feat: YOLO Mode - Skip All Permission Prompts (CLI + Desktop)

[mguttmann]

Summary

Comprehensive implementation of YOLO mode that allows users to skip all permission prompts. This addresses multiple community requests (#8463, #7928, #1813) with a complete solution for both CLI and Desktop.

Closes #9070

Features

CLI Support

Method	Usage
Flag	opencode --yolo or opencode --dangerously-skip-permissions
Environment Variable	OPENCODE_YOLO=true opencode
Commands	opencode yolo status / enable / disable

# Check current status
$ opencode yolo status
YOLO mode: ENABLED (saved in config)
Config: /Users/.../.config/opencode/config.json

# Enable permanently
$ opencode yolo enable
YOLO mode ENABLED - saved to config
Warning: All permission prompts will be skipped!

# Disable
$ opencode yolo disable
YOLO mode disabled - removed from config

Desktop App Support

New Settings → Danger Zone tab with:

• This Session Only - Toggle for current session (resets on restart)
• Always Enabled - Persists to ~/.config/opencode/config.json
• Clear visual indicators showing active state
• Live switching without app restart
• Warning messaging about the risks

Config File Support

{
  "yolo": true
}

Works in both project-level opencode.json and global ~/.config/opencode/config.json.

Technical Implementation

• Yolo Module (packages/opencode/src/yolo/index.ts): Centralized state management
• Permission Bypass (permission/next.ts): Auto-approves in PermissionNext.ask() when YOLO enabled
• API Endpoints: GET/POST /config/yolo for runtime control
• Safety: Explicit deny rules are still respected even in YOLO mode

Files Changed

File	Changes
packages/opencode/src/yolo/index.ts	New module for YOLO state management
packages/opencode/src/cli/cmd/yolo.ts	New CLI commands
packages/opencode/src/permission/next.ts	Auto-approve logic
packages/opencode/src/server/routes/config.ts	YOLO API endpoints
packages/opencode/src/flag/flag.ts	OPENCODE_YOLO env var
packages/opencode/src/config/config.ts	Config schema
packages/opencode/src/index.ts	CLI flag + command registration
packages/app/src/components/dialog-settings.tsx	Desktop UI (Danger Zone tab)

Testing

Manually tested:

• CLI --yolo flag
• CLI opencode yolo commands
• Environment variable
• Desktop UI YOLO toggles
• Config persistence
• Live toggle without restart
• Permission prompts appear when disabled
• Permission prompts skipped when enabled
• Switching between session-only and permanent modes

Related Issues

This PR provides a comprehensive solution that addresses:

• [FEATURE]: Add --dangerously-skip-permissions (aka YOLO mode) #8463: --dangerously-skip-permissions flag ✅
• [Feature]: Runtime Permission Mode Toggle (like Claude Code's Shift+Tab) #7928: Runtime permission toggle ✅
• Feature Request: Yolo and non-Yolo mode (auto-accept) #1813: YOLO mode / auto-accept ✅

[github-actions]

The following comment was made by an LLM, it may be inaccurate:

Based on my search, I found one potential duplicate:

PR #7137: feat: add --dangerously-skip-permissions flag
#7137

This PR appears to be directly related as it implements a --dangerously-skip-permissions flag, which is one of the methods mentioned in PR #9073 for skipping permission prompts. The current PR #9073 consolidates this feature under the broader "YOLO mode" umbrella with additional functionality for Desktop UI and runtime configuration.

Note: PR #6968 mentions "Autonomous Mode" in the documentation context but appears less directly related to the implementation.

[mguttmann]

Thanks for flagging PR #7137!

