I don’t know if the Streisand Effect is relevant here since Anthropic will block any other uses of their private APIs, not just OpenCode. The private Claude Code API was never advertised nor sold as a general purpose API for use with any tool.
OpenCode is an interesting tool but if this is your first time hearing of it you should probably be aware of their recent unauthenticated RCE issues and the slow response they’ve had to fixing it: https://news.ycombinator.com/item?id=46581095 They say they’re going to do better in the future but it’s currently on my list of projects to keep isolated until their security situation improves.
Imo I don't trust ANY of these tools to run in non-isolated environments.
All of these tools are either
- created by companies powered by VC money that never face consequences for mishandling your data
- community vibecoded with questionable security practices
These tools also need to have a substantial amount of access to be useful so it is really hard to secure even if you try. Constantly prompting for approval leads to alert fatigue and eventually a mistake leading to exfiltration.
I suggest just stick to LXC or VM. Desktop (including linux) userland security is just bad in general. I try to keep most random code I download for one off tasks to containers.
Incus is great for this use case, I did something similar. I volume mount specific stuff into the guests and let OpenCode loose with all tools enabled.
I used OpenCode to vibe code the shell script I use to manage it.
I actually use VMs rather than LXC, which makes it easier to run e.g. docker.
I might go back and give it a try! It would certainly save some ram.
I immediately reached for VMs because I just didn't want any question about the full level of isolation, but the cool thing about incus is that it should be easy to switch between them.
OpenCode is an interesting tool but if this is your first time hearing of it you should probably be aware of their recent unauthenticated RCE issues and the slow response they’ve had to fixing it: https://news.ycombinator.com/item?id=46581095 They say they’re going to do better in the future but it’s currently on my list of projects to keep isolated until their security situation improves.