OpenCode Network Guide GitHub repo ↗

What this page is: An informational guide to OpenCode's outbound network connections — what the CLI binary contacts, when, and how to control it. OpenCode is an excellent open-source agentic coding tool. This page is not a security alert — it's a reference for users who want to understand the network behavior. See OpenCode's official Privacy Policy and CLI docs.
Corrections (March 25, 2026): An earlier version of this page incorrectly claimed OpenCode had no privacy policy (it does), that PostHog and Honeycomb were in the CLI binary (they're not — they're in CI scripts and the cloud console), and framed opt-in features as undisclosed concerns. These errors have been corrected below. Apologies to the OpenCode team.
Network Connections Official Disable Flags Related Issues & PRs Community Poll Discussion

OpenCode Network Connections

What the CLI binary contacts, when, and how to control it. Based on source code review of OpenCode v1.3.0 (34f43ff). See the official Privacy Policy.

DomainWhen it firesOpt-in?Disable flagDetails
app.opencode.aiWeb UI page loads (not TUI)Web UI is experimentalNot yet (devs plan to bundle it)
api.opencode.aiopencode github commandYesNo
opencode.aiAuto-update checkNoYesOPENCODE_DISABLE_AUTOUPDATE
opncd.aiSession sharingYes — must explicitly share or set "share": "auto"YesOPENCODE_DISABLE_SHARE
models.devOn startup + refreshes hourlyNoYesOPENCODE_DISABLE_MODELS_FETCH
Your prompts are NOT sent through the web UI proxy. The app.opencode.ai proxy only handles web UI assets (HTML, JS, CSS). Prompts and LLM responses are handled by local API routes. Session sharing (opncd.ai) can send session data, but only when you explicitly opt in.
Not in the CLI binary: PostHog (us.i.posthog.com) and Honeycomb (api.honeycomb.io) references exist in the repo but are in script/stats.ts (a CI build script) and packages/console/ (cloud dashboard). They do not fire when you use the OpenCode CLI or TUI.

Related Issues & PRs

Community-filed issues and PRs related to network behavior. The main open item is bundling the web UI into the binary (experimental, in progress).

Web UI proxy (app.opencode.ai) — experimental, devs plan to bundle
#6352Allow overriding web client path / bundle with binaryissue · open@thdxr

First issue to raise the privacy concern (Dec 29, 2025). Project paths are leaked to app.opencode.ai through the catch-all proxy. Requests either bundling the web UI into the binary or adding a config override for the proxy URL. Also raises a stability concern: the CDN-hosted UI can change between binary releases, causing version mismatches.

Created: 2025-12-29Created by: @papercloverAssigned to: @thdxr6 reactions
View on GitHub →
#8549Web doesn't work without internet (corporate)issue · open@adamdotdevin

Main tracking issue for the offline web UI problem. The web UI fails completely in corporate/air-gapped environments because it depends on app.opencode.ai for all frontend assets. 16 reactions and 10 comments — the most-engaged privacy issue. Multiple community workaround commits linked in the comments (proAlexandr, tardyp).

Created: 2026-1-14Created by: @IceWreckAssigned to: @adamdotdevin16 reactions · 10 comments
View on GitHub →
#11981opencode web shall not use external app.opencode.aiissue · dup@adamdotdevin

Filed by a user on GCP Cloud Workstations where app.opencode.ai is blocked by corporate firewall. Closed by the reporter as a duplicate of #8549. The reporter (tardyp) contributed a workaround commit (a988b75) that serves the frontend from the same port.

Created: 2026-2-3Created by: @tardypAssigned to: @adamdotdevinClosed as duplicate of #85493 reactions
View on GitHub →
#12083Unable to connect — intranet usersissue · open@rekram1-node

Pure intranet users cannot load the web UI at all. 16 comments and 10 reactions. The reporter traced the root cause to the server.ts catch-all proxy. Distinct from #8549 in that this focuses on users who have zero external internet access, not just restricted corporate access.

Created: 2026-2-4Created by: @jakiechrisAssigned to: @rekram1-node10 reactions · 16 comments
View on GitHub →
#12445Support custom web app proxy URL (firewalled env)issue · open@adamdotdevin

Root feature request for an OPENCODE_APP_URL environment variable to override the hardcoded app.opencode.ai proxy destination. Spawned PR #12446. 4 reactions.

