Probityopencode

Integration · opencode

Prove what opencode did on the machine you already control.

Your engineers run opencode at full autonomy on the host you already control. Probity wraps each session in a per-task microVM and signs a tamper-evident record of every action, collected from outside the agent's reach and streamed to the SIEM your security team already runs.

Works with opencode's headless server (opencode serve). opencode server docs ↗

The problem

opencode runs every tool call on your own host.

opencode starts a local server and executes shell commands, file reads and writes and MCP calls on the machine you point it at, under your developer's credentials. The only account of what it did is opencode's own log.

It runs shell and edits files with your developer's access.

It can reach any local or network resource that host can.

opencode's own log is the only record of what it did.

How it integrates

Run opencode inside a Probity microVM.

Grounded in the vendor's own documentation, not a bolt-on. opencode server docs ↗

1

opencode already runs on your infra

opencode starts a local server and runs every tool call, bash, file reads and writes, MCP calls, on the machine you point it at. Nothing leaves your boundary. Probity changes none of that.

2

Run each session in a Probity microVM

Launch opencode serve or opencode run inside a Probity per-task microVM with a host sensor the agent cannot see or reach. Every process, file read/write, network egress and MCP call is captured from the host, not from opencode's own log endpoint.

3

Ship one signed record per session

Each opencode session becomes a signed, append-only record and streams to the SIEM and object store you already run, supporting incident review and applicable Article 12 or NYDFS evidence controls.

opencode+ any other agent you runGUEST · microVMsessionSESSION · supporting detailBOUNDARY · evidenceHOST · evidence0x9f2cok0x9f2dok0x9f2eflaggedsigned · append-only

What you get

Your engineers keep shipping. Your security team can prove it.

For engineering

  • Run opencode at full autonomy, in the terminal or headless.
  • Everything stays on the host you already control.
  • No change to your config, agents or MCP setup.

For security & compliance

  • A tamper-evident record of every session, collected from the host, not opencode's log.
  • Streams to the SIEM you already run, no new console.
  • Incident-ready and retained for applicable Article 12 or NYDFS evidence controls.

What's captured

Every opencode session, fully recorded.

Seven classes of behavioral evidence per opencode session, protected by one tamper-evident integrity chain.

Process activity

Every spawn, argument, and exit code.

File reads

Every path opened, secrets included.

File writes

Every file created or modified.

Network calls

Every outbound destination and method.

MCP tool calls

Every tool the agent invoked.

Syscall surface

The kernel calls it was allowed.

Session identity

Which scoped token, expiring per task.

Exports to

One signed record per opencode session, streamed to the SIEM and object store you already run.

Splunk
CrowdStrike
Datadog
Elastic
Grafana
Snowflake

Compliance

Your opencode trail has to survive an audit.

Evidence debt starts nowYou cannot reconstruct an unrecorded agent session later

Article 12 applies to high-risk AI systems, and NYDFS Part 500 applies to covered entities. For every team, a log written inside opencode's reach remains an incident and audit gap.

Private beta. Twelve deployments.

Probity is in private beta: the first cohort is limited to twelve deployments, each reviewed and onboarded by a NOFire AI founder.

No sales process. Reviewed by a founder within one business day.

Questions first? Write to contact@nofire.ai.