Receipts for opencode's native tool calls (write, bash, edit) via the
obsigna opencode plugin.
opencode installs the plugin from npm itself (declared in opencode.json), so
there's no build step.
./demo.shPrerequisites: see the top-level README.
- The host daemon starts and the socat tunnel comes up (
lib/sbx.sh). - opencode runs in the sbx sandbox with a local ollama model and the obsigna
plugin. The plugin hooks
tool.execute.before/afterand emits one receipt per native tool call to the daemon over the tunnel. - The agent writes
fibonacci.py, runs it, then attempts an outboundcurlthat the sandbox blocks. - Output shows the two layers side by side.
obsigna receipt list — one receipt per native tool call:
SEQ TIMESTAMP CHAIN TOOL / ACTION TYPE
1 ... ... write ← fibonacci.py
2 ... ... bash ← python3 work/fibonacci.py
3 ... ... bash ← curl (blocked at the network layer)
obsigna verify → Chain ...: VALID (N receipts). The blocked curl appears in
both the sbx policy log and the receipt list — same event, two vantage points.
- Pinned to
@obsigna/opencode-plugin@0.1.0inopencode.json. Bump when a newer version ships. - A local model occasionally fumbles shell quoting and retries the curl a few times; each attempt is faithfully receipted.