Prove what opencode did on the machine you already control.
Your engineers run opencode at full autonomy on the host you already control. Probity wraps each session in a per-task microVM and signs a tamper-evident record of every action, collected from outside the agent's reach and streamed to the SIEM your security team already runs.
opencode runs every tool call on your own host.
opencode starts a local server and executes shell commands, file reads and writes and MCP calls on the machine you point it at, under your developer's credentials. The only account of what it did is opencode's own log.
It runs shell and edits files with your developer's access.
It can reach any local or network resource that host can.
opencode's own log is the only record of what it did.
Run opencode inside a Probity microVM.
Grounded in the vendor's own documentation, not a bolt-on. opencode server docs ↗
opencode already runs on your infra
opencode starts a local server and runs every tool call, bash, file reads and writes, MCP calls, on the machine you point it at. Nothing leaves your boundary. Probity changes none of that.
Run each session in a Probity microVM
Launch opencode serve or opencode run inside a Probity per-task microVM with a host sensor the agent cannot see or reach. Every process, file read/write, network egress and MCP call is captured from the host, not from opencode's own log endpoint.
Ship one signed record per session
Each opencode session becomes a signed, append-only record and streams to the SIEM and object store you already run, supporting incident review and applicable Article 12 or NYDFS evidence controls.
Your engineers keep shipping. Your security team can prove it.
- Run opencode at full autonomy, in the terminal or headless.
- Everything stays on the host you already control.
- No change to your config, agents or MCP setup.
- A tamper-evident record of every session, collected from the host, not opencode's log.
- Streams to the SIEM you already run, no new console.
- Incident-ready and retained for applicable Article 12 or NYDFS evidence controls.
Every opencode session, fully recorded.
Seven classes of behavioral evidence per opencode session, protected by one tamper-evident integrity chain.
Process activity
Every spawn, argument, and exit code.
File reads
Every path opened, secrets included.
File writes
Every file created or modified.
Network calls
Every outbound destination and method.
MCP tool calls
Every tool the agent invoked.
Syscall surface
The kernel calls it was allowed.
Session identity
Which scoped token, expiring per task.
One signed record per opencode session, streamed to the SIEM and object store you already run.
Your opencode trail has to survive an audit.
Article 12 applies to high-risk AI systems, and NYDFS Part 500 applies to covered entities. For every team, a log written inside opencode's reach remains an incident and audit gap.
Private beta. Twelve deployments.
Probity is in private beta: the first cohort is limited to twelve deployments, each reviewed and onboarded by a NOFire AI founder.
Questions first? Write to contact@nofire.ai.