| ▲ | rbehrends 3 hours ago | ||||||||||||||||||||||
I am more concerned about their, umm, gallant approach to security. Not only that OpenCode is permissive by default in what it is allowed to do, but that it apparently tries to pull its config from the web (provider-based URL) by default [1]. There is also this open GitHub issue [2], which I find quite concerning (worst case, it's an RCE vulnerability). | |||||||||||||||||||||||
| ▲ | TZubiri 4 minutes ago | parent | next [-] | ||||||||||||||||||||||
I assign a specific user for it, which doesn't have much access to my files. So what I want is complete autonomy. | |||||||||||||||||||||||
| ▲ | ct520 an hour ago | parent | prev | next [-] | ||||||||||||||||||||||
I second that. Have fun on windows - automatic no from me. https://github.com/anomalyco/opencode/issues?q=is%3Aissue%20... | |||||||||||||||||||||||
| |||||||||||||||||||||||
| ▲ | woctordho 2 hours ago | parent | prev [-] | ||||||||||||||||||||||
RCE is exactly the feature of coding agents. I'm happy with it that I don't need to launch OpenCode with --dangerously-skip every time. | |||||||||||||||||||||||