[Refactor] Simplify rg tool permission: one tool = one permission #107
Description
Problem
The rg tool currently uses two different permission names internally:
"glob"permission for file listing mode (files_only: true)"grep"permission for content search mode
This is confusing because:
- Naming collision: You might deny
grep*in bash permissions, but must allow"grep"permission for the rg tool. Same word, different meanings. - Hidden mapping: You have to read source code to know that calling
rgrequires"grep"permission. Not discoverable. - Misleading names: There's no
greporglobtool. When you see"grep": "deny"in config, you'd think grep is denied — but actually it means content search via rg is denied.
Desired State
One tool = one permission.
// Before (confusing)
ctx.ask({ permission: params.files_only ? "glob" : "grep" })
// After (simple)
ctx.ask({ permission: "rg" })Agent config becomes:
{
"rg": "allow"
}Requirements
- Change
rg.tsto use single permission name"rg" - Update any agent configs that reference
"glob"or"grep"permissions - Review and align the rg tool's system prompt so agents know how to use it correctly
- Update any documentation referencing the old permission names
Files
packages/opencode/src/tool/rg.ts— Permission check (~line 42-52)- Agent config files with permission mappings
- Tool system prompts (if any exist for rg)
Acceptance Criteria
- rg tool uses single
"rg"permission - Agent configs updated
- System prompt aligned with tool usage
- No references to glob/grep as permission names for this tool