Edit: Corrections below based on developer feedback and further auditing.
First — I want to be clear: OpenCode is genuinely the best agentic coding tool I've used in the past 1.5 years. The TUI is excellent (for new users), the plugin system is flexible, and you can do serious agentic workflows even with smaller context windows if you orchestrate well. This post isn't about calling it malware — it's about transparency.
Following the earlier discussion about OpenCode not being truly local, I went through the source code (v1.3.0) to check what's real and what's overstated.
What the CLI binary actually contacts
5 external domains. Not all fire unconditionally — it depends on what you use:
| Domain | When | Disable flag? |
|---|---|---|
app.opencode.ai | Web UI page loads (not TUI) | No |
api.opencode.ai | opencode github command (opt-in) | No |
opencode.ai | Auto-update check | Yes |
opncd.ai | Session sharing (opt-in by default) | Yes (missing from docs) |
models.dev | Startup, only if local cache fails | Yes |
Your prompts are NOT sent through the app.opencode.ai proxy — that only handles web UI assets. Session sharing (opncd.ai) can send prompts/files, but only when you explicitly share a session (opt-in by default).
Corrections from earlier version
- PostHog and Honeycomb — These references exist in the repo but are in
script/stats.ts(CI script) andpackages/console/(cloud dashboard). They are NOT in the CLI binary. My earlier version incorrectly claimed they fire during normal usage. Apologies for the error. - The web UI is experimental — the developers have said they plan to bundle it into the binary once they move to Node. It's not ideal, but it's a known work-in-progress.
- Sharing and GitHub integration are opt-in features. The main concern for everyday TUI users is the auto-update check (disablable) and the web UI proxy (if you use the web UI).
What could be better
- A privacy policy or network documentation page — there isn't one
- Flag descriptions that mention what data goes where (currently they don't)
OPENCODE_DISABLE_SHAREadded to the docs (it's missing)- Merging one of the 12 community PRs that bundle the web UI
Workaround
For anyone who wants to block the outbound connections while continuing to use OpenCode normally, there's a tracker page with code evidence and a simple script that writes 5 hosts file entries + 3 env vars. Fully reversible. Not a fork.
I still use and recommend OpenCode — I just want the network behavior documented.
[link] [comments]