Comparison of the two implementations:

Feature	PR #7137 (surma)	PR #9073 (this PR)
CLI --dangerously-skip-permissions	✅	✅ (+ --yolo alias)
Environment variable	✅	✅
TUI warning indicator	✅	✅ (Desktop "ACTIVE" badge)
CLI commands (yolo status/enable/disable)	❌	✅
Desktop UI (Settings → Danger Zone)	❌	✅
Config file support ("yolo": true)	❌	✅
Runtime API (GET/POST /config/yolo)	❌	✅
Session vs Permanent modes	❌	✅
Live toggle without restart	❌	✅

Summary:

• PR feat: add --dangerously-skip-permissions flag #7137 is a focused CLI-only implementation
• This PR (feat: YOLO Mode - Skip All Permission Prompts (CLI + Desktop) #9073) is a comprehensive implementation covering CLI + Desktop + Config + API

If PR #7137's simpler approach is preferred, the maintainers could merge that instead. However, this PR provides a more complete solution that addresses all related feature requests (#8463, #7928, #1813) with full parity between CLI and Desktop.

Happy to consolidate or adjust based on maintainer feedback!

[freak4pc]

This is such a needed addition IMO, thanks for pushing it!

[mguttmann]

Added ability to delete individual OAuth accounts

Update: This feature has been moved to PR #9069 (Multi-Account OAuth) where it logically belongs. See my comment below for details.

[iljod]

Added ability to delete individual OAuth accounts:

* **CLI**: `opencode auth logout` now shows account selection for multi-account providers

* **Desktop**: Delete button (X) with confirmation for each account in Provider settings

* **API**: `DELETE /auth/account` endpoint

This was a missing feature - you could add multiple accounts but couldn't remove them individually.

imo not the scope of this pr, should be a different one

[mguttmann]

Good catch @iljod! You're absolutely right - the delete account functionality doesn't belong in this PR.

I've moved it to PR #9069 (Multi-Account OAuth) where it logically belongs. The delete feature is needed for managing multiple OAuth accounts, not for YOLO mode.

Changes made:

• Removed the delete account commit from this PR
• Cherry-picked it to PR feat: Multi-Account OAuth Rotation with Settings UI and CLI Enhancements #9069
• Updated both PR descriptions

This PR now focuses purely on YOLO mode functionality.

[mguttmann]

Rebased to latest dev

This PR has been rebased to build on top of PR #9069 (Multi-Account OAuth) and adapted to the latest upstream changes.

Changes in this update:

• Rebased onto feat/multi-account-oauth-rotation-and-settings
• Integrated YOLO mode with new modular permission system
• Added API endpoints in config routes (/config/yolo)
• Added CLI support (--yolo flag and opencode yolo subcommand)

Features:

• --yolo CLI flag for single session
• OPENCODE_YOLO=true environment variable
• yolo: true in config.json for permanent setting
• opencode yolo status/enable/disable commands
• Desktop UI integration via API endpoints
• Respects explicit deny rules in permission config

Depends on:

• PR feat: Multi-Account OAuth Rotation with Settings UI and CLI Enhancements #9069 (Multi-Account OAuth)

Ready for review!

[mguttmann]

Update: Rebased onto latest dev (v1.1.30+)

Branch has been rebased onto the updated #9069 (Multi-Account OAuth).

Structure:

origin/dev
    └── #9069 Multi-Account OAuth
            └── #9073 YOLO Mode (this PR)

Features:

• Skip all permission prompts with --yolo flag or OPENCODE_YOLO=1
• Config option yolo: true in global config
• CLI command: opencode yolo [on|off|status]
• API endpoints: GET/POST /config/yolo

Files:

• packages/opencode/src/yolo/index.ts - YOLO state management
• packages/opencode/src/cli/cmd/yolo.ts - CLI commands
• packages/opencode/src/permission/next.ts - Auto-approve integration
• packages/opencode/src/server/routes/config.ts - API endpoints

Typecheck passes ✅ | Build passes ✅

Depends on #9069 being merged first.

[mguttmann]

Closing in favor of combined PR with all features (Multi-Account, YOLO Mode, Auto-Relogin)

[dlukt]

Closing in favor of combined PR with all features (Multi-Account, YOLO Mode, Auto-Relogin)

Which PR?

[mguttmann]

@dlukt PR #9972 👉 #9972

Has all the features combined: Multi-Account OAuth, YOLO Mode, and Auto-Relogin.