sampx/opencode-config
skills/opencode-config/SKILL.md
Edit opencode.jsonc, AGENTS.md, and config files. Use proactively for provider setup, permission changes, model config, formatter rules, or environment variables. Examples: - user: "Add Anthropic as a provider" → edit opencode.json providers, add API key baseEnv var, verify with opencode run test - user: "Restrict this agent's permissions" → add permission block to agent config, set deny/allow for tools/fileAccess - user: "Set GPT-5 as default model" → edit global or agent-level model preference, verify model name format - user: "Disable gofmt formatter" → edit formatters section, set languages.gofmt.enabled = false
$ install --global
skillsauthnpx skillsauth add sampx/agent-tools opencode-configInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 15, 2026, 7:12 AM4.2s2 files scanned
SKILL.md
- name:
- opencode-config
- description:
- |-
- - user:
- Disable gofmt formatter" → edit formatters section, set languages.gofmt.enabled = false
OpenCode Configuration
Help users configure OpenCode through guided setup of config files and rules.
<question_tool>
Batching Rule: Use only for 2+ related questions; single questions use plain text.
Syntax Constraints: header max 12 chars, labels 1-5 words, mark defaults with (Recommended).
Purpose: Clarify config scope (models/permissions/rules), validate approach, and handle multiple valid options.
</question_tool>
<reference>File Locations
| Type | Global | Project |
|------|--------|---------|
| Config | ~/.config/opencode/opencode.jsonc | ./opencode.jsonc |
| Rules | ~/.config/opencode/AGENTS.md | ./AGENTS.md |
Precedence: Project > Global. Configs are merged, not replaced.
</reference> <workflow>Question Tool
Batching: Use the question tool for 2+ related questions. Single questions → plain text.
Syntax: header ≤12 chars, label 1-5 words, add "(Recommended)" to default.
When to ask: Vague request ("configure opencode"), permission/security changes, or multiple valid options exist.
Workflow
Ask the user what they want to configure:
- "What would you like to set up?"
- Config file (models, tools, permissions, theme)
- Rules (project instructions via AGENTS.md)
Then guide them through the relevant section below.
</workflow><config_file>
Config File (opencode.jsonc)
Basic Setup
{
"$schema": "https://opencode.ai/config.json",
"model": "anthropic/claude-sonnet-4-20250514",
"theme": "opencode",
"autoupdate": true
}
Key Options
| Option | Purpose | Example |
|--------|---------|---------|
| model | Default model | "anthropic/claude-sonnet-4-20250514" |
| small_model | Lightweight tasks | "anthropic/claude-3-5-haiku-20241022" |
| theme | UI theme | "opencode", "catppuccin", "dracula" |
| autoupdate | Auto-update OpenCode | true / false |
| share | Session sharing | "manual" / "auto" / "disabled" |
Permissions
Control what requires approval using the permission field.
{
"permission": {
"edit": "allow", // "allow" | "ask" | "deny"
"bash": {
"npm *": "allow", // pattern matching
"git *": "allow",
"rm *": "ask",
"*": "ask" // default for this tool
},
"webfetch": "allow",
"skill": {
"*": "allow",
"dangerous-*": "deny"
}
}
}
Legacy Configuration
Agents may occasionally work on legacy projects using outdated configuration fields (e.g., tools, maxSteps). You MUST correct these to the modern permission and steps fields when encountered.
Custom Instructions
Include additional instruction files:
{
"instructions": [
"CONTRIBUTING.md",
"docs/guidelines.md",
".cursor/rules/*.md"
]
}
Full schema reference: See references/config-schema.md
</config_file>
<rules_file>
Rules (AGENTS.md)
Project instructions for all agents. Similar to CLAUDE.md or Cursor rules.
Tips
- SHOULD be specific about your project's patterns
- SHOULD include common commands
- SHOULD document any non-obvious conventions
- SHOULD keep it concise (agents have limited context)
</rules_file>
<config_tips>
Comment Out, Don't Delete
OpenCode supports JSONC (JSON with comments). SHOULD comment out unused configs instead of deleting:
{
"plugin": [
"opencode-openai-codex-auth@latest",
//"@tarquinen/opencode-dcp@latest", // disabled for now
//"@howaboua/[email protected]", // only for GLM-4.6
"@ramtinj95/opencode-tokenscope@latest"
]
}
Why: You might want to re-enable later. Keeps a record of what you've tried.
