checkConstraint": {}
},
"provider": {
"name": "provider",
"columns": {
"id": {
"name": "id",
"type": "varchar(30)",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"workspace_id": {
"name": "workspace_id",
"type": "varchar(30)",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"time_created": {
"name": "time_created",
"type": "timestamp(3)",
"primaryKey": false,
"notNull": true,
"autoincrement": false,
"default": "(now())"
},
"time_updated": {
"name": "time_updated",
"type": "timestamp(3)",
"primaryKey": false,
"notNull": true,
"autoincrement": false,
"default": "CURRENT_TIMESTAMP(3) ON UPDATE CURRENT_TIMESTAMP(3)"
},
"time_deleted": {
"name": "time_deleted",
"type": "timestamp(3)",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"provider": {
"name": "provider",
"type": "varchar(64)",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"credentials": {
"name": "credentials",
"type": "text",
"primaryKey": false,
"notNull": true,
"autoincrement": false
}
},
"indexes": {
"workspace_provider": {
"name": "workspace_provider",
"columns": [
"workspace_id",
"provider"
],
"isUnique": true
}
},
"foreignKeys": {},
"compositePrimaryKeys": {
"provider_workspace_id_id_pk": {
"name": "provider_workspace_id_id_pk",
"columns": [
"workspace_id",
"id"
]
}
},
"uniqueConstraints": {},
"checkConstraint": {}
},
"user": {
"name": "user",
"columns": {
"id": {
"name": "id",
"type": "varchar(30)",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"workspace_id": {
"name": "workspace_id",
"type": "varchar(30)",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"time_created": {
"name": "time_created",
"type": "timestamp(3)",
"primaryKey": false,
"notNull": true,
"autoincrement": false,
"default": "(now())"
},
"time_updated": {
"name": "time_updated",
"type": "timestamp(3)",
"primaryKey": false,
"notNull": true,
"autoincrement": false,
"default": "CURRENT_TIMESTAMP(3) ON UPDATE CURRENT_TIMESTAMP(3)"
},
"time_deleted": {
"name": "time_deleted",
"type": "timestamp(3)",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"account_id": {
"name": "account_id",
"type": "varchar(30)",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"email": {
"name": "email",
"type": "varchar(255)",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"name": {
"name": "name",
"type": "varchar(255)",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"time_seen": {
"name": "time_seen",
"type": "timestamp(3)",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"color": {
"name": "color",
"type": "int",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"role": {
"name": "role",
"type": "enum('admin','member')",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"monthly_limit": {
"name": "monthly_limit",
"type": "int",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"monthly_usage": {
"name": "monthly_usage",
"type": "bigint",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"time_monthly_usage_updated": {
"name": "time_monthly_usage_updated",
"type": "timestamp(3)",
"primaryKey": false,
"notNull": false,
"autoincrement": false
}
},
"indexes": {
"user_account_id": {
"name": "user_account_id",
"columns": [
"workspace_id",
"account_id"
],
"isUnique": true
},
"user_email": {
"name": "user_email",
"columns": [
"workspace_id",
"email"
],
"isUnique": true
},
"global_account_id": {
"name": "global_account_id",
"columns": [
"account_id"
],
"isUnique": false
},
"global_email": {
"name": "global_email",
"columns": [
"email"
],
"isUnique": false
}
},
"foreignKeys": {},
"compositePrimaryKeys": {
"user_workspace_id_id_pk": {
"name": "user_workspace_id_id_pk",
"columns": [
"workspace_id",
"id"
]
}
},
"uniqueConstraints": {},
"checkConstraint": {}
},
"workspace": {
"name": "workspace",
"columns": {
"id": {
"name": "id",
"type": "varchar(30)",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"slug": {
"name": "slug",
"type": "varchar(255)",
"primaryKey": false,
"notNull": false,
"autoincrement": false
},
"name": {
"name": "name",
"type": "varchar(255)",
"primaryKey": false,
"notNull": true,
"autoincrement": false
},
"time_created": {
"name": "time_created",
"type": "timestamp(3)",
"primaryKey": false,
"notNull": true,
"autoincrement": false,
"default": "(now())"
},
"time_updated": {
"name": "time_updated",
"type": "timestamp(3)",
"primaryKey": false,
"notNull": true,
"autoincrement": false,
"default": "CURRENT_TIMESTAMP(3) ON UPDATE CURRENT_TIMESTAMP(3)"
},
"time_deleted": {
"name": "time_deleted",
"type": "timestamp(3)",
"primaryKey": false,
"notNull": false,
"autoincrement": false
}
},
"indexes": {
"slug": {
"name": "slug",
"columns": [
"slug"
],
"isUnique": true
}
},
"foreignKeys": {},
"compositePrimaryKeys": {
"workspace_id": {
"name": "workspace_id",
"columns": [
"id"
]
}
},
"uniqueConstraints": {},
"checkConstraint": {}
}
},
"views": {},
"_meta": {
"schemas": {},
"tables": {},
"columns": {}
},
"internal": {
"tables": {},
"indexes": {}
}
}

