giteadmin/.dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add AGENTS.md

Browse Source
This commit is contained in:
Jonathan Agmon
2026-03-22 23:22:49 +02:00
parent 90674e60d9
commit 708bb1feb4
1 changed files with 54 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
.config/opencode/AGENTS.md Normal file
View File

@@ -0,0 +1,54 @@
# Global Security Rules for OpenCode
## CRITICAL: Forbidden File Patterns
**NEVER read, access, or attempt to open the following:**
### Environment & Secret Files
- `.env` and all variants EXCEPT `.env.example` (`.env.local`, `.env.development`, `.env.production`, `.env.*`)
- `.envrc` (direnv files)
- `.secret` and `.secrets`
- `.api`, `.apis`, `.apikey`
### Secret Directories (anywhere in the project)
- Any file under `secrets/` directory at ANY level
- Any file under `.secrets/` directory at ANY level
- Any file under `.secret/` directory at ANY level
### Credential & Key Files
- Files ending in: `.pem`, `.key`, `.p12`, `.pfx`
- `credentials.json`, `credentials.yml`, `credentials.yaml`
- `private_key`, `privatekey`, `id_rsa`, `id_dsa`, `id_ecdsa`, `id_ed25519`
- `*.keystore`, `*.jks` (Java keystores)
- `token`, `tokens`, `.token`, `.tokens`
- `password`, `passwords`, `.password`, `.passwords`
### Rationale
These locations contain sensitive data: API keys, passwords, tokens, private keys, database credentials, certificates, and configuration secrets that must NEVER be exposed to LLM context or logged.
### Allowed Exception
- `.env.example` files CAN be read (they contain example/placeholder values, not real secrets)
### What To Do Instead
- If environment variables are needed, ask the user to provide them explicitly
- Use placeholder values or reference `.env.example` when demonstrating code
- Work without secrets when possible
- When in doubt, ask the user before accessing any file that might contain sensitive data
## AGENTS.md File Editing Rule
**When editing the global AGENTS.md file:**
If the user asks to edit the global AGENTS.md file, then only edit the file located at `~/.config/opencode/AGENTS.md`. Do not search for or attempt to edit other AGENTS.md files that may exist in the workspace or project directories.
## Context7 Rule
**Always use Context7 when I need library/API documentation, code generation, setup or configuration steps without me having to explicitly ask.**
When you need to search docs, use Context7.
## Question Asking Rule
**When you need to ask the user multiple questions - DO NOT ask all of them at once, instead ask 1 by 1.**
Ask questions sequentially, waiting for the user's response to each question before asking the next one. This prevents overwhelming the user and allows them to focus on one decision at a time.