OpenCode
v1.x (v1.17.17, 2026-07-09)SST / Anomaly Innovations
MIT-licensed open-source terminal AI coding agent from the SST team (Anomaly Innovations). TUI-first with a client/server architecture, 75+ model providers, an optional curated Zen gateway, and millions of monthly developers. GitHub made Copilot subscriptions work with it (Jan 2026), while Anthropic blocked its consumer-OAuth access the same month, forcing removal of Claude Pro/Max support - a live case study in agent supply-chain and ToS risk.
Trust Vector Analysis
Dimension Breakdown
๐Performance & Reliability+
Adoption-signal and hands-on assessment of terminal coding workflows; accuracy tracks the configured model
Tool invocation testing across file edits, shell execution, LSP-assisted changes, and MCP servers
Evaluation of plan/build agent separation on multi-file tasks
Review of session persistence, AGENTS.md context, and cross-session continuity
Observed recovery behavior from failing builds and diagnostics during evaluation
Review of custom agent configuration and delegation features
๐ก๏ธSecurity+
Execution isolation review; containerization is left to the user
Assessment of the permission rule system and agent-level restrictions
Injection surface review across webfetch, repository content, and MCP servers
Data-flow review of local operation, share-link uploads, and Zen gateway routing
License and source availability review
๐Privacy & Compliance+
Privacy architecture review of default local operation versus opt-in cloud features
Compliance capabilities assessment across BYOK and Zen configurations
Data-flow analysis across direct provider connections, Zen routing, and share links
Deployment options assessment including fully local model configurations
๐๏ธTrust & Transparency+
Documentation completeness and accuracy review
Review of transcripts, share links, and server-API introspection
Assessment of plan-mode previews and pre-execution visibility
Open source assessment of license and codebase completeness
Community engagement analysis; star and MAU figures conflict across 2026 sources, so ranges are cited with the GitHub-observed value as primary
โ๏ธOperational Excellence+
Setup time and integration surface assessment across terminal, SSH, and subscription auth paths
Assessment of the server API, headless operation, and parallel session support
Pricing analysis across BYOK, Zen, and subscription auth options
Monitoring features assessment for individual and team usage
Maturity assessment from release history and the demonstrated upstream provider-access risk (Anthropic OAuth removal)
- +One of the most popular open-source coding agents: 184K GitHub stars observed July 2026 (150-172K cited in earlier 2026 write-ups) and millions of monthly developers (~6.5-7.5M reported)
- +MIT-licensed, fully open, with near-daily releases
- +Provider-neutral: 75+ providers plus the optional curated Zen gateway
- +Official GitHub Copilot subscription support (January 2026)
- +Client/server TUI works over SSH; plan agent and granular permission rules gate risky actions
- +Local-first BYOK: code goes only to the provider the user chooses
- !Anthropic blocked its consumer OAuth access (Jan 2026; ToS formalized Feb, enforced Apr 2026), removing Claude Pro/Max support overnight - proof that upstream providers can cut off access without notice
- !No sandboxing: permission rules are the only barrier to host shell and filesystem
- !No dedicated prompt-injection defenses beyond permission prompts
- !Opt-in share links upload session transcripts to opencode.ai and need disabling in sensitive environments
- !Very fast release churn can break configs and integrations
- !No enterprise governance layer (SSO, audit, policy) in the open-source core
Use Case Ratings
code generation
Excellent terminal-native coding agent with LSP-aware edits and plan/build agent separation
data analysis
Solid for scripted analysis through shell tooling; not a notebook environment
research assistant
Capable codebase and web research; webfetch content should be treated as untrusted
content creation
Usable for technical docs; terminal workflow is not aimed at content work