Created: 2026-2-6Created by: @jobrkAssigned to: @adamdotdevin4 reactions
View on GitHub →
#16787Option to disable web UI proxy for TUI-onlyissue · open@thdxr

TUI-only user wants an OPENCODE_DISABLE_WEB flag so the catch-all proxy returns 404 instead of proxying to app.opencode.ai. References #12445 and #11981. No PR has been created for this approach.

Created: 2026-3-9Created by: @mik3h0Assigned to: @thdxr1 reaction
View on GitHub →
#17406Web UI requires internet — binary proxies to CDNissue · open@thdxr

Filed by BYK (author of PR #15721). Detailed technical write-up: the binary is ~159MB but proxies all HTML/JS/CSS/fonts to the CDN instead of serving them locally. Distinct from #12083 — this is specifically about the binary not embedding web assets despite having room. Spawned PRs #15700 and #15721.

Created: 2026-3-13Created by: @BYKAssigned to: @thdxr2 reactions
View on GitHub →
#12446PR: Add OPENCODE_APP_URL for custom proxypr · openby @jobrk

Minimal 5-line change adding an OPENCODE_APP_URL env var to override the app.opencode.ai proxy destination. 18 reactions. Reviewed by community contributor @kikuchan who identified a subpath routing bug — but kikuchan explicitly stated they cannot press the approve button because they are not a maintainer. No maintainer has reviewed it.

Created: 2026-2-6Created by: @jobrkAssigned to:18 reactions · 1 commit · 5 lines · Mergeable
View on GitHub →
#12829PR: Embed web UI in binarypr · openby @nicell

Bundles the web UI at build time with a flag to disable. 41 reactions — the most-reacted PR. Tested in air-gapped Docker by @Chetic and confirmed working. @BlankParticle pinged maintainers. Maintainers responded that they were "interested in doing this themselves" but no internal PR has materialized.

Created: 2026-2-8Created by: @nicellAssigned to:41 reactions · 2 commits · Merge conflicts
View on GitHub →
#15700PR: Embed web UI assets (BYK v1)pr · bot closedby @BYK

BYK's first attempt at embedding web UI assets. 294 additions. Auto-closed by the compliance bot for missing PR template fields. Superseded by #15721 which fixes the issues found in this version (middleware ordering, SPA route hijacking, CI compatibility).

Created: 2026-3-2Created by: @BYKAssigned to:Closed: auto-closed by bot (missing PR template)
View on GitHub →
#15721PR: Embed web UI assets (BYK v2) — best candidatepr · openby @BYK

Most technically mature PR. 229 additions, 3 commits. Fixes v1 bugs: middleware ordering, SPA route hijacking, CI compatibility. Externalizes 83 optional font files (~27MB) to keep binary size reasonable (~174MB vs ~159MB). Tested in air-gapped environment by @Warkeeper and confirmed working. Codeowner review requested from @adamdotdevinno reviews have been submitted yet.

Created: 2026-3-4Created by: @BYKAssigned to:229 additions · 3 commits · Mergeable · Review: requested from @adamdotdevin, none received
View on GitHub →
#17104PR: Support OPENCODE_WEB_URL for local servingpr · openby @sjawhar

Supports two modes: (1) file:// path for serving local web assets, (2) HTTP URL for a custom proxy target. Closes #12445. Relates to #8549, #11981, #16787. Passed compliance. Status: blocked (merge conflicts).

Created: 2026-3-12Created by: @sjawharAssigned to:Closes #12445 · Merge conflicts
View on GitHub →
#18506—#18522PR: Offline web static serve (DroganC — 6 attempts)5 bot closed · 1 openby @DroganC

DroganC attempted to submit the same offline web serving fix 6 times. The approach adds an OPENCODE_APP_DIST env var to serve web assets from packages/app/dist locally, plus an OFFLINE_WEB.md documentation file. 138 additions, 12 files changed.

