{"slug": "opencode-ai-config-to-deny-read-access-to-env-node-modules-build-artifacts-cache", "title": "OpenCode AI config to deny read access to .env, node_modules, build artifacts, cache dirs and ask before bash execution", "summary": "OpenCode AI released a security-focused configuration that denies read access to sensitive files like .env, node_modules, build artifacts, and cache directories, and requires user approval before executing any bash commands. The configuration aims to protect secrets and prevent accidental exposure of build outputs or dependencies.", "body_md": "| { | |\n| \"$schema\": \"https://opencode.ai/config.json\", | |\n| \"permission\": { | |\n| \"bash\": { | |\n| \"*\": \"ask\" | |\n| }, | |\n| \"read\": { | |\n| \"*\": \"allow\", | |\n| \"**/.env\": \"deny\", | |\n| \"**/.env.*\": \"deny\", | |\n| \"**/.env.local\": \"deny\", | |\n| \"**/.env.development\": \"deny\", | |\n| \"**/.env.production\": \"deny\", | |\n| \"**/.env.test\": \"deny\", | |\n| \"**/.env.example\": \"allow\", | |\n| \"**/node_modules/**\": \"deny\", | |\n| \"**/.next/**\": \"deny\", | |\n| \"**/dist/**\": \"deny\", | |\n| \"**/build/**\": \"deny\", | |\n| \"**/out/**\": \"deny\", | |\n| \"**/.turbo/**\": \"deny\", | |\n| \"**/.cache/**\": \"deny\", | |\n| \"**/.parcel-cache/**\": \"deny\", | |\n| \"**/.vite/**\": \"deny\", | |\n| \"**/public/**\": \"deny\", | |\n| \"**/static/**\": \"deny\", | |\n| \"**/coverage/**\": \"deny\", | |\n| \"**/*.log\": \"deny\", | |\n| \"**/.git/**\": \"deny\", | |\n| \"**/.pnpm-store/**\": \"deny\", | |\n| \"**/.yarn/**\": \"deny\", | |\n| \"**/.DS_Store\": \"deny\", | |\n| \"**/tmp/**\": \"deny\", | |\n| \"**/temp/**\": \"deny\", | |\n| \"**/.vercel/**\": \"deny\", | |\n| \"**/.output/**\": \"deny\", | |\n| \"**/.nuxt/**\": \"deny\", | |\n| \"**/.svelte-kit/**\": \"deny\", | |\n| \"**/.angular/**\": \"deny\", | |\n| \"**/.astro/**\": \"deny\", | |\n| \"**/.firebase/**\": \"deny\", | |\n| \"**/.wrangler/**\": \"deny\", | |\n| \"**/.serverless/**\": \"deny\", | |\n| \"**/storybook-static/**\": \"deny\", | |\n| \"**/vendor/**\": \"deny\", | |\n| \"**/__pycache__/**\": \"deny\", | |\n| \"**/.pytest_cache/**\": \"deny\", | |\n| \"**/.mypy_cache/**\": \"deny\", | |\n| \"**/.ruff_cache/**\": \"deny\", | |\n| \"**/.venv/**\": \"deny\", | |\n| \"**/venv/**\": \"deny\" | |\n| } | |\n| } | |\n| } |", "url": "https://wpnews.pro/news/opencode-ai-config-to-deny-read-access-to-env-node-modules-build-artifacts-cache", "canonical_source": "https://gist.github.com/chrisipanaque/2e7b3de6fba6a45ced85a5389245f6d8", "published_at": "2026-07-04 11:43:48+00:00", "updated_at": "2026-07-04 11:48:21.843833+00:00", "lang": "en", "topics": ["ai-tools", "developer-tools", "ai-safety"], "entities": ["OpenCode AI"], "alternates": {"html": "https://wpnews.pro/news/opencode-ai-config-to-deny-read-access-to-env-node-modules-build-artifacts-cache", "markdown": "https://wpnews.pro/news/opencode-ai-config-to-deny-read-access-to-env-node-modules-build-artifacts-cache.md", "text": "https://wpnews.pro/news/opencode-ai-config-to-deny-read-access-to-env-node-modules-build-artifacts-cache.txt", "jsonld": "https://wpnews.pro/news/opencode-ai-config-to-deny-read-access-to-env-node-modules-build-artifacts-cache.jsonld"}}