opencode-studio
opencode-studio is a local web GUI plus an Express-based backend for managing local OpenCode configuration on disk. It supports managing MCP servers (enable/disable, add via npx), profiles (isolated config sets), editing skills and JS/TS plugins (including bulk import from URLs), managing custom slash commands, viewing usage/token cost dashboards from local logs, and handling authentication/credential profiles, with optional GitHub sync and backup/restore.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
Security guidance is partial: the README mentions confirmation dialogs for deep links and warns about trusting sources. However, it does not document TLS requirements (likely local HTTP by default), does not describe how credentials are stored or protected, and does not state fine-grained permissions/scopes. The tool supports adding MCP servers via pasted npx commands and bulk importing from URLs, which increases risk if users/trusted sources are not controlled.
⚡ Reliability
Best When
You want a self-hosted, local, file-backed configuration UI for OpenCode (including MCP and plugin/skill management) running on a developer machine.
Avoid When
You cannot trust the machine/browser runtime (it writes directly to local config directories) or you need a well-documented network API for third-party automated clients.
Use Cases
- • Manage local OpenCode skills and plugins via a browser UI (no manual JSON editing)
- • Toggle and configure MCP servers for a local OpenCode environment
- • Maintain multiple isolated OpenCode profiles (separate configs, history, sessions)
- • Bulk import skills/plugins from raw URLs and review before importing
- • Track local usage and token/model breakdown
- • Sync or back up configuration via GitHub CLI and export/import
Not For
- • Enterprise multi-tenant SaaS use where browser access should be remotely controlled/permissioned centrally
- • Environments requiring a formally specified public API (e.g., OpenAPI/SDK) for programmatic integration
- • Production deployments needing documented uptime, SLAs, and rigorous operational guarantees
Interface
Authentication
The README states there is an auth section with login/logout per provider and credential profiles, but does not describe protocol, scopes, tokens, or how secrets are stored/handled.
Pricing
No pricing information provided; appears to be local tooling.
Agent Metadata
Known Gotchas
- ⚠ Writes directly to local disk locations (opencode config and studio data directories), so repeated automated calls may overwrite/duplicate content unless the agent manages idempotency.
- ⚠ Deep links can trigger installs/imports; agent-controlled URL opening could execute commands or fetch remote resources, so treat these actions as potentially side-effectful.
- ⚠ No machine-readable API contract (OpenAPI) is provided in the README, so agent integration via HTTP endpoints is not clearly defined.
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for opencode-studio.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-03-30.