14
packages/console/core/migrations/meta/_journal.json
View file

@ -218,6 +218,20 @@
"when": 1759878278492,
"tag": "0030_ordinary_ultragirl",
"breakpoints": true
},
{
"idx": 31,
"version": "5",
"when": 1759940238478,
"tag": "0031_outgoing_outlaw_kid",
"breakpoints": true
},
{
"idx": 32,
"version": "5",
"when": 1759976329502,
"tag": "0032_white_doctor_doom",
"breakpoints": true
}
]
}

10
packages/console/core/src/actor.ts
View file

@ -1,4 +1,5 @@
import { Context } from "./context"
import { UserRole } from "./schema/user.sql"
import { Log } from "./util/log"
export namespace Actor {
@ -21,6 +22,7 @@ export namespace Actor {
userID: string
workspaceID: string
accountID: string
role: (typeof UserRole)[number]
}
}
@ -80,4 +82,12 @@ export namespace Actor {
}
throw new Error(`actor of type "${actor.type}" is not associated with an account`)
}
export function userID() {
return Actor.assert("user").properties.userID
}
export function userRole() {
return Actor.assert("user").properties.role
}
}

1
packages/console/core/src/identifier.ts
View file

@ -8,6 +8,7 @@ export namespace Identifier {
key: "key",
model: "mod",
payment: "pay",
provider: "prv",
usage: "usg",
user: "usr",
workspace: "wrk",

52
packages/console/core/src/key.ts
View file

@ -4,19 +4,43 @@ import { Actor } from "./actor"
import { and, Database, eq, isNull, sql } from "./drizzle"
import { Identifier } from "./identifier"
import { KeyTable } from "./schema/key.sql"
import { AccountTable } from "./schema/account.sql"
import { UserTable } from "./schema/user.sql"
import { User } from "./user"
export namespace Key {
export const list = async () => {
const workspace = Actor.workspace()
export const list = fn(z.void(), async () => {
const keys = await Database.use((tx) =>
tx
.select()
.select({
id: KeyTable.id,
name: KeyTable.name,
key: KeyTable.key,
timeUsed: KeyTable.timeUsed,
userID: KeyTable.userID,
email: AccountTable.email,
})
.from(KeyTable)
.where(and(eq(KeyTable.workspaceID, workspace), isNull(KeyTable.timeDeleted)))
.orderBy(sql`${KeyTable.timeCreated} DESC`),
.innerJoin(UserTable, and(eq(KeyTable.userID, UserTable.id), eq(KeyTable.workspaceID, UserTable.workspaceID)))
.innerJoin(AccountTable, eq(UserTable.accountID, AccountTable.id))
.where(
and(
...[
eq(KeyTable.workspaceID, Actor.workspace()),
isNull(KeyTable.timeDeleted),
...(Actor.userRole() === "admin" ? [] : [eq(KeyTable.userID, Actor.userID())]),
],
),
)
.orderBy(sql`${KeyTable.name} DESC`),
)
return keys
}
// only return value for user's keys
return keys.map((key) => ({
...key,
key: key.userID === Actor.userID() ? key.key : undefined,
keyDisplay: `${key.key.slice(0, 7)}...${key.key.slice(-4)}`,
}))
})
export const create = fn(
z.object({
@ -52,14 +76,22 @@ export namespace Key {
)
export const remove = fn(z.object({ id: z.string() }), async (input) => {
const workspace = Actor.workspace()
await Database.transaction((tx) =>
// only admin can remove other user's keys
await Database.use((tx) =>
tx
.update(KeyTable)
.set({
timeDeleted: sql`now()`,
})
.where(and(eq(KeyTable.id, input.id), eq(KeyTable.workspaceID, workspace))),
.where(
and(
...[
eq(KeyTable.id, input.id),
eq(KeyTable.workspaceID, Actor.workspace()),
...(Actor.userRole() === "admin" ? [] : [eq(KeyTable.userID, Actor.userID())]),
],
),
),
)
})
}

