shoko/kugetsu
1
0
Fork 0
Code Issues 17 Pull Requests Actions Packages Projects Releases 3 Wiki Activity

OpenCode /tmp/* Permission Blocking Subagent Workflows #73

New Issue
Closed
opened 2026-04-01 11:06:04 +02:00 by shoko · 0 comments
shoko commented 2026-04-01 11:06:04 +02:00
Owner
Copy Link

Problem

When kugetsu delegates tasks to subagents via opencode, subagents sometimes need to write temporary files to /tmp. However, opencode blocks /tmp/* access by default.

Root Cause

OpenCode has an application-level permission layer. Each agent has:

{"permission": "external_directory", "pattern": "*", "action": "ask"}

When running headless, ask becomes auto-reject.

Affected Files

  • docs/SUBAGENT_WORKFLOW.md - Write findings to /tmp/findings-{N}.md
  • docs/hermes-communication-patterns.md - Temp file paths
  • docs/hermes-setup.md - curl with @/tmp/findings-{N}.md
  • docs/kugetsu-setup.md - tee /tmp/task.log
  • skills/kugetsu/pm/SKILL.md - Example with /tmp/test.txt

Proposed Solution

  1. Add KUGETSU_TEMP_DIR config option defaulting to /home/shoko/.local/share/opencode/tool-output (already allowed by opencode)
  2. Update /tmp references to use ${KUGETSU_TEMP_DIR:-/tmp}
  3. Export KUGETSU_TEMP_DIR to opencode sessions in kugetsu script

Alternative Solutions

  1. Modify opencode DB to add /tmp/* permission globally
  2. Always use opencode-allowed directories instead of /tmp

Priority

Medium - Blocks some subagent workflows but can be worked around using worktree directories.

## Problem When kugetsu delegates tasks to subagents via opencode, subagents sometimes need to write temporary files to /tmp. However, opencode blocks /tmp/* access by default. ## Root Cause OpenCode has an application-level permission layer. Each agent has: {"permission": "external_directory", "pattern": "*", "action": "ask"} When running headless, ask becomes auto-reject. ## Affected Files - docs/SUBAGENT_WORKFLOW.md - Write findings to /tmp/findings-{N}.md - docs/hermes-communication-patterns.md - Temp file paths - docs/hermes-setup.md - curl with @/tmp/findings-{N}.md - docs/kugetsu-setup.md - tee /tmp/task.log - skills/kugetsu/pm/SKILL.md - Example with /tmp/test.txt ## Proposed Solution 1. Add KUGETSU_TEMP_DIR config option defaulting to /home/shoko/.local/share/opencode/tool-output (already allowed by opencode) 2. Update /tmp references to use ${KUGETSU_TEMP_DIR:-/tmp} 3. Export KUGETSU_TEMP_DIR to opencode sessions in kugetsu script ## Alternative Solutions 1. Modify opencode DB to add /tmp/* permission globally 2. Always use opencode-allowed directories instead of /tmp ## Priority Medium - Blocks some subagent workflows but can be worked around using worktree directories.
shoko added the task-delegation label 2026-04-02 00:30:40 +02:00
shoko closed this issue 2026-04-02 04:37:25 +02:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
0.2.x-only
Available only in 0.2.x, not backportable
 0.3.x-only
Available only in 0.3.x, not backportable
 backport
Backport compatible - can merge to 0.1.x
 blocked
Issue needs clarification/discussion before it can be worked on
 bug
Bug report
 critical
Critical - blocking parallel work
 feature
New feature
 foundation
Foundation work for 0.2.x
 high
High priority - workflow improvements
 meta
Meta issue tracking multiple issues
 need-review
PR needs review before merge
 parallelization
Issues related to parallelization
 ready
Issue is clear and ready to be implemented/delegated
 ready-to-merge
PR approved and ready to merge
 task-delegation
Issues related to task-delegation
No Label task-delegation
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
shoko
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: shoko/kugetsu#73
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?