security: lock down OpenCode containers to read-only legal research

Add defense-in-depth restrictions via agent config and global permissions: - Global permission layer denies bash, edit, webfetch, lsp - Build agent tools restricted to read-only (grep/glob/list/read/todo) - General/explore subagents locked to read-only - Plan agent disabled to prevent mode switching - Custom system prompt for legal research context (temp=0.2)
2026-02-08 20:22:57 +01:00
parent 7dae8faf62
commit eb8553ce0b
2 changed files with 102 additions and 0 deletions
--- a/config_opencode/opencode.jsonc
+++ b/config_opencode/opencode.jsonc
@@ -4,6 +4,83 @@
  "autoupdate": false,
  "model": "opencode/kimi-k2.5-free",
  "plugin": [],
+
+  // Global permissions — defense-in-depth safety net across ALL agents
+  "permission": {
+    "bash": "deny",
+    "edit": "deny",
+    "webfetch": "deny",
+    "read": "allow",
+    "grep": "allow",
+    "glob": "allow",
+    "list": "allow",
+    "todoread": "allow",
+    "todowrite": "allow",
+    "lsp": "deny",
+    "task": "allow",
+    "skill": "allow"
+  },
+
+  "agent": {
+    // Primary agent — locked to read-only + Lovdata MCP tools
+    "build": {
+      "mode": "primary",
+      "prompt": "{file:./prompts/legal-research.md}",
+      "temperature": 0.2,
+      "tools": {
+        "bash": false,
+        "write": false,
+        "edit": false,
+        "patch": false,
+        "webfetch": false,
+        "read": true,
+        "grep": true,
+        "glob": true,
+        "list": true,
+        "todowrite": true,
+        "todoread": true
+      }
+    },
+
+    // Disable plan agent — users shouldn't switch modes
+    "plan": {
+      "mode": "primary",
+      "disable": true
+    },
+
+    // Lock down general subagent — it normally has full tool access
+    "general": {
+      "mode": "subagent",
+      "tools": {
+        "bash": false,
+        "write": false,
+        "edit": false,
+        "patch": false,
+        "webfetch": false,
+        "read": true,
+        "grep": true,
+        "glob": true,
+        "list": true
+      }
+    },
+
+    // Explore subagent is already read-only, but be explicit
+    "explore": {
+      "mode": "subagent",
+      "tools": {
+        "bash": false,
+        "write": false,
+        "edit": false,
+        "patch": false,
+        "webfetch": false,
+        "read": true,
+        "grep": true,
+        "glob": true,
+        "list": true
+      }
+    }
+  },
+
  "mcp": {
    "sequential-thinking": {
      "type": "local",