49
packages/console/core/src/provider.ts Normal file
View file

@ -0,0 +1,49 @@
import { z } from "zod"
import { fn } from "./util/fn"
import { Actor } from "./actor"
import { and, Database, eq, isNull } from "./drizzle"
import { Identifier } from "./identifier"
import { ProviderTable } from "./schema/provider.sql"
export namespace Provider {
export const list = fn(z.void(), () =>
Database.use((tx) =>
tx
.select()
.from(ProviderTable)
.where(and(eq(ProviderTable.workspaceID, Actor.workspace()), isNull(ProviderTable.timeDeleted))),
),
)
export const create = fn(
z.object({
provider: z.string().min(1).max(64),
credentials: z.string(),
}),
({ provider, credentials }) =>
Database.use((tx) =>
tx
.insert(ProviderTable)
.values({
id: Identifier.create("provider"),
workspaceID: Actor.workspace(),
provider,
credentials,
})
.onDuplicateKeyUpdate({
set: {
credentials,
timeDeleted: null,
},
}),
),
)
export const remove = fn(z.object({ provider: z.string() }), ({ provider }) =>
Database.transaction((tx) =>
tx
.delete(ProviderTable)
.where(and(eq(ProviderTable.provider, provider), eq(ProviderTable.workspaceID, Actor.workspace()))),
),
)
}

3
packages/console/core/src/schema/billing.sql.ts
View file

@ -1,5 +1,5 @@
import { bigint, boolean, int, mysqlTable, uniqueIndex, varchar } from "drizzle-orm/mysql-core"
import { timestamps, utc, workspaceColumns } from "../drizzle/types"
import { timestamps, ulid, utc, workspaceColumns } from "../drizzle/types"
import { workspaceIndexes } from "./workspace.sql"
export const BillingTable = mysqlTable(
@ -50,6 +50,7 @@ export const UsageTable = mysqlTable(
cacheWrite5mTokens: int("cache_write_5m_tokens"),
cacheWrite1hTokens: int("cache_write_1h_tokens"),
cost: bigint("cost", { mode: "number" }).notNull(),
keyID: ulid("key_id"),
},
(table) => [...workspaceIndexes(table)],
)

14
packages/console/core/src/schema/provider.sql.ts Normal file
View file

@ -0,0 +1,14 @@
import { mysqlTable, text, uniqueIndex, varchar } from "drizzle-orm/mysql-core"
import { timestamps, workspaceColumns } from "../drizzle/types"
import { workspaceIndexes } from "./workspace.sql"
export const ProviderTable = mysqlTable(
"provider",
{
...workspaceColumns,
...timestamps,
provider: varchar("provider", { length: 64 }).notNull(),
credentials: text("credentials").notNull(),
},
(table) => [...workspaceIndexes(table), uniqueIndex("workspace_provider").on(table.workspaceID, table.provider)],
)

