Skip to content

Releases: whjvenyl/opencode-damage-control

v1.5.0

03 Mar 10:39
@github-actions github-actions
v1.5.0
8762df7

Choose a tag to compare

View all tags
v1.5.0 Latest
Latest

What's Changed

Features

  • Windows destructive command patterns — 22 new patterns (7 block, 15 ask) covering del /s /q, rd /s /q, rmdir /s /q, diskpart, PowerShell Remove-Item -Recurse -Force, reg delete, wmic delete, net stop, net user /delete, sc delete, bcdedit, icacls /grant Everyone, takeown, schtasks /delete, Stop-Service, Uninstall-Package
  • Windows shell wrapper unwrapping — Extracts inner commands from cmd /c "...", powershell -Command "...", pwsh -c "..." before pattern matching
  • Windows shell operation classifiers — Added write ops (copy, xcopy, robocopy, move, ren, icacls, attrib) and delete ops (del, rd, erase) to shell classifiers
  • 144 total patterns (56 block, 88 ask) — up from 122 in v1.4.0
  • 454 tests — all passing

Maintenance

  • Added Buy Me a Coffee funding link
  • Added HTML promo card for social media

Full Changelog: v1.4.0...v1.5.0

Assets 2
Loading

v1.4.0

03 Mar 10:42
@whjvenyl whjvenyl
v1.4.0
b2b1e87

Choose a tag to compare

View all tags
v1.4.0

What's Changed

Features

  • Shell wrapper unwrapping — Extracts inner commands from bash -c "...", sh -c "...", python -c "..." (and more) before pattern matching; recursive up to depth 5
  • Process & system manipulation patterns — 30 new patterns covering crontab -r, systemctl mask/disable/stop, launchctl unload/bootout/remove, sysctl -w, iptables -F/-X, visudo, ufw disable, setenforce 0, and more
  • 122 total patterns (49 block, 73 ask) — up from 85 in v1.3.0

Bug Fixes

  • Release workflow — Fixed OIDC trusted publishing by upgrading npm to >=11.5.1 (Node 22 ships with npm 10.9.4 which lacks OIDC support)

Maintenance

  • Added .gitattributes and .editorconfig for code style consistency
  • Added Code of Conduct, README nav links, and npm keywords
  • Replaced ASCII diagram with Mermaid flowchart in README

Full Changelog: v1.3.0...v1.4.0

Loading

v1.3.0

03 Mar 10:44
@whjvenyl whjvenyl
v1.3.0
9683cfc

Choose a tag to compare

View all tags
v1.3.0

Initial Release

opencode-damage-control — a security plugin for OpenCode that blocks dangerous commands and protects sensitive files.

Features

  • Two-hook architecturetool.execute.before blocks/flags commands, permission.ask forces confirmation dialogs via OpenCode's permission system
  • 85 command patterns (42 block, 43 ask) covering destructive shell commands, SQL data loss, Git history destruction, cloud infrastructure deletion, platform teardown, and piped code execution
  • 33 protected file paths — zero-access for secrets (.env*, SSH keys, cloud credentials, TLS certs, Terraform state) and read-only for system files (/etc, /boot, shell configs)
  • Configurable via JSON — project-level (.opencode/damage-control.json) and global (~/.config/opencode/damage-control.json) configs with merge semantics (defaults → remove → override → add)
  • CI/CD — GitHub Actions for test/build on PR, tag-based releases with npm OIDC trusted publishing
Loading