Skip to main content

Network

This page documents the network connections OpenCode makes and how to configure network access for different environments.

Outbound Connections

OpenCode connects to external services for several purposes:

DestinationPurposeRequiredConfigurable
LLM provider APIsModel inference and completionYesYes
OpenCode Zen / GoAuthentication and licensingFor licensed featuresNo
Auto-update endpointVersion update checksNoYes
Remote config host.well-known/opencode configNoYes
Web content URLsTools that fetch web pagesConditionalYes
mDNS multicastLocal network discoveryNoYes
Plugin registries (npm)Plugin installationConditionalNo

LLM Provider APIs

OpenCode connects to the API endpoints configured in your provider settings. Common endpoints include:

https://api.anthropic.com/v1/
https://api.openai.com/v1/
https://generativelanguage.googleapis.com/v1/
https://api.groq.com/openai/v1/
https://api.together.xyz/v1/
https://api.fireworks.ai/inference/v1/
https://api.mistral.ai/v1/
https://api.cohere.com/v1/

For self-hosted models, configure the base URL in opencode.json:

{
  "provider": {
    "ollama": {
      "baseURL": "http://localhost:11434/api"
    },
    "lm-studio": {
      "baseURL": "http://localhost:1234/v1"
    }
  }
}

OpenCode Zen / Go

Authentication and licensed feature access require connectivity to OpenCode's auth services. These connections use HTTPS and transmit only authentication tokens and basic version information.

Auto-Update

By default, OpenCode checks for updates periodically. This behavior can be controlled:

{
  "autoupdate": false
}

Set to "notify" to check but not auto-install:

{
  "autoupdate": "notify"
}

Remote Configuration

OpenCode can fetch remote configuration from https://<host>/.well-known/opencode when supported by the configured provider or when explicitly configured. This enables organization-wide defaults for:

  • Allowed models
  • Provider configurations
  • Permission policies
  • Agent definitions

Remote config is fetched once at startup and cached. If the endpoint is unreachable, the local configuration is used without error.

Proxy Support

OpenCode respects standard system proxy environment variables:

HTTP_PROXY=http://proxy.corp.example:8080
HTTPS_PROXY=http://proxy.corp.example:8080
NO_PROXY=localhost,127.0.0.1,.internal.example

Both uppercase and lowercase variants are recognized (HTTP_PROXY, http_proxy, etc.). Set these in your shell profile or systemd service file:

export HTTP_PROXY="http://proxy.company.com:3128"
export HTTPS_PROXY="http://proxy.company.com:3128"
export NO_PROXY="127.0.0.1,localhost,.local"

mDNS Discovery

When the server mode has mdns enabled, OpenCode advertises its presence using multicast DNS. This requires:

  • UDP port 5353 for mDNS traffic
  • Multicast group 224.0.0.251 (IPv4) or ff02::fb (IPv6)
  • Network segment supporting multicast (may not work across VPNs or cloud VPCs without configuration)

Disable mDNS in environments where multicast is restricted:

{
  "server": {
    "mdns": false
  }
}

CORS

In server mode with web UI or browser-based clients, configure Cross-Origin Resource Sharing:

{
  "server": {
    "cors": [
      "http://localhost:5173",
      "https://opencode.internal.example.com"
    ]
  }
}

CORS headers are only sent for origins that exactly match an entry in the list. Wildcard origins (*) are not supported for security reasons.

Firewall Rules

If you operate behind a corporate firewall, allow outbound HTTPS (TCP/443) to your LLM provider endpoints and the OpenCode auth services. For mDNS, allow UDP/5353 multicast on the local network segment.

Minimal Allowlist

For the most restricted environments, you only need:

  • HTTPS outbound to your LLM provider's API endpoint(s)
  • HTTPS outbound to api.opencode.ai (or whatever the auth domain is)

Everything else (auto-updates, remote config, web tools) is optional and can be disabled.

Offline Mode

OpenCode works fully offline when using a local provider (Ollama, LM Studio, etc.) and when auto-update and remote config are disabled:

{
  "autoupdate": false,
  "provider": {
    "ollama": {
      "baseURL": "http://localhost:11434/api"
    }
  }
}

No internet connection is required when all models are served locally.

Troubleshooting Network Issues

# Check connectivity to provider
curl -v https://api.anthropic.com/v1/messages \
  -H "x-api-key: $ANTHROPIC_API_KEY" \
  -H "anthropic-version: 2023-06-01" \
  -d '{"model":"claude-sonnet-4-20250514","max_tokens":10,"messages":[{"role":"user","content":"hi"}]}'

# Verify proxy configuration
echo $HTTP_PROXY
echo $HTTPS_PROXY
echo $NO_PROXY

# Test mDNS resolution
dns-sd -B _opencode._tcp local

# Check OpenCode auth status
opencode auth list