23
packages/console/core/src/user.ts
View file

@ -1,5 +1,5 @@
import { z } from "zod"
import { and, eq, getTableColumns, inArray, isNull, or, sql } from "drizzle-orm"
import { and, eq, getTableColumns, isNull, sql } from "drizzle-orm"
import { fn } from "./util/fn"
import { Database } from "./drizzle"
import { UserRole, UserTable } from "./schema/user.sql"
@ -13,19 +13,14 @@ import { Key } from "./key"
import { KeyTable } from "./schema/key.sql"
export namespace User {
const assertAdmin = async () => {
const actor = Actor.assert("user")
const user = await User.fromID(actor.properties.userID)
if (user?.role !== "admin") {
throw new Error(`Expected admin user, got ${user?.role}`)
}
const assertAdmin = () => {
if (Actor.userRole() === "admin") return
throw new Error(`Expected admin user, got ${Actor.userRole()}`)
}
const assertNotSelf = (id: string) => {
const actor = Actor.assert("user")
if (actor.properties.userID === id) {
throw new Error(`Expected not self actor, got self actor`)
}
if (Actor.userID() !== id) return
throw new Error(`Expected not self actor, got self actor`)
}
export const list = fn(z.void(), () =>
@ -70,7 +65,7 @@ export namespace User {
role: z.enum(UserRole),
}),
async ({ email, role }) => {
await assertAdmin()
assertAdmin()
const workspaceID = Actor.workspace()
// create user
@ -181,7 +176,7 @@ export namespace User {
monthlyLimit: z.number().nullable(),
}),
async ({ id, role, monthlyLimit }) => {
await assertAdmin()
assertAdmin()
if (role === "member") assertNotSelf(id)
return await Database.use((tx) =>
tx
@ -193,7 +188,7 @@ export namespace User {
)
export const remove = fn(z.string(), async (id) => {
await assertAdmin()
assertAdmin()
assertNotSelf(id)
return await Database.use((tx) =>

3
packages/opencode/src/cli/cmd/export.ts
View file

@ -66,7 +66,8 @@ export const ExportCommand = cmd({
})),
}
console.log(JSON.stringify(exportData, null, 2))
process.stdout.write(JSON.stringify(exportData, null, 2))
process.stdout.write("\n")
} catch (error) {
UI.error(`Session not found: ${sessionID!}`)
process.exit(1)

46
packages/opencode/src/lsp/server.ts
View file

@ -44,7 +44,7 @@ export namespace LSPServer {
export const Typescript: Info = {
id: "typescript",
root: NearestRoot(["tsconfig.json", "package.json", "jsconfig.json"]),
root: NearestRoot(["package-lock.json", "bun.lockb", "bun.lock", "pnpm-lock.yaml", "yarn.lock"]),
extensions: [".ts", ".tsx", ".js", ".jsx", ".mjs", ".cjs", ".mts", ".cts"],
async spawn(root) {
const tsserver = await Bun.resolve("typescript/lib/tsserver.js", Instance.directory).catch(() => {})
@ -70,20 +70,7 @@ export namespace LSPServer {
export const Vue: Info = {
id: "vue",
extensions: [".vue"],
root: NearestRoot([
"tsconfig.json",
"jsconfig.json",
"package.json",
"pnpm-lock.yaml",
"yarn.lock",
"bun.lockb",
"bun.lock",
"vite.config.ts",
"vite.config.js",
"nuxt.config.ts",
"nuxt.config.js",
"vue.config.js",
]),
root: NearestRoot(["package-lock.json", "bun.lockb", "bun.lock", "pnpm-lock.yaml", "yarn.lock"]),
async spawn(root) {
let binary = Bun.which("vue-language-server")
const args: string[] = []
@ -131,20 +118,7 @@ export namespace LSPServer {
export const ESLint: Info = {
id: "eslint",
root: NearestRoot([
"eslint.config.js",
"eslint.config.mjs",
"eslint.config.cjs",
"eslint.config.ts",
"eslint.config.mts",
"eslint.config.cts",
".eslintrc.js",
".eslintrc.cjs",
".eslintrc.yaml",
".eslintrc.yml",
".eslintrc.json",
"package.json",
]),
root: NearestRoot(["package-lock.json", "bun.lockb", "bun.lock", "pnpm-lock.yaml", "yarn.lock"]),
extensions: [".ts", ".tsx", ".js", ".jsx", ".mjs", ".cjs", ".mts", ".cts", ".vue"],
async spawn(root) {
const eslint = await Bun.resolve("eslint", Instance.directory).catch(() => {})
@ -659,19 +633,7 @@ export namespace LSPServer {
export const Svelte: Info = {
id: "svelte",
extensions: [".svelte"],
root: NearestRoot([
"tsconfig.json",
"jsconfig.json",
"package.json",
"pnpm-lock.yaml",
"yarn.lock",
"bun.lockb",
"bun.lock",
"vite.config.ts",
"vite.config.js",
"svelte.config.ts",
"svelte.config.js",
]),
root: NearestRoot(["package-lock.json", "bun.lockb", "bun.lock", "pnpm-lock.yaml", "yarn.lock"]),
async spawn(root) {
let binary = Bun.which("svelteserver")
const args: string[] = []

