ed/manual_slop
Private
Public Access
0
0
Fork 0
Code Activity

fix(tier2): remove AppData allow rules from OpenCode permission JSON

Browse Source 
Before:
  - read/write allow rules for AppData/Local/manual_slop/tier2/ and
    AppData/Local/manual_slop/tier2_failures/ existed in both the
    top-level and the tier2-autonomous agent's permission blocks.
  - Bash deny rules covered only AppData/Local/Temp/.

After:
  - read/write allow only the Tier 2 clone (C:\\projects\\manual_slop_tier2\\**).
  - Bash deny rules: *AppData\\* (broader) + *AppData\\Local\\Temp\\* (kept for clarity).

The broader *AppData\\* rule catches Local, LocalLow, Roaming, and any
other subdir, not just Temp. The narrower Temp rule is kept as a
self-documenting marker for the original 2026-06-17 regression.

Per the user's 2026-06-18 'NEVER USE APPDATA' directive.

Refs: conductor/tracks/tier2_no_appdata_20260618
This commit is contained in:
Edward R. Gonzalez
2026-06-18 14:30:04 -04:00
parent f985111065
commit d0bbc70a4e
1 changed files with 6 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files
conductor/tier2/opencode.json.fragment
+6 -12
View File
@@ -6,15 +6,11 @@
"edit": "deny",
"read": {
"*": "deny",
"C:\\projects\\manual_slop_tier2\\**": "allow",
"C:\\Users\\Ed\\AppData\\Local\\manual_slop\\tier2\\**": "allow",
"C:\\Users\\Ed\\AppData\\Local\\manual_slop\\tier2_failures\\**": "allow"
"C:\\projects\\manual_slop_tier2\\**": "allow"
},
"write": {
"*": "deny",
"C:\\projects\\manual_slop_tier2\\**": "allow",
"C:\\Users\\Ed\\AppData\\Local\\manual_slop\\tier2\\**": "allow",
"C:\\Users\\Ed\\AppData\\Local\\manual_slop\\tier2_failures\\**": "allow"
"C:\\projects\\manual_slop_tier2\\**": "allow"
},
"bash": {
"*": "deny",
@@ -43,6 +39,7 @@
"uv run python scripts/run_tests_batched.py*": "allow",
"uv run python scripts/tier2/*": "allow",
"pwsh -File scripts/tier2/*": "allow",
"*AppData\\*": "deny",
"*AppData\\Local\\Temp\\*": "deny",
"git push*": "deny",
"git checkout*": "deny",
@@ -58,18 +55,15 @@
"edit": "allow",
"read": {
"*": "deny",
"C:\\projects\\manual_slop_tier2\\**": "allow",
"C:\\Users\\Ed\\AppData\\Local\\manual_slop\\tier2\\**": "allow",
"C:\\Users\\Ed\\AppData\\Local\\manual_slop\\tier2_failures\\**": "allow"
"C:\\projects\\manual_slop_tier2\\**": "allow"
},
"write": {
"*": "deny",
"C:\\projects\\manual_slop_tier2\\**": "allow",
"C:\\Users\\Ed\\AppData\\Local\\manual_slop\\tier2\\**": "allow",
"C:\\Users\\Ed\\AppData\\Local\\manual_slop\\tier2_failures\\**": "allow"
"C:\\projects\\manual_slop_tier2\\**": "allow"
},
"bash": {
"*": "allow",
"*AppData\\*": "deny",
"*AppData\\Local\\Temp\\*": "deny",
"git push*": "deny",
"git checkout*": "deny",