I would like to be able to run without any external network access/requests while running.

I tried doing this by disabling networking in the docker container where I run opencode, but opencode needs to do dep and module resolution on startup so that didn't work.

My immediate use case is that I'm doing some automated eval tasks (opencode run ...) and want to remove the variability and lack of reproducibility that comes from opencode getting data from the web.

The basic request is to add a permission setting for the webfetch tool. This isn't foolproof because opencode might try and fallback to using CLI tools via bash. So a complete solution would be someway to restrict opencode from all internet access once it does initial startup. But for now, permissions for webfetch would be awesome.