A comprehensive opencode plugin that enforces best practices by blocking potentially harmful or non-reproducible commands and file edits.
The plugin blocks various commands to promote better development practices:
node- Blocked in favor ofbunorbunxnpm- Blocked in favor ofbunorbunx
pip- Blocked in favor ofuvoruvxpython,python2,python3- Blocked in favor ofuvoruvx- Exception: Virtual environment python commands are allowed:
- ✅
.venv/bin/python,.venv/bin/python3 - ✅
venv/bin/python,venv/bin/python3 - ✅
env/bin/python,env/bin/python3
- ✅
- Exception: Virtual environment python commands are allowed:
- Write operations - Only read-only git commands are allowed:
- ✅
git status - ✅
git diff - ✅
git show - ❌
git add,git commit,git push,git checkout, etc.
- ✅
- Local flake references - Must use proper prefixes:
- ✅
nix run path:./my-flake#output - ✅
nix run github:user/repo#output - ✅
nix run git+https://github.com/user/repo#output - ❌
nix run ./my-flake#output
- ✅
sudoandsu- Blocked to prevent privilege escalation:- ❌
sudo apt update - ❌
su root - Rationale: Agents should instruct system administrators to perform privileged operations
- ❌
Prevents editing of auto-generated lock files:
package-lock.json- Usebun installorbun updateinsteadbun.lockb- Usebun installorbun updateinsteadyarn.lock- Useyarn installoryarn upgradeinsteadpnpm-lock.yaml- Usepnpm installorpnpm updateinsteadpoetry.lock- Usepoetry installorpoetry updateinsteaduv.lock- Useuv syncoruv lockinsteadCargo.lock- Usecargo updateinsteadGemfile.lock- Usebundle installorbundle updateinsteadflake.lock- Usenix flake updateinstead
# Add to your opencode pluginsThe plugin works out of the box with sensible defaults. All blocking rules are hardcoded for consistency and reliability.
# JavaScript with Bun
bun install
bunx create-react-app my-app
# Python with uv
uv sync
uvx ruff check .
# Virtual environment python (allowed)
.venv/bin/python script.py
venv/bin/python3 -c "print('hello')"
# Git read operations
git status
git diff HEAD~1
git show HEAD
# Nix with proper prefixes
nix run path:./my-flake#hello
nix run github:nix-community/nixpkgs-fmt#nixpkgs-fmt# These will be blocked with helpful error messages
node --version
npm install
pip install requests
python script.py # (but .venv/bin/python is allowed)
git add .
nix run ./my-flake#hello
sudo apt update
su rootThe plugin detects and blocks various command injection techniques:
- Piping:
echo "node --version" | bash - Command substitution:
echo $(node --version) - Backticks:
echo \node --version`` - Semicolons:
ls; node --version - Logical operators:
ls && node --version - Background execution:
node --version & - Redirection:
node --version > output.txt - Environment variables:
NODE_ENV=prod node app.js - Eval/Exec:
eval "node --version" - Quoted strings:
bash -c "node --version"
The plugin uses sophisticated regex patterns to detect blocked commands in:
- Complex command structures
- Multi-line commands
- Nested command substitutions
- Various quoting styles
Run the test suite:
npm test
# or
bun testThe plugin includes comprehensive tests covering:
- All blocked commands and allowed alternatives
- File edit restrictions
- Various escape methods and edge cases
- Integration scenarios
This plugin enforces several development best practices:
- Reproducibility: Blocks direct package manager usage in favor of modern alternatives
- Lock File Integrity: Prevents manual editing of auto-generated lock files
- Git Workflow: Encourages proper git workflows by limiting write operations
- Nix Best Practices: Ensures proper flake referencing for reproducibility
- Security: Blocks potentially harmful command injection techniques and privilege escalation attempts
When adding new blocking rules:
- Add the rule to the appropriate constant (e.g.,
BLOCKED_COMMAND_MESSAGES) - Implement the validation logic in the corresponding function
- Add comprehensive tests covering various usage patterns
- Update this README with the new functionality
This plugin is part of the opencode ecosystem.