MCP tool permissions not working after migration from tools to permissions

[Hipfox]

Description

After the major change that merged tools into permissions, MCP tool permissions can no longer be controlled using the permissions configuration. The legacy tools configuration still works, but the new permissions configuration does not apply to MCP tools.

Working configuration (legacy tools field)

{  
  "$schema": "https://opencode.ai/config.json",  
  "mcp": {  
    "my-mcp": {  
      "type": "local",  
      "command": ["bun", "x", "my-mcp-command"],  
      "enabled": true  
    }  
  },  
  "tools": {  
    "my-mcp*": false  
  },  
  "agent": {  
    "my-agent": {  
      "tools": {  
        "my-mcp*": true  
      }  
    }  
  }  
}

Non-working configuration (new permissions field)

permissions:  
  "my-mcp*": allow

The permissions configuration should control MCP tools the same way the tools configuration did, but it appears that MCP tool patterns are not being properly evaluated in the new permissions system.

Expected Behavior
MCP tools should be controllable using the permissions field with glob patterns like "my-mcp*": allow or "my-mcp*": deny, just as they were with the tools field.

Context
This issue appears to be related to the permissions system overhaul that merged tools into permissions. The migration logic in packages/opencode/src/config/config.ts shows that legacy tools config should be converted to permission config, and the Permission schema includes a catchall pattern that should support arbitrary tool permissions.

However, it seems that MCP tool permissions are not being properly applied when using the new permissions configuration format.

Notes
The documentation shows examples of controlling MCP tools using the tools configuration mcp-servers.mdx, but there are no examples showing how to control MCP tools using the new permissions configuration. This suggests either a documentation gap or an implementation bug.

Wiki pages you might want to explore: https://opencode.ai/docs/mcp-servers/#per-agent

Plugins

No response

OpenCode version

v1.1.1

Steps to reproduce

No response

Screenshot and/or share link

No response

Operating System

No response

Terminal

No response

[Hipfox]

Update: I just discovered that the issue might be caused by a typo in the field name. I tested it again using permission (singular) instead of permissions (plural), and it worked!
With this correction, I can now successfully enable an MCP tool (which was globally disabled in opencode.json) within the YAML frontmatter of a specific agent markdown file like this:

permission:  
  "my-mcp*": allow

It seems the system expects the singular form permission in the frontmatter. Has anyone else encountered this, or is this the intended behavior?

opencode v1.1.3