k3s-cluster-apps/.opencode/plugin/env-protection.ts at c506d5aa6f7c8578b99e1967881e18ca4c5bfbef · dkarter/k3s-cluster-apps · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
import type { Plugin } from '@opencode-ai/plugin';

type Pattern = {
  regex: RegExp;
  msg: string;
};

const forbiddenFilePatterns: Pattern[] = [
  {
    regex: /\.env/,
    msg: 'Do not read .env files',
  },
];

const forbiddenCommandPatterns: Pattern[] = [
  {
    regex: /kubectl .*get .*secret/,
    msg: 'Do not read kubernetes secrets',
  },
  {
    regex: /gcloud .*secrets/,
    msg: 'Do not read gcloud secrets',
  },
  {
    regex: /gh auth token/,
    msg: 'Do not read github tokens',
  },
  {
    regex: /gh auth status --show-token/,
    msg: 'Do not read github tokens',
  },
];

export const EnvProtectionPlugin: Plugin = async () => {
  return {
    'tool.execute.before': async (input, output) => {
      forbiddenFilePatterns.forEach(({ regex, msg }) => {
        const readingForbiddenPathDirectly =
          input.tool === 'read' && regex.test(output.args.filePath);

        const readingForbiddenPathViaBash =
          input.tool === 'bash' &&
          /(cat|bat|rg|grep)/.test(output.args.command) &&
          regex.test(output.args.command);

        const readingForbiddenPathViaGrep =
          input.tool === 'grep' && /(\.env)/.test(output.args.include);

        if (
          readingForbiddenPathDirectly ||
          readingForbiddenPathViaBash ||
          readingForbiddenPathViaGrep
        ) {
          throw new Error(msg);
        }
      });

      forbiddenCommandPatterns.forEach(({ regex, msg }) => {
        if (input.tool === 'bash' && regex.test(output.args.command)) {
          throw new Error(msg);
        }
      });
    },
  };
};