inkdust2021/opencode-vibeguard — reverse-engineered prompt

Build me a JavaScript plugin for OpenCode called VibeGuard that keeps my private values from being sent to an AI provider.

I want to define sensitive strings in a simple JSON config file, like API keys, tokens, project names, or other secrets. Before OpenCode sends any prompt or previous conversation history to the model, replace those values with safe placeholders. After the model finishes, show the real values again locally so the conversation still makes sense. If the AI asks to run a tool, write a file, edit something, or use bash, restore the real values before the local tool runs.

Also make sure old tool inputs and outputs get cleaned before later requests, so secrets do not leak through history. If there is no config file, or it says enabled is false, the plugin should do nothing. Add a config example, basic tests, debug logging that never prints secrets, and clear README setup steps for local use and npm use. Look up current OpenCode plugin docs if needed.