GPT-5.6 (Sol / Terra / Luna) is now evaluated on TrustVector โ€” with day-1 independent verification, incl. METR's benchmark-cheating findings.

Read the evaluation
Evaluation record ยท opencode

OpenCode

v1.x (v1.17.17, 2026-07-09)

SST / Anomaly Innovations

Agentcoding-agentterminalopen-sourcebyok
77
Strong
About This Agent

MIT-licensed open-source terminal AI coding agent from the SST team (Anomaly Innovations). TUI-first with a client/server architecture, 75+ model providers, an optional curated Zen gateway, and millions of monthly developers. GitHub made Copilot subscriptions work with it (Jan 2026), while Anthropic blocked its consumer-OAuth access the same month, forcing removal of Claude Pro/Max support - a live case study in agent supply-chain and ToS risk.

Last Evaluated: July 9, 2026
Official Website

Trust Vector Analysis

Dimension Breakdown

๐Ÿš€Performance & Reliability
+
task completion accuracy

Adoption-signal and hands-on assessment of terminal coding workflows; accuracy tracks the configured model

Evidence
OpenCode GitHub repository โ€” Completes end-to-end coding tasks in the terminal; adoption at 184K stars and millions of monthly developers signals sustained real-world effectiveness
mediumVerified: 2026-07-09
tool use reliability

Tool invocation testing across file edits, shell execution, LSP-assisted changes, and MCP servers

Evidence
OpenCode documentation โ€” Built-in edit, bash, and search tools with LSP integration for language-aware edits; MCP support extends the toolset
highVerified: 2026-07-09
multi step planning

Evaluation of plan/build agent separation on multi-file tasks

Evidence
OpenCode GitHub repository โ€” Ships a read-only 'plan' agent that requests permission before bash execution and a full-access 'build' agent, separating strategy from execution
mediumVerified: 2026-07-09
memory persistence

Review of session persistence, AGENTS.md context, and cross-session continuity

Evidence
OpenCode documentation โ€” Persistent sessions with resume and share, AGENTS.md project context files, and per-project config; no managed long-term memory
mediumVerified: 2026-07-09
error recovery

Observed recovery behavior from failing builds and diagnostics during evaluation

Evidence
OpenCode documentation โ€” Agent loop iterates on compiler, test, and LSP diagnostics to self-correct; session history allows reverting
mediumVerified: 2026-07-09
agent collaboration

Review of custom agent configuration and delegation features

Evidence
OpenCode documentation โ€” Configurable custom agents and subagent delegation; client/server design lets multiple clients drive the same server
mediumVerified: 2026-07-09
๐Ÿ›ก๏ธSecurity
+
tool sandboxing

Execution isolation review; containerization is left to the user

Evidence
OpenCode documentation โ€” No OS-level sandbox: bash and edit tools operate directly on the host; permission rules (ask/allow/deny per tool and command pattern) gate execution rather than isolate it
mediumVerified: 2026-07-09
access control

Assessment of the permission rule system and agent-level restrictions

Evidence
OpenCode documentation โ€” Granular permission config per agent (edit/bash/webfetch ask-allow-deny with glob patterns) and a read-only plan agent; no enterprise policy or SSO layer in the open-source core
mediumVerified: 2026-07-09
prompt injection defense

Injection surface review across webfetch, repository content, and MCP servers

Evidence
OpenCode documentation โ€” No dedicated injection detection: untrusted repo content and fetched web pages enter the context, with permission prompts as the main backstop - the standard exposure for terminal coding agents
mediumVerified: 2026-07-09
data isolation

Data-flow review of local operation, share-link uploads, and Zen gateway routing

Evidence
OpenCode documentation โ€” Local-first: code and prompts flow only to the configured provider; the optional share feature uploads session transcripts to opencode.ai and is disabled by config for sensitive environments
mediumVerified: 2026-07-09
open source transparency

License and source availability review

Evidence
OpenCode GitHub repository โ€” MIT license, fully open TypeScript codebase with public issue tracker and very high release velocity
highVerified: 2026-07-09
๐Ÿ”’Privacy & Compliance
+
data retention

Privacy architecture review of default local operation versus opt-in cloud features

Evidence
OpenCode documentation โ€” No vendor retention in default BYOK operation; only opt-in share links and optional Zen usage send data to OpenCode-operated services
mediumVerified: 2026-07-09
gdpr compliance

Compliance capabilities assessment across BYOK and Zen configurations

Evidence
OpenCode website โ€” Compliance posture inherits from the chosen provider; Anomaly publishes standard policies but no formal certification program for the open-source tool
mediumVerified: 2026-07-09
third party data sharing

Data-flow analysis across direct provider connections, Zen routing, and share links

Evidence
OpenCode Zen documentation โ€” Data goes to the user-selected provider among 75+; the optional Zen gateway routes through curated hosted models on pay-per-use terms
mediumVerified: 2026-07-09
local deployment option

Deployment options assessment including fully local model configurations

Evidence
OpenCode documentation โ€” Runs locally with local models (Ollama and OpenAI-compatible endpoints) among its 75+ providers; share and Zen are optional
highVerified: 2026-07-09
๐Ÿ‘๏ธTrust & Transparency
+
documentation quality

Documentation completeness and accuracy review

Evidence
OpenCode documentation โ€” Clear docs for config, agents, permissions, providers, MCP, Zen, and the SDK/server API
highVerified: 2026-07-09
execution traceability

Review of transcripts, share links, and server-API introspection

Evidence
OpenCode documentation โ€” Full session transcripts of tool calls in the TUI, shareable session links for review, and a server API exposing session state
mediumVerified: 2026-07-09
decision explainability

