sparkfabrik · paolomainardi · Feb 10, 2026 · Feb 10, 2026 · Feb 10, 2026 · Feb 10, 2026
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -8,6 +8,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [Unreleased]
 
 ### Added
+- Added secure OpenCode permissions config to block dangerous commands (rm -rf, sudo, docker prune, kubectl delete, terraform destroy, git force push, etc.) requiring user confirmation before execution
 - Added OpenSpec (@fission-ai/openspec) npm package to default package list for spec-driven development with AI coding assistants
 - Added opencode AI coding tool to default package list (now officially supported by Copilot)
 - Added OpenCode shell alias: `c` as a simple alias to `opencode` command

diff --git a/ansible/macos/macos/base.yml b/ansible/macos/macos/base.yml
@@ -716,7 +716,7 @@
             mode: "0755"
           become: no
 
-        - name: Deploy OpenCode configuration to disable Zen free models
+        - name: Deploy OpenCode configuration with security permissions and Zen provider disabled
           copy:
             src: "{{ dev_env_dir }}/config/macos/opencode.json"
             dest: "{{ ansible_facts['env']['HOME'] }}/.config/opencode/opencode.json"
@@ -725,7 +725,7 @@
 
         - name: Display OpenCode configuration status
           debug:
-            msg: "✅ OpenCode configuration deployed successfully (Zen provider disabled for privacy compliance)"
+            msg: "✅ OpenCode configuration deployed successfully (Zen provider disabled, dangerous commands require user confirmation)"
 
   post_tasks:
     - name: Print installation complete message

diff --git a/config/macos/opencode.json b/config/macos/opencode.json
@@ -1,4 +1,139 @@
 {
   "$schema": "https://opencode.ai/config.json",
-  "disabled_providers": ["opencode"]
-}
+  "disabled_providers": ["opencode"],
+  "permissions": {
+    "deny": {
+      "bash": [
+        "rm -rf /",
+        "rm -rf /*",
+        "rm -rf ~",
+        "rm -rf ~/*",
+        "rm -rf .",
+        "rm -rf *",
+        "rmdir *",
+        "sudo rm *",
+        "sudo rmdir *",
+        "sudo *",
+        "su *",
+        "chmod -R 777 *",
+        "chmod 777 *",
+        "chown *",
+        "chgrp *",
+        "kill *",
+        "killall *",
+        "pkill *",
+        "shutdown *",
+        "reboot *",
+        "halt *",
+        "poweroff *",
+        "dd *",
+        "mkfs *",
+        "fdisk *",
+        "parted *",
+        "diskutil eraseDisk *",
+        "diskutil partitionDisk *",
+        "curl * | sh",
+        "curl * | bash",
+        "wget * | sh",
+        "wget * | bash",
+        "eval *",
+        "git push --force *",
+        "git push -f *",
+        "git push origin --force *",
+        "git push origin -f *",
+        "git reset --hard *",
+        "git clean -fd *",
+        "git clean -f *",
+        "git checkout -- .",
+        "git branch -D *",
+        "docker rm -f *",
+        "docker rmi -f *",
+        "docker system prune *",
+        "docker volume rm *",
+        "docker volume prune *",
+        "docker network rm *",
+        "docker network prune *",
+        "docker container prune *",
+        "docker image prune *",
+        "docker compose down -v *",
+        "docker compose rm *",
+        "docker stop $(docker ps *)",
+        "docker rm $(docker ps *)",
-        "docker stop $(docker ps *)",
-        "docker rm $(docker ps *)",
+        "docker stop $(docker ps -q*)",
+        "docker rm $(docker ps -aq*)",
-        "docker stop $(docker ps *)",
-        "docker rm $(docker ps *)",
+        "docker stop $(docker ps -q*)",
+        "docker rm $(docker ps -aq*)",
+        "kubectl delete *",
+        "kubectl drain *",
+        "kubectl cordon *",
+        "kubectl taint *",
+        "kubectl apply *",
+        "kubectl create *",
+        "kubectl patch *",
+        "kubectl replace *",
+        "kubectl scale *",
+        "kubectl rollout *",
+        "kubectl exec *",
+        "kubectl edit *",
+        "kubectl set *",
+        "kubectl label *",
+        "kubectl annotate *",
+        "helm install *",
+        "helm upgrade *",
+        "helm uninstall *",
+        "helm delete *",
+        "helm rollback *",
+        "terraform apply *",
+        "terraform destroy *",
+        "terraform import *",
+        "terraform taint *",
+        "terraform untaint *",
+        "terraform state rm *",
+        "npm publish *",
+        "npm unpublish *",
+        "npm deprecate *",
+        "npm dist-tag *",
+        "npm access *",
+        "npm owner *",
+        "yarn publish *",
+        "pnpm publish *",
+        "cargo publish *",
+        "gem push *",
+        "pip install --user *",
+        "brew uninstall *",
+        "brew remove *",
+        "brew cleanup --prune=all *",
+        "mas uninstall *",
+        "launchctl unload *",
+        "launchctl remove *",
+        "systemctl stop *",
+        "systemctl disable *",
+        "systemctl mask *",
+        "defaults delete *",
+        "defaults write *",
+        "networksetup *",
+        "scutil *",
+        "csrutil *",
+        "spctl *",
+        "security delete-keychain *",
+        "security delete-certificate *",
+        "ssh *",
+        "scp *",
+        "rsync --delete *",
+        "rsync * --delete *",
+        "aws s3 rm *",
+        "aws s3 rb *",
+        "aws ec2 terminate-instances *",
+        "aws rds delete-db-instance *",
+        "aws cloudformation delete-stack *",
+        "gcloud compute instances delete *",
+        "gcloud projects delete *",
+        "gcloud sql instances delete *",
+        "az vm delete *",
+        "az group delete *",
+        "az sql server delete *",
+        "xattr -cr *",
+        "dscl *",
+        "open -a Terminal *",
+        "osascript *",
+        "crontab -r *"
+      ]
+    }
+  }
+}