OpenCode plugin that prompts before risky bash commands and allows safe commands through.
bash-guard checks bash permission requests against two regex lists. On OpenCode 1.14.24 this uses permission.asked events and replies through the permission API because the documented permission.ask hook is not called for built-in bash.
| Match | Result |
|---|---|
BLOCKLIST_PATTERNS |
auto-reject |
DESTRUCTIVE_PATTERNS |
ask: allow once, allow always, or reject |
| no match | auto-allow once |
| unknown command text | ask |
allow always is session-scoped for the normalized command text.
From this repo:
mkdir -p ~/.config/opencode/plugins
ln -sf "$(pwd)/bash-guard.ts" ~/.config/opencode/plugins/bash-guard.tsRestart OpenCode after linking.
Edit bash-guard.ts:
- Add prompt-only patterns to
DESTRUCTIVE_PATTERNS. - Add deny-only patterns to
BLOCKLIST_PATTERNS.
BLOCKLIST_PATTERNS starts empty by design.
Run these from an OpenCode session after installing:
pwd
touch /tmp/oc-bash-guard-testExpected:
pwdruns without prompt.touch /tmp/oc-bash-guard-testprompts.- Reject blocks the command.
- Allow once runs the command and prompts again next time.
- Allow always runs the same normalized command for the rest of the session.
To verify blocklist behavior, temporarily add a regex to BLOCKLIST_PATTERNS, confirm the matching command is rejected without prompt, then remove it.
context.ask exists for custom plugin tools, but is not the right API for guarding the built-in bash tool.