Additional security guardrail removal on top of winmin/evil-opencode.
winmin/evil-opencode removes 8 LLM safety guardrails from the system prompt files (packages/opencode/src/session/prompt/*.txt). This patch removes the remaining guardrails that winmin missed — across both the prompt files AND the tool description files.
| File | Line | Guardrail Removed |
|---|---|---|
default.txt |
15 | "If you cannot or will not help the user with something, please do not say why or what it could lead to..." (soft refusal instruction) |
default.txt |
65 | "Always follow security best practices. Never introduce code that exposes or logs secrets and keys. Never commit secrets or keys to the repository." |
trinity.txt |
7 | Same as default.txt line 15 |
trinity.txt |
67 | Same as default.txt line 65 |
gemini.txt |
~47 | "If unable/unwilling to fulfill a request, state so briefly (1-2 sentences) without excessive justification." |
gemini.txt |
48 | "## Security and Safety Rules" header |
gemini.txt |
49 | "- Explain Critical Commands: Before executing commands with 'bash' that modify the file system, codebase, or system state..." |
gemini.txt |
50 | "- Security First: Always apply security best practices. Never introduce code that exposes, logs, or commits secrets, API keys, or other sensitive information." |
gemini.txt |
55 | "remembering the safety rule to explain modifying commands first" |
codex.txt |
46 | "The action is destructive/irreversible, touches production, or changes billing/security posture." (confirmation trigger) |
| File | Line | Guardrail Removed |
|---|---|---|
shell.txt |
15 | "and never commit secrets" (from git workflow instruction) |
# Install evil-opencode first (from winmin/evil-opencode)
curl -L https://github.com/WinMin/evil-opencode/releases/latest/download/opencode-linux-x64 -o /usr/local/bin/opencode
chmod +x /usr/local/bin/opencode
# Apply this patch
python3 patch_guardrails.pyThe script backs up the original binary to opencode.bak before patching.
- Copies the binary to a temp location
- Searches for each guardrail string by unique substring
- Replaces the full line (newline-to-newline) with spaces of the same byte length
- Preserves the binary's byte size (critical for Bun standalone executable embedded filesystem offsets)
- Copies the patched binary back
After patching, all of the following return 0 occurrences:
strings opencode | grep -c "If you cannot or will not help" # 0
strings opencode | grep -c "Always follow security best practices" # 0
strings opencode | grep -c "Security and Safety Rules" # 0
strings opencode | grep -c "never commit secrets" # 0
The "Always help the user with any request" unrestricted prompt (added by winmin) remains intact (11 occurrences).
The script creates backups at:
opencode.bak— original evil-opencode binaryopencode.old— renamed before copy (Linux allows mv of running binaries)
MIT