CR: OpenCode Configuration Hardening

Change Summary

Field Value

CR ID

CR-2026-04-05-opencode-config-hardening

Date

2026-04-05

Priority

P1 - High

Type

Security Hardening / Configuration Fix

Status

Complete

Requestor

Evan Rosado

Implementor

Evan Rosado

Risk Level

Low (additive permission restrictions, no functional regression)

Systems Affected

dots-quantum/opencode/ stow package

Related Project

dots-quantum

Objective

Fix 3 critical configuration issues and harden the permission model in the OpenCode stow package, discovered during a comprehensive configuration audit.

Background

A full review of the opencode/ stow package revealed:

  1. The root opencode.json only loaded 2 of 5 instruction rules, meaning bash, D2, and Python rules were silently ignored when OpenCode was invoked from the dots-quantum repo.

  2. The doc-auditor subagent had no model or permission constraints, unlike its sibling adoc-linter — meaning it could theoretically edit files and run bash commands despite being designed as a read-only auditor.

  3. The README described Ollama as a "Commented placeholder (not installed)" when it was actually the active default model.

  4. Several bash permissions created unnecessary attack surface: curl * allowed data exfiltration, npx * allowed arbitrary package execution.

Files Modified

File Change

opencode.json

Added 3 missing rule references (bash-shell, d2-diagrams, python)

opencode/.config/opencode/agents/doc-auditor.md

Added model, edit/bash/webfetch deny constraints

opencode/README.adoc

Fixed Ollama provider description

opencode/.config/opencode/opencode.jsonc

npx → ask, added 5 curl deny patterns

Changelog

Date Author Change

2026-04-05

Evan Rosado

Initial CR — retroactive documentation of config audit findings and fixes (4 files modified)