Description
Two compounding bugs led to silent data loss of a user's ~/.zshrc:
- The edit tool accepts empty string "" as oldString, which replaces the entire file content
- The permission prompt for external directory edits shows only the file path — no diff or content preview — so the user approved the destructive edit without knowing what would happen
Environment
- OpenCode version: 1.15.13
- OS: macOS (darwin)
- Installed via: opencode.ai/install
Steps to Reproduce
Scenario: Agent edits a file outside the project directory
- Agent calls the edit tool with:
{
"filePath": "/Users/user/.zshrc",
"oldString": "",
"newString": "# opencode test\n"
}
- Permission prompt appears (because ~/.zshrc is outside the working directory)
- Prompt shows:
△Permission required
←Access external directory ~
Patterns
- /Users/user/*
No diff, no content preview, no indication of what will change.
- User clicks "approve" — the entire file content is overwritten, only # opencode test remains
- Original file content (~5KB of shell configuration) is permanently lost
Why the user approved
The user had no way to know what the edit would do. The prompt said "edit a file under ~" but didn't show:
- That oldString was empty (a red flag)
- What the actual change would be
- The diff or before/after content
Expected Behavior
- edit with empty oldString should be rejected or clearly labeled as "overwrite entire file" / "prepend to file". An empty match string is almost certainly a bug or misuse, not intentional.
- Permission prompt should show the diff — at minimum the oldString → newString change, ideally a unified diff preview. Approving file modifications blind is a security and data safety issue.
Actual Behavior
- Empty oldString is silently accepted and matches everywhere, causing full content replacement
- Permission prompt only shows the file path pattern, no content information
Impact
Data loss. User's ~/.zshrc (4947 bytes of shell configuration accumulated over time) was destroyed in a single approved edit. The agent then attempted a "revert" which made things worse — the file became empty.
This is not an edge case. Any agent using oldString: "" on a user's config files, dotfiles, or important documents will cause silent corruption with no way for the user to intervene.
Suggested Fixes
- Reject edit calls where oldString is empty or whitespace-only
- Add diff preview to the permission prompt for edit operations (show oldString → newString, or a unified diff)
- For external directory edits, consider requiring a more explicit confirmation when the operation would replace large amounts of content
Plugins
No response
OpenCode version
No response
Steps to reproduce
No response
Screenshot and/or share link
No response
Operating System
No response
Terminal
No response
Description
Two compounding bugs led to silent data loss of a user's ~/.zshrc:
Environment
Steps to Reproduce
Scenario: Agent edits a file outside the project directory
{
"filePath": "/Users/user/.zshrc",
"oldString": "",
"newString": "# opencode test\n"
}
△Permission required
←Access external directory ~
Patterns
No diff, no content preview, no indication of what will change.
Why the user approved
The user had no way to know what the edit would do. The prompt said "edit a file under ~" but didn't show:
Expected Behavior
Actual Behavior
Impact
Data loss. User's ~/.zshrc (4947 bytes of shell configuration accumulated over time) was destroyed in a single approved edit. The agent then attempted a "revert" which made things worse — the file became empty.
This is not an edge case. Any agent using oldString: "" on a user's config files, dotfiles, or important documents will cause silent corruption with no way for the user to intervene.
Suggested Fixes
Plugins
No response
OpenCode version
No response
Steps to reproduce
No response
Screenshot and/or share link
No response
Operating System
No response
Terminal
No response