A native OpenCode plugin that implements the Personal AI Infrastructure (PAI) logic, replacing legacy hook scripts with a cohesive, lifecycle-aware system.
This project is an OpenCode-compatible clone of the hook system from Dan Miessler's Personal AI Infrastructure (PAI) project. A massive shout out to Dan for the architectural vision and the original PAI patterns that this plugin brings to the OpenCode ecosystem.
The 10-Tier Security Firewall was inspired by the cutting-edge research of Johann Rehberger (Trust No AI). Special thanks to Johann for the deep-dive research into AI agent exploits (Unicode tags, DNS exfiltration, etc.) featured in his video: I hacked the new AI Computer-Use agents.
Disclaimer: This project is independent and is not supported by, affiliated with, or endorsed by Dan Miessler or the OpenCode team.
- Core Skill Loading: Automatically injects your
skill/core/SKILL.md(fromPAI_DIR) into the system prompt. - Dynamic Substitution: Supports placeholders like
{{DA}},{{DA_COLOR}}, and{{ENGINEER_NAME}}for personalized interactions. - Project Requirements: Automatically detects and loads
.opencode/dynamic-requirements.mdfrom your current project, allowing for task-specific instructions.
- Real-time Event Capture: Logs all tool calls and SDK events to
PAI_DIR/history/raw-outputsin an analytics-ready JSONL format. - Universal Output Capture System (UOCS): Automatically parses assistant responses for structured sections (SUMMARY, ANALYSIS, etc.) and generates artifacts in
decisions/,learnings/,research/, orexecution/based on context. - Session Summaries: Generates human-readable Markdown summaries in
PAI_DIR/history/sessionsat the end of every session, tracking files modified, tools used, and commands executed. - Agent Mapping: Tracks session-to-agent relationships (e.g., mapping a subagent session to its specialized type).
- Security Validator: A built-in firewall (
src/lib/security.ts) that scans Bash commands for dangerous patterns including reverse shells, recursive deletions, and prompt injections. - Advanced Protection:
- Unicode Sanitization: Automatically strips invisible Unicode "Tag" characters (U+E0000-U+E007F) from all inputs and outputs to prevent hidden prompt injections.
- Network Exfiltration Block: Prevents unauthorized data egress by blocking DNS-probing tools like
ping,dig,nslookup,nc, andwget. - Shell Escape Defense: Detects and blocks common shell escape bypasses like
find -execandstrings. - Self-Modification Protection: Locks core configuration files and the plugin's own source code from being modified by the agent.
- Safe-by-Default (HITL): All potentially dangerous tool executions—including those matching the security firewall—require explicit human confirmation. The firewall has been tuned in v2.1.0 to prioritize human-in-the-loop (HITL) 'Ask' prompts over hard 'Deny' blocks to maintain agent flow. Auto-approval ("YOLO mode") is disabled unless the
PAI_I_AM_DANGEROUS=trueenvironment variable is set. - Terminal Sanitization: Automatically strips ANSI escape codes from all logged output to prevent terminal-based attacks and ensure clean history.
- Data Redaction: Robustly masks secrets (AWS keys, GitHub tokens, Slack/Stripe/Google keys) in both logs and tool outputs.
- Real-time Tab Titles: Updates your terminal tab title instantly when a tool starts (e.g.,
Running bash...,Editing index.ts...). - Post-Task Summaries: Updates the tab title with a concise summary of what was accomplished when a task is completed.
The plugin centers around the PAI_DIR environment variable.
| Variable | Description | Default |
|---|---|---|
PAI_DIR |
Root directory for PAI skill and history | $XDG_CONFIG_HOME/opencode |
HISTORY_DIR |
Override directory for session logs | $PAI_DIR/history |
DA |
Name of your Digital Assistant | PAI |
ENGINEER_NAME |
Your name/identity | Operator |
DA_COLOR |
UI color theme for your DA | blue |
TIME_ZONE |
Timezone for log timestamps | system |
PAI_I_AM_DANGEROUS |
Enable YOLO mode (auto-approve tools) | false |
Add the plugin to your global opencode.json configuration file (typically located at ~/.config/opencode/opencode.json). OpenCode will automatically install the plugin from the registry on its next startup.
{
"plugin": [
"@fpr1m3/[email protected]"
]
}Upon first run, the plugin will automatically:
- Detect or create your
PAI_DIR(default:$XDG_CONFIG_HOME/opencode). - Initialize the required directory structure for skill and history.
- Create a default
SKILL.mdcore identity if one does not exist.
We provide scripts to verify the plugin in a pristine environment:
./scripts/create-test-env.sh: Creates a fresh, isolated OpenCode project for testing../scripts/test-full-flow.sh: Runs a complete E2E verification of the plugin lifecycle.
- Voice Server Integration: Implementation of the PAI voice notification server to provide audible feedback on task completion.
- Enhanced Agent Mapping: More granular tracking of subagent state transitions.
Note: This plugin is designed to work with the PAI ecosystem. While it auto-initializes a basic structure, you can customize your identity by editing $PAI_DIR/skill/core/SKILL.md.
Vibe coded with ❤️ by a mix of Claude Code and OpenCode.