2
packages/tui/internal/tui/tui.go
View file

@ -1069,7 +1069,7 @@ func (a Model) home() (string, int, int) {
mainLayout = layout.PlaceOverlay(
editorX,
editorY-overlayHeight+1,
editorY-overlayHeight+2,
overlay,
mainLayout,
)

104
packages/web/src/content/docs/agents.mdx
View file

@ -362,42 +362,33 @@ Here are all the tools can be controlled through the agent config.
### Permissions
Permissions control what actions an agent can take.
You can configure permissions to manage what actions an agent can take. Currently, the permissions for the `edit`, `bash`, and `webfetch` tools can be configured to:
- edit, bash, webfetch
Each permission can be set to allow, ask, or deny.
- allow, ask, deny
Configure permissions globally in opencode.json.
- `"ask"` — Prompt for approval before running the tool
- `"allow"` — Allow all operations without approval
- `"deny"` — Disable the tool
```json title="opencode.json"
{
"$schema": "https://opencode.ai/config.json",
"permission": {
"edit": "ask",
"bash": "allow",
"webfetch": "deny"
"edit": "deny"
}
}
```
You can override permissions per agent in JSON.
You can override these permissions per agent.
```json title="opencode.json" {7-18}
```json title="opencode.json" {3-5,8-10}
{
"$schema": "https://opencode.ai/config.json",
"permission": {
"edit": "deny"
},
"agent": {
"build": {
"permission": {
"edit": "allow",
"bash": {
"*": "allow",
"git push": "ask",
"terraform *": "deny"
},
"webfetch": "ask"
"edit": "ask"
}
}
}
@ -419,83 +410,60 @@ permission:
Only analyze code and suggest changes.
```
Bash permissions support granular patterns for fine-grained control.
You can set permissions for specific bash commands.
```json title="Allow most, ask for risky, deny terraform"
```json title="opencode.json" {7}
{
"$schema": "https://opencode.ai/config.json",
"permission": {
"bash": {
"*": "allow",
"git push": "ask",
"terraform *": "deny"
}
}
}
```
If you provide a granular bash map, the default becomes ask unless you set \* explicitly.
```json title="Granular defaults to ask"
{
"$schema": "https://opencode.ai/config.json",
"permission": {
"bash": {
"git status": "allow"
}
}
}
```
Agent-level permissions merge over global settings.
- Global sets defaults; agent overrides when specified
Specific bash rules can override a global default.
```json title="Global ask, agent allows safe commands"
{
"$schema": "https://opencode.ai/config.json",
"permission": { "bash": "ask" },
"agent": {
"build": {
"permission": {
"bash": { "git status": "allow", "*": "ask" }
"bash": {
"git push": "ask"
}
}
}
}
}
```
Permissions affect tool availability and prompts differently.
This can take a glob pattern.
- deny hides tools (edit also hides write/patch); ask prompts; allow runs
For quick reference, here are common setups.
```json title="Read-only reviewer"
```json title="opencode.json" {7}
{
"$schema": "https://opencode.ai/config.json",
"agent": {
"review": {
"permission": { "edit": "deny", "bash": "deny", "webfetch": "allow" }
"build": {
"permission": {
"bash": {
"git *": "ask"
}
}
}
}
}
```
```json title="Planning agent that can browse but cannot change code"
And you can also use the `*` wildcard to manage permissions for all commands.
Where the specific rule can override the `*` wildcard.
```json title="opencode.json" {8}
{
"$schema": "https://opencode.ai/config.json",
"agent": {
"plan": {
"permission": { "edit": "deny", "bash": "deny", "webfetch": "ask" }
"build": {
"permission": {
"bash": {
"git status": "allow",
"*": "ask"
}
}
}
}
}
```
See the full [permissions guide](/docs/permissions) for more patterns.
[Learn more about permissions](/docs/permissions).
---

