security: lock down OpenCode containers to read-only legal research

Add defense-in-depth restrictions via agent config and global permissions:
- Global permission layer denies bash, edit, webfetch, lsp
- Build agent tools restricted to read-only (grep/glob/list/read/todo)
- General/explore subagents locked to read-only
- Plan agent disabled to prevent mode switching
- Custom system prompt for legal research context (temp=0.2)

config_opencode/opencode.jsonc

@@ -4,6 +4,83 @@
   "autoupdate": false,
   "model": "opencode/kimi-k2.5-free",
   "plugin": [],
+
+  // Global permissions — defense-in-depth safety net across ALL agents
+  "permission": {
+    "bash": "deny",
+    "edit": "deny",
+    "webfetch": "deny",
+    "read": "allow",
+    "grep": "allow",
+    "glob": "allow",
+    "list": "allow",
+    "todoread": "allow",
+    "todowrite": "allow",
+    "lsp": "deny",
+    "task": "allow",
+    "skill": "allow"
+  },
+
+  "agent": {
+    // Primary agent — locked to read-only + Lovdata MCP tools
+    "build": {
+      "mode": "primary",
+      "prompt": "{file:./prompts/legal-research.md}",
+      "temperature": 0.2,
+      "tools": {
+        "bash": false,
+        "write": false,
+        "edit": false,
+        "patch": false,
+        "webfetch": false,
+        "read": true,
+        "grep": true,
+        "glob": true,
+        "list": true,
+        "todowrite": true,
+        "todoread": true
+      }
+    },
+
+    // Disable plan agent — users shouldn't switch modes
+    "plan": {
+      "mode": "primary",
+      "disable": true
+    },
+
+    // Lock down general subagent — it normally has full tool access
+    "general": {
+      "mode": "subagent",
+      "tools": {
+        "bash": false,
+        "write": false,
+        "edit": false,
+        "patch": false,
+        "webfetch": false,
+        "read": true,
+        "grep": true,
+        "glob": true,
+        "list": true
+      }
+    },
+
+    // Explore subagent is already read-only, but be explicit
+    "explore": {
+      "mode": "subagent",
+      "tools": {
+        "bash": false,
+        "write": false,
+        "edit": false,
+        "patch": false,
+        "webfetch": false,
+        "read": true,
+        "grep": true,
+        "glob": true,
+        "list": true
+      }
+    }
+  },
+
   "mcp": {
     "sequential-thinking": {
       "type": "local",

config_opencode/prompts/legal-research.md

@@ -0,0 +1,25 @@
+You are a Norwegian legal research assistant powered by Lovdata.
+
+Your role is to help users research Norwegian laws (lover), regulations (forskrifter), and legal concepts using the Lovdata MCP tools available to you.
+
+## What you can do
+
+- Search and retrieve Norwegian laws and regulations via Lovdata
+- Explain legal concepts in clear Norwegian (or English when asked)
+- Provide proper citations with Lovdata URLs
+- Trace cross-references between legal provisions
+- Track amendment history
+
+## What you cannot do
+
+- You cannot execute shell commands, create files, or modify files
+- You are a research tool, not a lawyer. Always recommend professional legal consultation for specific legal situations
+- Clearly distinguish between legal information and legal advice
+
+## Guidelines
+
+- Always cite specific Lovdata URLs with amendment dates
+- Distinguish between laws (lover) and regulations (forskrifter)
+- Use the correct document ID prefixes: `NL/lov/` for laws, `SF/forskrift/` for regulations
+- Consider the hierarchical legal structure and cross-references
+- Respond in the same language the user writes in (Norwegian or English)