OpenCode
Integrate brin with OpenCode plugins to automatically scan packages installed by AI agents
OpenCode's plugin system lets you extend and control agent behavior using JavaScript or TypeScript. By using the tool.execute.before hook, you can automatically route all package installations through brin for security scanning.
Prerequisites
- brin CLI installed
- OpenCode
Setup
OpenCode plugins are JavaScript or TypeScript files placed in the .opencode/plugins/ directory.
Create the plugin
Create .opencode/plugins/brin-gateway.ts:
import type { Plugin } from "@opencode-ai/plugin"
const INSTALL_PATTERN = /^(npm (i|install|add)|yarn add|pnpm (add|i|install)|bun (add|i|install)|pip install|cargo add) (.+)$/
const UNINSTALL_PATTERN = /^(npm (uninstall|rm)|yarn remove|pnpm (rm|remove)|bun (rm|remove)|pip uninstall|cargo remove) (.+)$/
export const SusGatewayPlugin: Plugin = async ({ client }) => {
await client.app.log({
service: "brin-gateway",
level: "info",
message: "brin gateway plugin loaded",
})
return {
"tool.execute.before": async (input, output) => {
if (input.tool !== "bash") return
const cmd = output.args.command
const installMatch = cmd.match(INSTALL_PATTERN)
if (installMatch) {
const pkg = installMatch[6]
throw new Error(`Use \`brin add ${pkg}\` instead for security scanning.`)
}
const uninstallMatch = cmd.match(UNINSTALL_PATTERN)
if (uninstallMatch) {
const pkg = uninstallMatch[5]
throw new Error(`Use \`brin remove ${pkg}\` instead.`)
}
},
}
}That's it—OpenCode automatically loads plugins from this directory at startup.
JavaScript version
If you prefer plain JavaScript, create .opencode/plugins/brin-gateway.js:
const INSTALL_PATTERN = /^(npm (i|install|add)|yarn add|pnpm (add|i|install)|bun (add|i|install)|pip install|cargo add) (.+)$/
const UNINSTALL_PATTERN = /^(npm (uninstall|rm)|yarn remove|pnpm (rm|remove)|bun (rm|remove)|pip uninstall|cargo remove) (.+)$/
export const SusGatewayPlugin = async ({ client }) => {
return {
"tool.execute.before": async (input, output) => {
if (input.tool !== "bash") return
const cmd = output.args.command
const installMatch = cmd.match(INSTALL_PATTERN)
if (installMatch) {
const pkg = installMatch[6]
throw new Error(`Use \`brin add ${pkg}\` instead for security scanning.`)
}
const uninstallMatch = cmd.match(UNINSTALL_PATTERN)
if (uninstallMatch) {
const pkg = uninstallMatch[5]
throw new Error(`Use \`brin remove ${pkg}\` instead.`)
}
},
}
}Global Configuration
To apply the brin plugin to all your projects, place it in the global plugins directory:
mkdir -p ~/.config/opencode/pluginsThen copy the plugin file to ~/.config/opencode/plugins/brin-gateway.ts.
Using npm Packages
You can also publish and install the plugin via npm. Add it to your OpenCode config:
{
"$schema": "https://opencode.ai/config.json",
"plugin": ["brin-gateway"]
}Troubleshooting
Plugin not loading
- Verify the plugin file exists at
.opencode/plugins/brin-gateway.ts - Check that the file exports a named function (not default export)
- Restart OpenCode after adding the plugin
Check plugin logs
Add logging to debug your plugin:
await client.app.log({
service: "brin-gateway",
level: "debug",
message: "Intercepted command",
extra: { command: cmd },
})TypeScript errors
If using TypeScript, install the plugin types:
npm install -D @opencode-ai/pluginOr add the types to your project's .opencode/package.json:
{
"devDependencies": {
"@opencode-ai/plugin": "latest"
}
}On this page