Skip to content

fix: ask mode tool filtering not excluding edit/write when specific-pattern rules exist#317

Open
kiloconnect[bot] wants to merge 1 commit intodevfrom
fix/ask-mode-tool-filtering
Open

fix: ask mode tool filtering not excluding edit/write when specific-pattern rules exist#317
kiloconnect[bot] wants to merge 1 commit intodevfrom
fix/ask-mode-tool-filtering

Conversation

@kiloconnect
Copy link
Contributor

@kiloconnect kiloconnect bot commented Feb 14, 2026

Problem

In ask mode, write tools like edit, write, and bash/shell should be removed from the available tool list. However, when a user has .kilocodeignore patterns or user config with specific-pattern permission rules for edit, the tools were not being properly excluded.

The error message showed:

Model tried to call unavailable tool 'invalid'. Available tools: question, read, glob, grep, edit, write, webfetch, websearch, codesearch.

Root Cause

The PermissionNext.disabled() function finds the last rule matching a permission (via findLast) and checks if it has pattern === "*" && action === "deny".

When .kilocodeignore migration or user config adds specific-pattern rules for edit permission (e.g., { permission: "edit", pattern: "*.log", action: "deny" }), these come after the ask agent's { permission: "*", pattern: "*", action: "deny" } in the merged ruleset. findLast would find the specific-pattern rule, and since pattern !== "*", the tool was not disabled.

Fix

Changed disabled() to:

  1. Find the last wildcard rule (pattern === "*") matching the permission
  2. If it's a deny, check if there's a specific-pattern allow after it
  3. Only keep the tool enabled if there's a specific-pattern allow (meaning some usage is intentionally permitted)

Specific-pattern deny rules (from .kilocodeignore, etc.) no longer prevent tool removal.

Testing

  • Added 2 new test cases covering the exact bug scenario
  • All 64 existing permission tests pass
  • All 21 permission-task tests pass
  • All 40 agent tests pass

Built for Evgeny Shurakov by Kilo for Slack

…attern rules exist

The disabled() function in PermissionNext was finding the last rule matching
a permission regardless of pattern, then checking if it had pattern='*' and
action='deny'. When .kilocodeignore or user config added specific-pattern
rules for edit permission (e.g. deny *.log), these came after the ask agent's
wildcard deny in the merged ruleset. findLast would find the specific-pattern
rule, and since pattern!='*', the tool was not disabled.

Fix: find the last wildcard rule (pattern='*') for the permission, and only
keep the tool enabled if there's a specific-pattern ALLOW after it. Specific-
pattern deny rules no longer prevent tool removal.
@kiloconnect
Copy link
Contributor Author

kiloconnect bot commented Feb 14, 2026

Code Review Summary

Status: No Issues Found | Recommendation: Merge

Files Reviewed (2 files)
  • packages/opencode/src/permission/next.ts
  • packages/opencode/test/permission/next.test.ts

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants