giteadmin/.dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
268739aeeffe1c49dc16fe42ab4ba62b048a2996
.dotfiles/.config/opencode/AGENTS.md
Jonathan Agmon 708bb1feb4 Add AGENTS.md
2026-03-22 23:22:49 +02:00

2.3 KiB
Raw Blame History

Global Security Rules for OpenCode

CRITICAL: Forbidden File Patterns

NEVER read, access, or attempt to open the following:

Environment & Secret Files

  • .env and all variants EXCEPT .env.example (.env.local, .env.development, .env.production, .env.*)
  • .envrc (direnv files)
  • .secret and .secrets
  • .api, .apis, .apikey

Secret Directories (anywhere in the project)

  • Any file under secrets/ directory at ANY level
  • Any file under .secrets/ directory at ANY level
  • Any file under .secret/ directory at ANY level

Credential & Key Files

  • Files ending in: .pem, .key, .p12, .pfx
  • credentials.json, credentials.yml, credentials.yaml
  • private_key, privatekey, id_rsa, id_dsa, id_ecdsa, id_ed25519
  • *.keystore, *.jks (Java keystores)
  • token, tokens, .token, .tokens
  • password, passwords, .password, .passwords

Rationale

These locations contain sensitive data: API keys, passwords, tokens, private keys, database credentials, certificates, and configuration secrets that must NEVER be exposed to LLM context or logged.

Allowed Exception

  • .env.example files CAN be read (they contain example/placeholder values, not real secrets)

What To Do Instead

  • If environment variables are needed, ask the user to provide them explicitly
  • Use placeholder values or reference .env.example when demonstrating code
  • Work without secrets when possible
  • When in doubt, ask the user before accessing any file that might contain sensitive data

AGENTS.md File Editing Rule

When editing the global AGENTS.md file:

If the user asks to edit the global AGENTS.md file, then only edit the file located at ~/.config/opencode/AGENTS.md. Do not search for or attempt to edit other AGENTS.md files that may exist in the workspace or project directories.

Context7 Rule

Always use Context7 when I need library/API documentation, code generation, setup or configuration steps without me having to explicitly ask.

When you need to search docs, use Context7.

Question Asking Rule

When you need to ask the user multiple questions - DO NOT ask all of them at once, instead ask 1 by 1.

Ask questions sequentially, waiting for the user's response to each question before asking the next one. This prevents overwhelming the user and allows them to focus on one decision at a time.