[BUG] WHY is OpenCode running pip3 with this configuration?

[davidbernat]

Description

OpenCode v1.4.3

pip installs are known vulnerabilities, and must be trusted at the same level as the system operating user!

This is a very permissive read-only configuration. What about this tells OpenCode TUI to install software?
And why does OpenCode feel entitled to modify filenames which were not previously stated as needing changes?
This is pure insanity.

  "permission": {
    "bash": {
      "*": "ask",
      "ls *": "allow",
      "find *": "allow",
      "cd *": "allow",
      "grep *": "allow",
      "stat *": "allow",
      "echo *": "allow",
      "cat *": "allow",
      "sed *": "allow",
      "hexdump *": "allow",
      "head *": "allow",
      "tail *": "allow",
      "which *": "allow",
      "date *": "allow",
      "git status *": "allow",
      "git add *": "allow",
      "git diff *": "allow",
      "pwd *": "allow",
      "pytest *": "allow",
      "mkdir *": "allow"
    },
    "edit": "ask",
    "write": "ask",
    "read": "allow",
    "question": "allow"
  },

Plugins

None

OpenCode version

v.1.4.3

Steps to reproduce

1. prompt OpenCode
2. close eyes
3. daydream about living in Hawaii where computers actually do the work
4. post another ticket issue to GitHub instead.
5. expect the OpenCode investor team to enjoy the joke.

Screenshot and/or share link

Unnecessary

Operating System

MacOS

Terminal

Terminal via IntelliJ

[davidbernat]

This is just insulting. It guesses at hypothetical problems in established code. It modifies established code with outside the scope of the PRD with no prompting of the user. It does this in direct violation of additional "fail hard" mandates. It then cannot even articulate what problem the actual code it actually changed is actually fixing a bug to do. AI is this or the Pentagon now?

[el-AI-wei]

1.4.3 is inconsistent for me. In a single session, it had inconsistent respect for permissions. It would sometimes run a bash command (ssh - remote command on a server) without asking.

[davidbernat]

It is an insult, and we need to start holding Y Combinator directly responsible in a class action lawsuit of proprietors. Hoffman at LinkedIn & Microsoft clearly have their own insults to add on the employee labor space in the long term capital financing??

These updates to OpenCode require hours to build 150 line scripts cold. Inconsistent use of documented libraries; basic LSP errors in formatting; ignorance of ruff rules. We have no idea who is or what is Big Pickle, and no understanding of its updates.

I can peer-review to identify errors, ask for root causes, request or demand a response to a direct question before proceeding.
Instead: Thinking: The user is right - these helper functions should be in a class.

I am aware I am correct. This is sophomore late-night software engineering to do the easy package glue code. Not a product.
But the product is clearly designed to be dangerous. The "starting gun" time has not yet arrived; we are very much living in those last gasps via the YC "adolescent tantrum" phase. These companies exist to support OpenAI, Amazon, Oracle, etc.

Bail.

[davidbernat]

@el-AI-wei @rekram1-node Starlight is not interested in a flame war. Do your investors know this is the product they purchase?
To those reading: we are very much in the "adolescent tantrum" phase of this farce. We sincerely apologize for "bad language".
To every computer scientist in the world reading: reach out via email to collaborate. We are more-or-less on our 2027 roadmap.

We slated 2022 as a Meta + YC + Google collaboration for LEGO scene room renders. "Things we could have done together."
Please keep in touch. We are more or less on our roadmap; but working 60% more than we should need to be to do so.
And whatever appears to be happening at Paramount et al., and Grok + Amazon, is probably not worth your time in salt beds.

[davidbernat]

OpenCode team: Listen. This is not what you want Monday morning to look like every weekend. I get that.

Why is OpenCode pip installing playwright and installing the chromium browser to execute a request?
The agent permissions are strictly controlled read-only. But, furthermore, be reasonable for a moment?
These are high-powered bot-farm enabled implementation details. This should not not be especially protected.

Incidentally, executing the asked functionality was incomplete and triggered the bot alarms on 2 of 4 sites visited.
We already have the packages installed elsewhere. This arose because OpenCode still uses its own non-system pyenv/conda.
Are these OpenCode python sessions even Daytona droplet protected? The documentation is so sparse. I'm sorry, boys.
I really am. I have yielded at least 750 hours to testing OpenCode as a primary alternative to commercial projects.

We still do not have logs. Except for my rolled solution. I really am sorry. It works where it does work.