Does opencode support sandboxing?
does opencode support sandboxing?
Based on my search of the codebase, here's the answer:
##Sandboxing in OpenCode
OpenCode does NOT sandbox the agent. This is explicitly stated in their SECURITY.md:
OpenCode does not sandbox the agent. The permission system exists as a UX feature to help users stay aware of what actions the agent is taking - it prompts for confirmation before executing commands, writing files, etc. However, it is not designed to provide security isolation.
###Key Points:
-
Permission system ≠ Sandbox: The prompts you see before executing commands or writing files are a UX feature for awareness, not a security boundary.
-
"Sandbox escapes" are out of scope: The security team explicitly lists sandbox escapes as out of scope for vulnerability reports since "the permission system is not a sandbox."
-
If you need true isolation: The recommendation is to run OpenCode inside a Docker container or VM.
###Confusing Terminology
You may notice "sandbox" appears elsewhere in the codebase (e.g., workspace.type.sandbox, project.sandboxes), but this refers to git worktrees - a feature that allows working with multiple branches simultaneously in separate directories. This is unrelated to security sandboxing.
END OF POST