Question

I see that the tools configuration has been deprecated in favor of the new permission system in OpenCode. The documentation provides clear examples for JSON configurations, such as:

{
  "permission": {
    "bash": {
      "npm *": "allow",
      "*": "ask"
    }
  }
}

Since it appears that the legacy tools configuration is still being picked up in .md files, I am unsure if this is intended to be stable behavior or just a temporary side effect of the migration logic.

1. Does the frontmatter in .md agents now support the same object-based permission syntax?
2. Could you provide an example of how to define these granular permissions (e.g., specific bash command patterns) directly within the Markdown file's metadata?
3. Is it safe to continue using the old tools field in .md files, or should we migrate them to the new format immediately to avoid breakage?

This is crucial for keeping our agents and subagents functional and secure without relying on manual session switches.