9
packages/web/src/content/docs/config.mdx
View file

@ -249,7 +249,9 @@ You can configure code formatters through the `formatter` option.
### Permissions
You can configure permissions to control what AI agents can do in your codebase through the `permission` option.
By default, opencode **allows all operations** without requiring explicit approval. You can change this using the `permission` option.
For example, to ensure that the `edit` and `bash` tools require user approval:
```json title="opencode.json"
{
@ -261,11 +263,6 @@ You can configure permissions to control what AI agents can do in your codebase
}
```
This allows you to configure explicit approval requirements for sensitive operations:
- `edit` - Controls whether file editing operations require user approval (`"ask"` or `"allow"`)
- `bash` - Controls whether bash commands require user approval (can be `"ask"`/`"allow"` or a pattern map)
[Learn more about permissions here](/docs/permissions).
---

241
packages/web/src/content/docs/permissions.mdx
View file

@ -1,27 +1,32 @@
---
title: Permissions
description: Control what agents can do in your codebase.
description: Control which actions require approval to run.
---
By default, opencode **allows all operations** without requiring explicit approval.
By default, OpenCode **allows all operations** without requiring explicit approval. You can configure this using the `permission` option.
The permissions system provides granular control to restrict what actions AI agents can perform in your codebase, allowing you to configure explicit approval requirements for sensitive operations like file editing, bash commands, and more.
```json title="opencode.json"
{
"$schema": "https://opencode.ai/config.json",
"permission": {
"edit": "allow",
"bash": "ask",
"webfetch": "deny"
}
}
```
This lets you configure granular controls for the `edit`, `bash`, and `webfetch` tools.
- `"ask"` — Prompt for approval before running the tool
- `"allow"` — Allow all operations without approval
- `"deny"` — Disable the tool
---
## Configure
## Tools
Permissions are configured in your `opencode.json` file under the `permission` key. Here are the available options.
### Tool Permission Support
| Tool | Description |
| ---------- | ------------------------------- |
| `edit` | Control file editing operations |
| `bash` | Control bash command execution |
| `webfetch` | Control web content fetching |
They can also be configured per agent, see [Agent Configuration](/docs/agents#agent-configuration) for more details.
Currently, the permissions for the `edit`, `bash`, and `webfetch` tools can be configured through the `permission` option.
---
@ -29,10 +34,6 @@ They can also be configured per agent, see [Agent Configuration](/docs/agents#ag
Use the `permission.edit` key to control whether file editing operations require user approval.
- `"ask"` - Prompt for approval before editing files
- `"allow"` - Allow all file editing operations without approval
- `"deny"` - Make all file editing tools disabled and unavailable
```json title="opencode.json" {4}
{
"$schema": "https://opencode.ai/config.json",
@ -46,88 +47,144 @@ Use the `permission.edit` key to control whether file editing operations require
### bash
Controls whether bash commands require user approval.
You can use the `permission.bash` key to control whether bash commands as a
whole need user approval.
:::tip
You can specify which commands you want to have run without approval.
:::
This can be configured globally or with specific patterns. Setting this to `"ask"`, requiring approval for all bash commands.
Setting this to `"deny"` is the strictest option, blocking LLM from running that command or command pattern.
