OpenCode Assess

coding-agentsdeveloper-aiopen-sourceai-toolsterminalidemcpextensibility

Overview

OpenCode is an open-source AI coding agent for software development workflows across terminal, IDE, and desktop environments. The project homepage describes OpenCode as an agent that helps write code in a terminal, IDE, or desktop, with free models included and support for connecting models from providers such as Claude, GPT, Gemini, and others (OpenCode homepage).

OpenCode is more than a terminal chat wrapper. It provides built-in and custom agents, tool permissions, MCP server support, plugin hooks, project and managed configuration, custom commands, a desktop app, and an OpenAPI-backed server architecture for multiple clients (OpenCode agents, OpenCode config, OpenCode server). The repository positions it as “the open source coding agent” and lists installation paths across shell installer, npm, Homebrew, Scoop, Chocolatey, Arch, mise, Nix, and desktop installers (GitHub: anomalyco/opencode).

The reason to classify OpenCode as Assess is that it is promising for teams that value openness, terminal workflows, extensibility, and control over agent behavior, but it also exposes powerful execution surfaces. Assess it for developer-tooling teams and advanced users before making it a standard developer environment, especially in organizations with sensitive code, regulated workflows, or strict software supply-chain requirements.

Adoption Signals

  • OpenCode’s homepage says it is available as a terminal interface, desktop app, and IDE extension, and supports 75+ LLM providers through Models.dev, including local models (OpenCode homepage).
  • The homepage states users can log in with GitHub to use a Copilot account and log in with OpenAI to use ChatGPT Plus or Pro (OpenCode homepage).
  • The GitHub repository is MIT-licensed and shows strong public traction, with 165k stars, 19.6k forks, 811 releases, and latest release v1.15.10 dated May 23, 2026 in the fetched repository metadata (GitHub: anomalyco/opencode).
  • OpenCode includes built-in primary agents: Build, the default full-access development agent, and Plan, a restricted planning and analysis agent that asks before file edits and bash commands by default (OpenCode agents, GitHub: anomalyco/opencode).
  • OpenCode includes built-in subagents such as General for multi-step work, Explore for read-only codebase exploration, and Scout for read-only external docs and dependency research (OpenCode agents).
  • Agent configuration can be defined in JSON or Markdown, with global agents in ~/.config/opencode/agents/ and project agents in .opencode/agents/, allowing teams to create role-specific agents such as review, debug, documentation, or security-audit agents (OpenCode agents).
  • Configuration supports project, global, remote .well-known/opencode, environment, inline, and managed settings, including macOS MDM-managed preferences that users cannot override (OpenCode config).
  • OpenCode supports local and remote MCP servers; once added, MCP tools are automatically available to the LLM alongside built-in tools (OpenCode MCP servers).
  • OpenCode plugins are JavaScript/TypeScript modules that can be loaded from local directories or npm, subscribe to command/file/LSP/message/permission/session/tool/TUI events, add custom tools, and hook before or after tool execution (OpenCode plugins).

Risks

  • Default permissions are permissive. OpenCode documentation says most permissions default to allow, while .env files are denied by default and doom_loop and external_directory default to ask; teams should not rely on defaults for sensitive repositories (OpenCode permissions).
  • Built-in tools can modify systems. OpenCode tools include bash, edit, write, read, grep, glob, apply_patch, skill, todowrite, webfetch, websearch, and question; bash can run shell commands and write can create or overwrite files (OpenCode tools).
  • Custom tools can execute arbitrary code. The tools documentation states that custom tools are defined in configuration and can execute arbitrary code, which makes tool review and configuration governance necessary (OpenCode tools).
  • MCP tools expand context and access. OpenCode supports local and remote MCP servers and automatically exposes their tools to the LLM; the docs caution that MCP servers add to context and that servers such as GitHub MCP can easily exceed context limits (OpenCode MCP servers).
  • Remote MCP OAuth creates credential handling obligations. OpenCode can automatically initiate OAuth, use dynamic client registration when supported, and store tokens in ~/.local/share/opencode/mcp-auth.json, so organizations need policy for token storage, server trust, scopes, and revocation (OpenCode MCP servers).
  • Plugins are executable supply-chain inputs. Plugins are JS/TS modules, npm plugins are installed automatically with Bun at startup, dependencies are cached locally, and plugin context includes Bun’s shell API for executing commands; this should be treated like installing executable developer tooling (OpenCode plugins).
  • External directory access needs special care. OpenCode’s external_directory permission is triggered when tools touch paths outside the project working directory, and the docs recommend keeping external path lists focused on trusted paths with explicit allow or deny rules layered for tools such as bash (OpenCode permissions).
  • Managed rollout requires config discipline. OpenCode has many configuration layers and merge semantics, so organizations need clear precedence rules, managed settings, plugin/package policies, provider allowlists, and repository-local configuration standards (OpenCode config).

Pros & Cons

Advantages

  • Provides an open-source AI coding agent usable from the terminal, IDE, and desktop, with broad model-provider support and options to use GitHub Copilot or ChatGPT accounts.
  • Includes configurable primary agents, subagents, permissions, tools, MCP server integration, plugins, custom commands, and managed configuration for team or organization defaults.
  • Gives teams more inspectability and control than fully closed coding-agent tools, including project-local configuration, markdown-defined agents, and plugin hooks around tool execution and session events.

Disadvantages

  • Defaults are permissive for most operations, so teams need explicit permission policies before allowing file edits, shell commands, external directories, MCP tools, and custom plugins in sensitive repositories.
  • MCP servers, custom tools, and plugins can expand the executable and data access surface, including arbitrary code execution, shell access, OAuth tokens, remote services, and npm-installed plugin dependencies.
  • Open-source velocity and broad provider support are attractive, but model behavior, auditability, enterprise support, release governance, and managed rollout maturity should be validated before standardizing.

Recommendation

Assess OpenCode for teams that want an open-source, inspectable coding-agent environment with terminal-first workflows, desktop and IDE options, broad model support, and configurable agents. It is most compelling for platform teams, advanced engineers, and organizations that want to shape their own agent workflow rather than accept a closed commercial default.

Evaluate it with realistic repository tasks. Test planning, code edits, test execution, code review, subagent use, MCP tools, plugin hooks, model switching, local-model behavior, desktop and IDE clients, and managed configuration. Confirm that permissions behave as expected for file edits, bash commands, external directories, web access, MCP tools, and project-specific agents.

Do not standardize it until security and governance are explicit. Define default permission profiles, provider allowlists, approved MCP servers, plugin review process, token storage rules, logging/audit approach, managed config policy, and guidance for sensitive repositories. Move from Assess to Trial once OpenCode’s execution model, permissions, extension surface, and release cadence are proven in a controlled pilot.

Sources