MCPcopy Index your code
hub / github.com/CloudAI-X/opencode-workflow / SecurityScanPlugin

Function SecurityScanPlugin

plugins/security-scan.ts:22–39  ·  view source on GitHub ↗
({ $ })

Source from the content-addressed store, hash-verified

20}
21
22export const SecurityScanPlugin = async ({ $ }) => {
23 return {
24 "tool.execute.before": async (input, output) => {
25 // Only check file modification tools
26 if (!["write", "edit", "patch"].includes(input.tool)) {
27 return
28 }
29
30 const filePath = input.args?.file_path || input.args?.filePath || input.args?.path || ""
31
32 if (filePath && isSensitiveFile(filePath)) {
33 throw new Error(
34 `SECURITY BLOCK: Cannot edit sensitive file "${filePath}". Edit manually if needed.`
35 )
36 }
37 },
38 }
39}

Callers

nothing calls this directly

Calls 1

isSensitiveFileFunction · 0.85

Tested by

no test coverage detected