Security News
US Government Forces Anthropic to Pull Claude Fable Days After Launch
Anthropic says the directive cited national security concerns over a narrow jailbreak, but offered no specific technical details.
By Sarah Gooding - Jun 13, 2026
Big News: Socket raises $60M Series C at a $1B valuation to secure software supply chains for AI-driven development.Announcement →
opencode-vibeguard
Advanced tools
opencode-vibeguard
OpenCode 插件:参考 VibeGuard 的占位符格式(__VG_...__)在发送给 LLM 前脱敏、在响应完成后自动还原、在工具执行前还原参数
English | 中文
opencode-vibeguard
An OpenCode plugin that:
- Replaces configured sensitive strings with placeholders before requests are sent to the LLM provider (the provider never sees plaintext)
- Restores placeholders back to the original text after the model output completes (more natural local display/persistence)
- Restores placeholders before tool execution (e.g.
bash/write/edit) so local tools run with real values
Note: OpenCode tool calls are stored in the DB with the real executed args/output. Before each request, this plugin also redacts historical tool inputs/outputs to prevent plaintext from being sent upstream in later turns.
Placeholder format (aligned with VibeGuard):
- Prefix:
__VG_ - Shape:
__VG_<CATEGORY>_<hash12>__or__VG_<CATEGORY>_<hash12>_<N>__ hash12is the first 12 hex chars ofHMAC-SHA256(session-random secret, original), stable within a session and irreversible to the provider
Install / Use (local dev)
- Put this plugin directory in your project (e.g.
./opencode-vibeguard/). - Load it in your OpenCode config:
{
"$schema": "https://opencode.ai/config.json",
"plugin": ["file://./opencode-vibeguard/src/index.js"]
}
- Put
vibeguard.config.jsonin your project root (copy fromvibeguard.config.json.example).
Safety note: to avoid unexpected modifications, the plugin becomes a no-op if the config file is missing or
enabled=false.
Install / Use (npm)
After publishing to npm, reference the package name in opencode.json:
{
"$schema": "https://opencode.ai/config.json",
"plugin": ["opencode-vibeguard"]
}
Configuration
Config lookup order (first match wins):
- Path specified by env var
OPENCODE_VIBEGUARD_CONFIG - Project root:
./vibeguard.config.json - Project
.opencodedir:./.opencode/vibeguard.config.json - Global dir:
~/.config/opencode/vibeguard.config.json
See vibeguard.config.json.example for an example.
Tests
cd opencode-vibeguard
npm test
Debug
Enable debug logs (will not print any plaintext secrets; only config path and replace counts):
OPENCODE_VIBEGUARD_DEBUG=1 opencode .
Or set in vibeguard.config.json:
{ "debug": true }
Known limitations
- During streaming (
text-delta) the placeholder may briefly appear; it will be restored attext-end.
FAQs
OpenCode 插件:参考 VibeGuard 的占位符格式(__VG_...__)在发送给 LLM 前脱敏、在响应完成后自动还原、在工具执行前还原参数
The npm package opencode-vibeguard receives a total of 1,304 weekly downloads. As such, opencode-vibeguard popularity was classified as popular.
We found that opencode-vibeguard demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 28 Feb 2026
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
152 Chrome Live Wallpaper Extensions Hid Ad Tracking and Faked Google Search Traffic
A network of 152 Chrome live wallpaper extensions hid ad tracking and made extension-driven traffic look like Google search clicks.
By Kush Pandya - Jun 12, 2026
Company News
Andrew Becherer Joins Socket as Chief Information Security Officer
Socket’s first CISO brings deep experience securing high-growth SaaS companies as open source supply chain threats accelerate.
By Sarah Gooding - Jun 11, 2026