Why 5 were closed: The repo has an automated compliance bot that auto-closes PRs within ~2 hours if they don't meet template requirements (needs:title, needs:compliance). PRs #18506, #18508, #18510, #18520, and #18521 were all closed by this bot. The 6th attempt (#18522) finally passed compliance and remains open with review requested from @adamdotdevin.

Created: 2026-3-22Created by: @DroganCAssigned to:#18506 closed (bot)#18508 closed (bot)#18510 closed (bot)#18520 closed (bot)#18521 closed (bot)#18522 open
View #18522 on GitHub →
Offline mode request
#18235PR: Add offline mode (--offline)pr · openby @dgruzd

Adds OPENCODE_OFFLINE=true / --offline CLI flag as a single kill switch for all non-essential outbound connections. When enabled: disables auto-update, disables session sharing, web UI proxy returns 503. 233 additions, 5 tests.

Maintainer @rekram1-node (Mar 20, 2026): "We ofc need to ship something with this shape, internally we talked about some approaches briefly, ill need to sync back w/ them to see what they think is best next week"

No follow-up action since that comment.

Created: 2026-3-20Created by: @dgruzdAssigned to:233 additions · 5 tests · Merge conflicts · Maintainer acknowledged
View on GitHub →
Model catalog fetch (models.dev) — has disable flag
#18638Offline deployment blocked by models.dev requestsissue · open

Docker deployment (ghcr.io/anomalyco/opencode:1.1.53) keeps requesting models.dev, blocking the web interface in offline environments. The OPENCODE_DISABLE_MODELS_FETCH flag exists but is undocumented — users don't know it's available. The flag is also only checked after local cache and bundled snapshot both fail, so the fetch can happen before the flag takes effect.

Created: 2026-3-22Created by: @LeekinxunAssigned to:
View on GitHub →
Session sharing (opncd.ai) — opt-in + has disable flag

Opt-in by default — you must explicitly share a session or set "share": "auto" in config (docs). Disablable via OPENCODE_DISABLE_SHARE=true.

Exa search (mcp.exa.ai) — opt-in

Opt-in via OPENCODE_ENABLE_EXA=true. Auto-enabled when using OpenCode Zen.

Auto-update (opencode.ai) — has disable flag

Disablable via OPENCODE_DISABLE_AUTOUPDATE=true. Standard auto-update behavior for CLI tools.

GitHub integration (api.opencode.ai) — opt-in feature

Only fires during opencode github commands. Sends org/repo names for GitHub App installation checks.

Official Controls

OpenCode provides both opencode.json config settings and environment variables to control outbound connections. Either method works — config settings go in your project's opencode.json, env vars can be set in your shell profile.

ConnectionConfig setting (opencode.json)Environment variableDocumentation
Auto-update
opencode.ai		 "autoupdate": false
or "autoupdate": "notify" (show notification only)		 OPENCODE_DISABLE_AUTOUPDATE=true CLI docs
Session sharing
opncd.ai		 "share": "disabled"
(options: "manual", "auto", "disabled")		 OPENCODE_DISABLE_SHARE=true Share docs
Model catalog
models.dev (hourly)		 OPENCODE_DISABLE_MODELS_FETCH=true CLI docs

Example opencode.json:

{
  "$schema": "https://opencode.ai/config.json",
  "autoupdate": false,
  "share": "disabled"
}

Why this exists

OpenCode is an excellent open-source agentic coding tool. This page was created to document its network behavior for users who need to understand what connects where — especially in corporate or air-gapped environments. OpenCode has a privacy policy, and most outbound connections are either opt-in or have disable flags. The main open item is bundling the experimental web UI into the binary, which the developers have said they're working on.

Background: original Reddit discussion

Community Poll

How should OpenCode handle telemetry and outbound connections?

Vote by reacting on the GitHub Discussion — each GitHub account gets one vote. Pick the option closest to your view.

🚀 All telemetry should be opt-in — nothing sent without explicit consent
👍 Telemetry is OK but must be disclosed upfront with a clear opt-out
👀 Anonymous crash/usage analytics are fine, but session data must be opt-in
😕 Need more information before deciding
👎 Current defaults are acceptable, no changes needed
Vote on GitHub Discussion →

Discussion

Sign in with GitHub to comment or react. Reactions serve as upvotes/downvotes.

Copied!