cd /news/ai-tools/opencode-ai-config-to-deny-read-acce… · home topics ai-tools article
[ARTICLE · art-47865] src=gist.github.com ↗ pub= topic=ai-tools verified=true sentiment=· neutral

OpenCode AI config to deny read access to .env, node_modules, build artifacts, cache dirs and ask before bash execution

OpenCode AI released a security-focused configuration that denies read access to sensitive files like .env, node_modules, build artifacts, and cache directories, and requires user approval before executing any bash commands. The configuration aims to protect secrets and prevent accidental exposure of build outputs or dependencies.

read1 min views1 publishedJul 4, 2026

| { | | | "$schema": "https://opencode.ai/config.json", | |

| "permission": { | |
| "bash": { | |

| "": "ask" | | | }, | | | "read": { | | | "": "allow", | | | "/.env": "deny", | | | "/.env.": "deny", | | | "/.env.local": "deny", | | | "/.env.development": "deny", | | | "/.env.production": "deny", | | | "/.env.test": "deny", | | | "/.env.example": "allow", | | | "/node_modules/": "deny", | | | "/.next/": "deny", | | | "/dist/": "deny", | | | "/build/": "deny", | | | "/out/": "deny", | | | "/.turbo/": "deny", | | | "/.cache/": "deny", | | | "/.parcel-cache/": "deny", | | | "/.vite/": "deny", | | | "/public/": "deny", | | | "/static/": "deny", | | | "/coverage/": "deny", | | | "/.log": "deny", | | | "/.git/": "deny", | | | "/.pnpm-store/": "deny", | | | "/.yarn/": "deny", | | | "/.DS_Store": "deny", | | | "/tmp/": "deny", | | | "/temp/": "deny", | | | "/.vercel/": "deny", | | | "/.output/": "deny", | | | "/.nuxt/": "deny", | | | "/.svelte-kit/": "deny", | | | "/.angular/": "deny", | | | "/.astro/": "deny", | | | "/.firebase/": "deny", | | | "/.wrangler/": "deny", | | | "/.serverless/": "deny", | | | "/storybook-static/": "deny", | | | "/vendor/": "deny", | | | "/pycache/": "deny", | | | "/.pytest_cache/": "deny", | | | "/.mypy_cache/": "deny", | | | "/.ruff_cache/": "deny", | | | "/.venv/": "deny", | | | "/venv/**": "deny" | | | } | | | } | | | } |

── more in #ai-tools 4 stories · sorted by recency
── more on @opencode ai 3 stories trending now
sponsored brought to you by zahid.host 4,200+ EU-deployed projects
reading about agents? ship yours in a single git push.

Run your AI side-project on zahid.host

EU-based hosting, git-push deploys, automatic HTTPS, no cold starts. Free tier with a custom domain — perfect for shipping the agent you just read about.

$git push zahid main
Live at https://your-agent.zahid.host
Get free account → Pricing
from €0/mo · no card required
LIVE [news/opencode-ai-config-t…] indexed:0 read:1min 2026-07-04 ·