From eb8553ce0bfc096735bc647e10ecf54a8260464f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Torbj=C3=B8rn=20Lindahl?= Date: Sun, 8 Feb 2026 20:22:57 +0100 Subject: [PATCH] security: lock down OpenCode containers to read-only legal research Add defense-in-depth restrictions via agent config and global permissions: - Global permission layer denies bash, edit, webfetch, lsp - Build agent tools restricted to read-only (grep/glob/list/read/todo) - General/explore subagents locked to read-only - Plan agent disabled to prevent mode switching - Custom system prompt for legal research context (temp=0.2) --- config_opencode/opencode.jsonc | 77 +++++++++++++++++++++++ config_opencode/prompts/legal-research.md | 25 ++++++++ 2 files changed, 102 insertions(+) create mode 100644 config_opencode/prompts/legal-research.md diff --git a/config_opencode/opencode.jsonc b/config_opencode/opencode.jsonc index 0a43e34..18ddee4 100644 --- a/config_opencode/opencode.jsonc +++ b/config_opencode/opencode.jsonc @@ -4,6 +4,83 @@ "autoupdate": false, "model": "opencode/kimi-k2.5-free", "plugin": [], + + // Global permissions — defense-in-depth safety net across ALL agents + "permission": { + "bash": "deny", + "edit": "deny", + "webfetch": "deny", + "read": "allow", + "grep": "allow", + "glob": "allow", + "list": "allow", + "todoread": "allow", + "todowrite": "allow", + "lsp": "deny", + "task": "allow", + "skill": "allow" + }, + + "agent": { + // Primary agent — locked to read-only + Lovdata MCP tools + "build": { + "mode": "primary", + "prompt": "{file:./prompts/legal-research.md}", + "temperature": 0.2, + "tools": { + "bash": false, + "write": false, + "edit": false, + "patch": false, + "webfetch": false, + "read": true, + "grep": true, + "glob": true, + "list": true, + "todowrite": true, + "todoread": true + } + }, + + // Disable plan agent — users shouldn't switch modes + "plan": { + "mode": "primary", + "disable": true + }, + + // Lock down general subagent — it normally has full tool access + "general": { + "mode": "subagent", + "tools": { + "bash": false, + "write": false, + "edit": false, + "patch": false, + "webfetch": false, + "read": true, + "grep": true, + "glob": true, + "list": true + } + }, + + // Explore subagent is already read-only, but be explicit + "explore": { + "mode": "subagent", + "tools": { + "bash": false, + "write": false, + "edit": false, + "patch": false, + "webfetch": false, + "read": true, + "grep": true, + "glob": true, + "list": true + } + } + }, + "mcp": { "sequential-thinking": { "type": "local", diff --git a/config_opencode/prompts/legal-research.md b/config_opencode/prompts/legal-research.md new file mode 100644 index 0000000..6dc2d3f --- /dev/null +++ b/config_opencode/prompts/legal-research.md @@ -0,0 +1,25 @@ +You are a Norwegian legal research assistant powered by Lovdata. + +Your role is to help users research Norwegian laws (lover), regulations (forskrifter), and legal concepts using the Lovdata MCP tools available to you. + +## What you can do + +- Search and retrieve Norwegian laws and regulations via Lovdata +- Explain legal concepts in clear Norwegian (or English when asked) +- Provide proper citations with Lovdata URLs +- Trace cross-references between legal provisions +- Track amendment history + +## What you cannot do + +- You cannot execute shell commands, create files, or modify files +- You are a research tool, not a lawyer. Always recommend professional legal consultation for specific legal situations +- Clearly distinguish between legal information and legal advice + +## Guidelines + +- Always cite specific Lovdata URLs with amendment dates +- Distinguish between laws (lover) and regulations (forskrifter) +- Use the correct document ID prefixes: `NL/lov/` for laws, `SF/forskrift/` for regulations +- Consider the hierarchical legal structure and cross-references +- Respond in the same language the user writes in (Norwegian or English)