For example.
- **Ask for approval for all commands**
```json title="opencode.json"
{
"$schema": "https://opencode.ai/config.json",
"permission": {
"bash": "ask"
}
}
```
- **Disable all Terraform commands**
```json title="opencode.json"
{
"$schema": "https://opencode.ai/config.json",
"permission": {
"bash": {
"terraform *": "deny"
}
}
}
```
- **Approve specific commands**
```json title="opencode.json"
{
"$schema": "https://opencode.ai/config.json",
"permission": {
"bash": {
"git status": "allow",
"git diff": "allow",
"npm run build": "allow",
"ls": "allow",
"pwd": "allow"
}
}
}
```
- **Use wildcard patterns to restrict specific commands**
```json title="opencode.json"
{
"$schema": "https://opencode.ai/config.json",
"permission": {
"bash": {
"git push": "ask",
"*": "allow"
}
}
}
```
This configuration allows all commands by default (`"*": "allow"`) but requires approval for `git push` commands.
### Agents
Configure agent specific permissions
```json
```json title="opencode.json" {4}
{
"$schema": "https://opencode.ai/config.json",
"permission": {
"bash": "ask"
}
}
```
Or, you can target specific commands and set it to `allow`, `ask`, or `deny`.
```json title="opencode.json"
{
"$schema": "https://opencode.ai/config.json",
"permission": {
"bash": {
"git push": "ask",
"git status": "allow",
"git diff": "allow",
"npm run build": "allow",
"ls": "allow",
"pwd": "allow"
}
}
}
```
---
#### Wildcards
You can also use wildcards to manage permissions for specific bash commands.
:::tip
You can use wildcards to manage permissions for specific bash commands.
:::
For example, **disable all** Terraform commands.
```json title="opencode.json" {5}
{
"$schema": "https://opencode.ai/config.json",
"permission": {
"bash": {
"terraform *": "deny"
}
}
}
```
You can also use the `*` wildcard to manage permissions for all commands. For
example, **deny all commands** except a couple of specific ones.
```json title="opencode.json" {5}
{
"$schema": "https://opencode.ai/config.json",
"permission": {
"bash": {
"*": "deny",
"pwd": "allow",
"git status": "ask"
}
}
}
```
Here a specific rule can override the `*` wildcard.
---
##### Glob patterns
The wildcard uses simple regex globbing patterns.
- `*` matches zero or more of any character
- `?` matches exactly one character
- All other characters match literally
---
### webfetch
Use the `permission.webfetch` key to control whether the LLM can fetch web pages.
```json title="opencode.json" {4}
{
"$schema": "https://opencode.ai/config.json",
"permission": {
"webfetch": "ask"
}
}
```
---
## Agents
You can also configure permissions per agent. Where the agent specific config
overrides the global config. [Learn more](/docs/agents#permissions) about agent permissions.
```json title="opencode.json" {3-7,10-14}
{
"$schema": "https://opencode.ai/config.json",
"permission": {
"bash": {
"git push": "ask"
}
},
"agent": {
"plan": {
"build": {
"permission": {
"bash": {
"echo *": "allow"
"git push": "allow"
}
}
}
}
}
```
For example, here the `build` agent overrides the global `bash` permission to
allow `git push` commands.
You can also configure permissions for agents in Markdown.
```markdown title="~/.config/opencode/agent/review.md"
---
description: Code review without edits
mode: subagent
permission:
edit: deny
bash: ask
webfetch: deny
---
Only analyze code and suggest changes.
```

2
packages/web/src/styles/custom.css
View file

@ -367,7 +367,7 @@ nav.sidebar ul.top-level > li > details > summary .group-label > span {
}
.expressive-code {
margin: 12px 0 56px 0 !important;
margin: 0.75rem 0 3rem 0 !important;
border-radius: 6px;
}