Assessment of plan-mode previews and pre-execution visibility

Evidence
OpenCode GitHub repository โ€” Plan agent externalizes intended changes read-only before execution; permission prompts surface each sensitive action
mediumVerified: 2026-07-09
open source code

Open source assessment of license and codebase completeness

Evidence
OpenCode GitHub repository โ€” MIT-licensed, fully open codebase maintained in public by the SST/Anomaly team
highVerified: 2026-07-09
community activity

Community engagement analysis; star and MAU figures conflict across 2026 sources, so ranges are cited with the GitHub-observed value as primary

Evidence
OpenCode GitHub repository โ€” 184K stars and 22.9K forks observed 2026-07-09 (secondary write-ups from earlier in 2026 cite 150-172K - the figure moved fast); releases land near-daily (v1.17.17 on 2026-07-09)
Tech Funding News - OpenCode background story โ€” Reported ~7.5M monthly active developers by May 2026 (other 2026 write-ups cite ~6.5M; estimates vary by methodology)
highVerified: 2026-07-09
โš™๏ธOperational Excellence
+
ease of integration

Setup time and integration surface assessment across terminal, SSH, and subscription auth paths

Evidence
OpenCode documentation โ€” One-line install script or npm/brew; runs in any terminal over SSH, with a beta desktop app and GitHub Copilot subscription auth since January 2026
GitHub Changelog - Copilot supports OpenCode โ€” GitHub officially enabled Copilot Pro/Pro+/Business/Enterprise subscriptions as an auth/model path for OpenCode
highVerified: 2026-07-09
scalability

Assessment of the server API, headless operation, and parallel session support

Evidence
OpenCode documentation โ€” Client/server architecture supports remote servers, multiple concurrent sessions, and headless/scripted use for CI
mediumVerified: 2026-07-09
cost predictability

Pricing analysis across BYOK, Zen, and subscription auth options

Evidence
OpenCode Zen โ€” Free MIT tool; BYOK tokens are pay-as-you-go, Zen is pay-per-use, and Copilot subscriptions offer a capped-cost path since January 2026
mediumVerified: 2026-07-09
monitoring capabilities

Monitoring features assessment for individual and team usage

Evidence
OpenCode documentation โ€” Per-session cost/token display and share links for review; no built-in fleet dashboards, audit exports, or alerting
mediumVerified: 2026-07-09
production readiness

Maturity assessment from release history and the demonstrated upstream provider-access risk (Anthropic OAuth removal)

Evidence
OpenCode GitHub repository โ€” Stable 1.x with near-daily releases and massive adoption, but very fast churn; several-million-dollar Zen revenue funds maintenance
Hacker News - Anthropic blocks third-party subscription access โ€” On 2026-01-09 Anthropic's server-side checks cut OpenCode users off from Claude Pro/Max OAuth overnight without warning; the ToS ban was formalized 2026-02-19 and fully enforced 2026-04-04, forcing OpenCode to drop consumer Claude login
The Register - Anthropic clarifies third-party access ban โ€” Anthropic's clarified terms bar Free/Pro/Max OAuth tokens in third-party tools, a standing upstream-dependency risk for BYOK agents like OpenCode
mediumVerified: 2026-07-09
Strengths
  • +One of the most popular open-source coding agents: 184K GitHub stars observed July 2026 (150-172K cited in earlier 2026 write-ups) and millions of monthly developers (~6.5-7.5M reported)
  • +MIT-licensed, fully open, with near-daily releases
  • +Provider-neutral: 75+ providers plus the optional curated Zen gateway
  • +Official GitHub Copilot subscription support (January 2026)
  • +Client/server TUI works over SSH; plan agent and granular permission rules gate risky actions
  • +Local-first BYOK: code goes only to the provider the user chooses
Limitations
  • !Anthropic blocked its consumer OAuth access (Jan 2026; ToS formalized Feb, enforced Apr 2026), removing Claude Pro/Max support overnight - proof that upstream providers can cut off access without notice
  • !No sandboxing: permission rules are the only barrier to host shell and filesystem
  • !No dedicated prompt-injection defenses beyond permission prompts
  • !Opt-in share links upload session transcripts to opencode.ai and need disabling in sensitive environments
  • !Very fast release churn can break configs and integrations
  • !No enterprise governance layer (SSO, audit, policy) in the open-source core
Metadata
license: MIT
repository: https://github.com/sst/opencode
package name: opencode-ai (npm)
supported models
0: 75+ providers (Anthropic API, OpenAI, Google, GitHub Copilot, OpenRouter, local Ollama, etc.)
1: OpenCode Zen curated gateway (optional, pay-per-use)
languages
0: TypeScript
deployment type: Local terminal TUI with client/server architecture; beta desktop app; self-hosted
architecture: TUI client + local server with built-in edit/bash/webfetch tools, LSP integration, MCP support, and configurable agents/permissions
first release: 2024 (SST team); rose to prominence 2025-2026
adoption: 184K stars / 22.9K forks (2026-07-09); ~6.5-7.5M monthly developers reported in 2026 (estimates vary)
pricing: Free (MIT) + BYOK provider costs; optional pay-per-use Zen models; works with GitHub Copilot subscriptions
github stars: 184000 (2026-07-09); earlier 2026 sources cite 150-172K

Use Case Ratings

code generation

Excellent terminal-native coding agent with LSP-aware edits and plan/build agent separation

data analysis

Solid for scripted analysis through shell tooling; not a notebook environment

research assistant

Capable codebase and web research; webfetch content should be treated as untrusted

content creation

Usable for technical docs; terminal workflow is not aimed at content work