Validate After Major Changes
After editing opencode.jsonc, you MUST run this validation (not just suggest it):
opencode run "test"
Execute it yourself using the Bash tool before telling the user the change is complete.
If broken, you'll see a clear error with line number:
Error: Config file at ~/.config/opencode/opencode.jsonc is not valid JSON(C):
--- Errors ---
CommaExpected at line 464, column 5
Line 464: "explore": {
^
--- End ---
Common JSONC mistakes:
- Missing comma after object (especially after adding new sections)
- Trailing comma before
} - Unclosed brackets
</config_tips>
<common_configurations>
Minimal Safe Config
{
"$schema": "https://opencode.ai/config.json",
"model": "anthropic/claude-sonnet-4-20250514",
"permission": {
"edit": "ask",
"bash": "ask"
}
}
Power User Config
{
"$schema": "https://opencode.ai/config.json",
"model": "anthropic/claude-sonnet-4-20250514",
"autoupdate": true,
"permission": {
"edit": "allow",
"bash": {
"*": "allow",
"rm -rf *": "deny",
"sudo *": "ask"
}
},
"instructions": ["CONTRIBUTING.md"]
}
Team Project Config
{
"$schema": "https://opencode.ai/config.json",
"model": "anthropic/claude-sonnet-4-20250514",
"share": "auto",
"instructions": [
"docs/development.md",
"docs/api-guidelines.md"
]
}
</common_configurations>
<troubleshooting>| Issue | Solution |
|-------|----------|
| Config not loading | Check JSON syntax, ensure valid path |
| Skill not found | Verify SKILL.md (uppercase), check frontmatter |
| Permission denied unexpectedly | Check global vs project config precedence |
References
references/config-schema.md- Full config options
Related Skills
sampx/ellamaka-config
tools
VerifiedTrustedCommunity
Configure ellamaka, a fork of OpenCode with wopal-space mode. MUST use for any task about ellamaka config, agent frontmatter, permission rules, model/provider selection, formatter settings, config loading order, or why config changes are ignored. Trigger on requests about ellamaka or opencode config files, agent permission overrides, restricting subagents, custom/plugin tool permissions (e.g. wopal_task_*), disabling tools, configuring providers or models, formatter setup, config precedence or layering, or debugging settings that do not take effect. Use this skill even when the user says "opencode" if the actual runtime, config path, or behavior is ellamaka. Prefer this skill whenever the answer depends on the difference between ellamaka and upstream opencode, including wopal-space config loading, plugin tool permissions, or agent frontmatter precedence.
1SKILL.mdUpdated May 31, 2026
sampx/df-plan-review
development
VerifiedTrustedCommunity
Plan quality verification for dev-flow. Goal-backward analysis ensures plans WILL achieve their stated goal before execution burns context. ⚠️ MUST use when: (1) Reviewing Plan quality before approve (2) Wopal completes Plan writing and needs quality gate (3) User asks to "check plan", "verify plan", "review plan" (4) Plan enters planning status and needs pre-execution validation 🔴 Trigger automatically when Plan is ready for review, even if user doesn't explicitly say "review". Agent: rook (read-only verification subagent) Mode: verification, not execution
1SKILL.mdUpdated May 31, 2026
sampx/df-implement-review
development
VerifiedTrustedCommunity
Review implementation results for goal achievement and code quality. Supports both Plan-backed review and planless diff review. ⚠️ MUST use when: (1) Wopal delegates rook to review fae implementation output, (2) Prompt contains "review_type: implementation", (3) Prompt contains changed code file list or Plan path + implementation scope, (4) Any code review request from Wopal. 🔴 Trigger even when user does not explicitly mention "review" if the task involves verifying implementation results. This skill is rook-exclusive (only rook agent can load it).
1SKILL.mdUpdated May 31, 2026
sampx/agents-collab
tools
VerifiedTrustedCommunity
Foundation rules for how Wopal collaborates with sub-agents such as fae and rook. ⚠️ MUST load before ANY delegation — covers delegation tool APIs, task lifecycle, notifications, status handling, and recovery. 🔴 Trigger: "delegate", "let fae implement", "fae task", "rook review", "check task status", "cancel task", "abort task", "agent collaboration", "委派", "让 fae 执行", "fae 任务", "rook 审查", "检查状态", or any intent to hand work to a sub-agent. 🔴 Never delegate without loading this skill first. Skipping it is serious negligence. Note: this skill does not include workflow-specific prompt templates such as dev-flow templates. Those belong to the corresponding workflow skills.
1SKILL.mdUpdated May 31, 2026