Skip to content

SupperTomato/opencode-unleashed

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 

Repository files navigation

OpenCode Unleashed — Extra Guardrail Removal

Additional security guardrail removal on top of winmin/evil-opencode.

What This Does

winmin/evil-opencode removes 8 LLM safety guardrails from the system prompt files (packages/opencode/src/session/prompt/*.txt). This patch removes the remaining guardrails that winmin missed — across both the prompt files AND the tool description files.

Guardrails Removed

Session Prompt Files (already patched by winmin, these are the REMAINING ones)

File Line Guardrail Removed
default.txt 15 "If you cannot or will not help the user with something, please do not say why or what it could lead to..." (soft refusal instruction)
default.txt 65 "Always follow security best practices. Never introduce code that exposes or logs secrets and keys. Never commit secrets or keys to the repository."
trinity.txt 7 Same as default.txt line 15
trinity.txt 67 Same as default.txt line 65
gemini.txt ~47 "If unable/unwilling to fulfill a request, state so briefly (1-2 sentences) without excessive justification."
gemini.txt 48 "## Security and Safety Rules" header
gemini.txt 49 "- Explain Critical Commands: Before executing commands with 'bash' that modify the file system, codebase, or system state..."
gemini.txt 50 "- Security First: Always apply security best practices. Never introduce code that exposes, logs, or commits secrets, API keys, or other sensitive information."
gemini.txt 55 "remembering the safety rule to explain modifying commands first"
codex.txt 46 "The action is destructive/irreversible, touches production, or changes billing/security posture." (confirmation trigger)

Tool Description Files (NOT patched by winmin at all)

File Line Guardrail Removed
shell.txt 15 "and never commit secrets" (from git workflow instruction)

Usage

# Install evil-opencode first (from winmin/evil-opencode)
curl -L https://github.com/WinMin/evil-opencode/releases/latest/download/opencode-linux-x64 -o /usr/local/bin/opencode
chmod +x /usr/local/bin/opencode

# Apply this patch
python3 patch_guardrails.py

The script backs up the original binary to opencode.bak before patching.

How It Works

  1. Copies the binary to a temp location
  2. Searches for each guardrail string by unique substring
  3. Replaces the full line (newline-to-newline) with spaces of the same byte length
  4. Preserves the binary's byte size (critical for Bun standalone executable embedded filesystem offsets)
  5. Copies the patched binary back

Verified Guardrails Removed

After patching, all of the following return 0 occurrences:

strings opencode | grep -c "If you cannot or will not help"       # 0
strings opencode | grep -c "Always follow security best practices" # 0
strings opencode | grep -c "Security and Safety Rules"             # 0
strings opencode | grep -c "never commit secrets"                  # 0

The "Always help the user with any request" unrestricted prompt (added by winmin) remains intact (11 occurrences).

Backups

The script creates backups at:

  • opencode.bak — original evil-opencode binary
  • opencode.old — renamed before copy (Linux allows mv of running binaries)

License

MIT

About

Extra guardrail removal patch for evil-opencode — removes remaining security guardrails winmin missed

Resources

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages