sandvich
/
opencode
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update security

pull/6144/head
Dax Raad 2026-01-14 14:52:39 -05:00
parent 207a59aad4
commit 6b6d6e9e07
1 changed files with 4 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
SECURITY.md
View File

@ -12,6 +12,10 @@ OpenCode does **not** sandbox the agent. The permission system exists as a UX fe
If you need true isolation, run OpenCode inside a Docker container or VM. If you need true isolation, run OpenCode inside a Docker container or VM.
### Server Mode
Server mode is opt-in only. When enabled, set `OPENCODE_SERVER_PASSWORD` to require HTTP Basic Auth. Without this, the server runs unauthenticated (with a warning). It is the end user's responsibility to secure the server - any functionality it provides is not a vulnerability.
### Out of Scope ### Out of Scope
| Category | Rationale | | Category | Rationale |
@ -21,49 +25,6 @@ If you need true isolation, run OpenCode inside a Docker container or VM.
| **LLM provider data handling** | Data sent to your configured LLM provider is governed by their policies | | **LLM provider data handling** | Data sent to your configured LLM provider is governed by their policies |
| **MCP server behavior** | External MCP servers you configure are outside our trust boundary | | **MCP server behavior** | External MCP servers you configure are outside our trust boundary |
### Architecture
```
┌─────────────────────────────────────────────────────────────────┐
│ User's Machine │
│ ┌───────────────────────────────────────────────────────────┐ │
│ │ OpenCode Process │ │
│ │ ┌─────────────┐ ┌─────────────┐ ┌─────────────────┐ │ │
│ │ │ Agent │ │ Permission │ │ Storage │ │ │
│ │ │ (LLM + │ │ System │ │ (~/.local/share │ │ │
│ │ │ Tools) │ │ │ │ /opencode) │ │ │
│ │ └─────────────┘ └─────────────┘ └─────────────────┘ │ │
│ │ │ │ │
│ │ ▼ │ │
│ │ ┌─────────────────────────────────────────────────────┐ │ │
│ │ │ Project Directory (cwd) │ │ │
│ │ └─────────────────────────────────────────────────────┘ │ │
│ └───────────────────────────────────────────────────────────┘ │
│ │ │
│ ┌──────────────────┼──────────────────┐ │
│ ▼ ▼ ▼ │
│ ┌────────────┐ ┌─────────────┐ ┌─────────────┐ │
│ │ External │ │ LLM │ │ MCP │ │
│ │ Filesystem │ │ Providers │ │ Servers │ │
│ └────────────┘ └─────────────┘ └─────────────┘ │
└─────────────────────────────────────────────────────────────────┘
Optional (user must opt-in):
┌─────────────────────────────────────────────────────────────────┐
│ HTTP Server Mode │
│ ┌─────────────────────────────────────────────────────────┐ │
│ │ Server (localhost:port) │ │
│ │ - REST API endpoints │ │
│ │ - WebSocket PTY │ │
│ │ - SSE event stream │ │
│ └─────────────────────────────────────────────────────────┘ │
└─────────────────────────────────────────────────────────────────┘
```
### Server Mode
Server mode is opt-in only. When enabled, set `OPENCODE_SERVER_PASSWORD` to require HTTP Basic Auth. Without this, the server runs unauthenticated (with a warning).
--- ---
# Reporting Security Issues # Reporting Security Issues