CR: OpenCode Config Hardening — Implementation

Implementation

1. Root opencode.json — Sync All 5 Rules

File: opencode.json (repo root)

Added 3 missing instruction references:

  • opencode/rules/bash-shell.md

  • opencode/rules/d2-diagrams.md

  • opencode/rules/python.md

These were already loaded by the global opencode.jsonc but were missing from the project-scoped manifest.

2. doc-auditor Agent — Add Constraints

File: opencode/.config/opencode/agents/doc-auditor.md

Added frontmatter to match adoc-linter restrictions:

  • model: anthropic/claude-haiku-4-5 — cheap model appropriate for read-only analysis

  • permission.edit: deny — prevents file modifications

  • permission.bash: deny — prevents command execution

  • permission.webfetch: deny — prevents network access

3. README — Fix Ollama Description

File: opencode/README.adoc

Changed Ollama provider row from "Commented placeholder (not installed)" to "Active default — Qwen3 30B MoE on RTX 5090, DeepSeek R1 14B".

4. Permission Hardening

File: opencode/.config/opencode/opencode.jsonc

npx: Changed from allow to ask. npx downloads and executes arbitrary npm packages — auto-allowing this is equivalent to allowing arbitrary code execution.

curl data exfiltration: Added 5 deny patterns:

  • curl * -d * — POST data

  • curl * --data * — POST data (long form)

  • curl * -F * — multipart form upload

  • curl * --form * — multipart form upload (long form)

  • curl * --upload-file * — file upload

GET requests remain auto-allowed. The deny patterns prevent the agent from exfiltrating file contents via HTTP POST/upload while preserving normal API inspection workflows.