DEV Community

Cover image for Building HEXZ: A Security & "Anti-Slop" Layer for OpenCode
HexZo Network
HexZo Network

Posted on • Edited on

Building HEXZ: A Security & "Anti-Slop" Layer for OpenCode

Over the last few weeks I've been working on HEXZ, an upgrade layer for OpenCode that adds security tooling, project memory, MCP integration, design scaffolding, web search workflows, and stricter AI output enforcement.

The project is still in active testing and bug hunting, but it's already usable enough to share with the community and gather feedback.

Why I Started Building It

Most coding assistants are good at generating code.

The problem starts after generation.

They often:

  • Skip research
  • Miss security issues
  • Forget project context
  • Produce repetitive AI-style writing
  • Make destructive changes without validation
  • Have limited access to external tools and workflows

I wanted something that behaves more like an engineering workflow than a chatbot.

The goal of HEXZ is simple:

Research first. Plan before execution. Simulate risky actions. Scan before shipping.


What HEXZ Adds to OpenCode

Anti-Slop Engine

One thing that annoys me when using AI tools is the amount of repetitive filler language.

HEXZ enforces stricter technical writing by detecting and discouraging common AI-tell patterns.

Examples include:

  • Overused buzzwords
  • Repetitive sentence structures
  • Generic marketing language
  • Unnecessary filler phrases

The objective isn't to make responses sound human.

The objective is to make responses more useful.


Security Toolkit

Security was one of the largest areas I wanted to improve.

HEXZ currently includes:

  • 769+ cybersecurity skills
  • MITRE ATT&CK mappings
  • NIST CSF 2.0 mappings
  • OWASP Top 10 coverage
  • Vulnerability scanning workflows
  • Threat hunting references
  • Forensics and malware analysis resources

Domains currently covered include:

  • Recon & OSINT
  • Web Security
  • Cloud Security
  • Incident Response
  • Threat Hunting
  • Malware Analysis
  • Network Security
  • Red Team Operations
  • Blue Team Defense

The idea is not to replace dedicated security tools.

It's to give the AI assistant enough context to reason about security during development.


MCP Support

HEXZ can connect to Model Context Protocol (MCP) servers.

This allows OpenCode to interact with:

  • Databases
  • Filesystems
  • APIs
  • External services

Instead of hardcoding integrations, the assistant can discover and use tools dynamically through MCP.


Persistent Memory

One frustration with many AI coding sessions is that context disappears after restart.

HEXZ adds persistent memory for:

  • Project context
  • Session summaries
  • Preferences
  • Model routing settings

This allows workflows to survive across multiple sessions.


Design Scaffold Generator

Sometimes you need a quick UI direction before implementation.

HEXZ includes a design scaffold system with:

  • 150+ design systems
  • 100+ templates
  • HTML/CSS mockup generation

The goal isn't pixel-perfect design.

It's faster prototyping and idea validation.


Web Search Before Code

A rule I keep returning to:

Research before implementation.

HEXZ can enforce a workflow where web search happens before code generation.

That sounds simple, but it prevents a surprising number of outdated assumptions and hallucinated implementations.


Workflow Philosophy

HEXZ follows a structured pipeline:

RESEARCH
    ↓
PLAN
    ↓
SIMULATE
    ↓
BUILD
    ↓
SCAN
    ↓
REVIEW
Enter fullscreen mode Exit fullscreen mode

For destructive operations, a simulation step is required first.

The objective is reducing avoidable mistakes rather than maximizing generation speed.


Current Status

The project is not production-ready yet.

Current focus:

  • Testing
  • Bug hunting
  • Stability improvements
  • Performance tuning
  • Edge-case validation

Some features work well already, while others still need refinement.

This is exactly why I'm sharing it early.


Looking for Feedback

I'm particularly interested in feedback around:

  • OpenCode plugin architecture
  • MCP workflows
  • Security scanning logic
  • Model routing strategies
  • Memory design
  • Developer experience

If you've built similar tooling, I'd love to hear what worked, what failed, and what you'd do differently.

The repository is open source, and contributions are welcome.

GitHub:

GitHub logo HexZoNetwork / opencode-hexz

simple plugin that will make your model smarter

HEXZ

OpenCode & MiMo Code Upgrade Layer

A plugin for OpenCode, MiMo Code, Claude Code, and OpenAI Codex — anti-slop enforcement, 769+ cybersecurity skills, design scaffolding, web search, OCR, screenshots, MCP, persistent memory, and PR automation

Important

Claude Code and Codex support is untested and experimental. OpenCode remains the primary target — contributions welcome.


Warning

Recommended for Linux. Windows support via install.bat is experimental — contributions welcome.

Contents


Features






























Anti-Slop Engine Banned filler words (delve, leverage, robust, etc.), forced technical writing, varied sentence structure
Cybersecurity Suite 769+ skills across 15 domains with MITRE ATT&CK, NIST CSF 2.0, and OWASP Top 10 mappings
Design Scaffold HTML/CSS mockups across 150+ design systems and 109+ templates
Web Search DuckDuckGo integration — called before writing code
Image OCR Text extraction from screenshots, errors, diagrams via tesseract.js
Web





I'm planning to keep building this in public and posting updates as the project evolves.

⚠️ A Note on Token Usage

This plugin may use significantly more tokens than usual because it enforces a prompt override and runs a simulation before executing a plan.

Preview:

design

design

Model: deepseek v4 flash free+ Hexz plugin
First prompt: Build me a porotofolio web at ./test based on .
Second prompt: update this folder

design no hexz

Model: deepseek v4 pro without hexz
The prompt is about 1.2k line leght so i cant paste it here

Top comments (0)