guardrails: plugin MVP for policy enforcement #4
Description
Parent epic: #1
Source brief:
docs/ai-guardrails/issues/003-guardrail-plugin-mvp.mddocs/ai-guardrails/migration/claude-code-skills-inventory.md
Problem
Claude hooks that enforced guardrails do not transfer directly. OpenCode plugins are the primary runtime surface for secret blocking, shell environment injection, and lifecycle observation.
Deliverables
- local or packaged guardrail plugin skeleton
- secret read blocklist
- shell environment injection for policy mode
- lifecycle logging for session and permission events
- compaction hook stub for future context preservation
- first migration of fast-feedback hooks such as post-lint-format and config protection where feasible
Acceptance
- plugin loads from project config
- plugin can inject environment through
shell.env - plugin can observe
session.created - plugin tests do not require a deep core patch
Notes
- Follow the thin-distribution approach from
docs/ai-guardrails/adr/001-thin-distribution-over-deep-fork.md - Preserve the philosophy imported from
claude-code-skillsepic feat(guardrails): Wave 8 — review fixes + remaining hooks + multi-model delegation #130: mechanism-first guardrails, fast feedback, pointer-based instructions, and runtime verifiability - Prefer OpenCode-native config/profile/plugin/command/CI surfaces over core patches
Dependencies
- epic: internal AI guardrails thin distribution for Cor-Incorporated #1
docs/ai-guardrails/adr/001-thin-distribution-over-deep-fork.mddocs/ai-guardrails/adr/003-claude-assets-migrate-by-role.mddocs/ai-guardrails/adr/004-scenario-tests-before-productization.md