# OpenCode AI config to deny read access to .env, node_modules, build artifacts, cache dirs and ask before bash execution

> Source: <https://gist.github.com/chrisipanaque/2e7b3de6fba6a45ced85a5389245f6d8>
> Published: 2026-07-04 11:43:48+00:00

| { | |
| "$schema": "https://opencode.ai/config.json", | |
| "permission": { | |
| "bash": { | |
| "*": "ask" | |
| }, | |
| "read": { | |
| "*": "allow", | |
| "**/.env": "deny", | |
| "**/.env.*": "deny", | |
| "**/.env.local": "deny", | |
| "**/.env.development": "deny", | |
| "**/.env.production": "deny", | |
| "**/.env.test": "deny", | |
| "**/.env.example": "allow", | |
| "**/node_modules/**": "deny", | |
| "**/.next/**": "deny", | |
| "**/dist/**": "deny", | |
| "**/build/**": "deny", | |
| "**/out/**": "deny", | |
| "**/.turbo/**": "deny", | |
| "**/.cache/**": "deny", | |
| "**/.parcel-cache/**": "deny", | |
| "**/.vite/**": "deny", | |
| "**/public/**": "deny", | |
| "**/static/**": "deny", | |
| "**/coverage/**": "deny", | |
| "**/*.log": "deny", | |
| "**/.git/**": "deny", | |
| "**/.pnpm-store/**": "deny", | |
| "**/.yarn/**": "deny", | |
| "**/.DS_Store": "deny", | |
| "**/tmp/**": "deny", | |
| "**/temp/**": "deny", | |
| "**/.vercel/**": "deny", | |
| "**/.output/**": "deny", | |
| "**/.nuxt/**": "deny", | |
| "**/.svelte-kit/**": "deny", | |
| "**/.angular/**": "deny", | |
| "**/.astro/**": "deny", | |
| "**/.firebase/**": "deny", | |
| "**/.wrangler/**": "deny", | |
| "**/.serverless/**": "deny", | |
| "**/storybook-static/**": "deny", | |
| "**/vendor/**": "deny", | |
| "**/__pycache__/**": "deny", | |
| "**/.pytest_cache/**": "deny", | |
| "**/.mypy_cache/**": "deny", | |
| "**/.ruff_cache/**": "deny", | |
| "**/.venv/**": "deny", | |
| "**/venv/**": "deny" | |
| } | |
| } | |
| } |
