From f6048dc2a6fcec73ca68606b2e7a3905bc0a3b1a Mon Sep 17 00:00:00 2001
From: Josh Holmer <jholmer.in@gmail.com>
Date: Sun, 5 Apr 2026 00:22:49 -0400
Subject: [PATCH] fix: restrict write and apply_patch permissions for plan mode

---
 packages/opencode/src/agent/agent.ts | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/packages/opencode/src/agent/agent.ts b/packages/opencode/src/agent/agent.ts
index 8bfbe786a21..883d13202de 100644
--- a/packages/opencode/src/agent/agent.ts
+++ b/packages/opencode/src/agent/agent.ts
@@ -234,6 +234,18 @@ export namespace Agent {
             external_directory: {
               [path.join(Global.Path.data, "plans", "*")]: "allow",
             },
+            apply_patch: {
+              "*": "deny",
+              [path.join(".kilo", "plans", "*.md")]: "allow", // kilocode_change
+              [path.join(".opencode", "plans", "*.md")]: "allow", // kilocode_change: .opencode fallback
+              [path.relative(Instance.worktree, path.join(Global.Path.data, path.join("plans", "*.md")))]: "allow",
+            },
+            write: {
+              "*": "deny",
+              [path.join(".kilo", "plans", "*.md")]: "allow", // kilocode_change
+              [path.join(".opencode", "plans", "*.md")]: "allow", // kilocode_change: .opencode fallback
+              [path.relative(Instance.worktree, path.join(Global.Path.data, path.join("plans", "*.md")))]: "allow",
+            },
             edit: {
               "*": "deny",
               [path.join(".kilo", "plans", "*.md")]: "allow", // kilocode_change