Public beta. SignalSpore is a decision-support registry, not certification or security assurance. Evidence may be incomplete; verify controls in your own environment. Methodology · Launch audit · Correction policy · Limitations
Agent rollout decision record

OpenCode

Evidence hold Terminal and coding agent: review official evidence before any pilot.

Verdict

Evidence hold

Tracked record has insufficient claim-level editorial evidence for rollout use.

Decision depth: Preliminary monitored record. Not yet launch-audited for a rollout decision.

Evidence audit: automated extraction

Permission footprint

Repository readnot evidenced
File editsnot evidenced
Shell commandsnot evidenced
Pull requestsnot evidenced
Issue/PR commentsnot evidenced
Network/API callsnot evidenced
Secrets/env varsnot evidenced
Sandboxingnot evidenced
Permission controlsnot evidenced
Audit loggingnot evidenced
Enterprise adminnot evidenced
Branch isolationnot evidenced
Human approvalnot evidenced
Production deploymentnot evidenced

Power level

Level 3: executes actions

Highest-risk evidenced power: shell command execution

Controls separated

Required before pilot — organization must implement

least-privilege permissions, isolated branch, protected branches, mandatory human review, sandbox, command allowlist, audit logs, separate test credentials

Vendor-native control evidenced

None evidenced from public sources.

Vendor-native control not evidenced

native sandbox, permission system, audit logs, branch isolation, admin console, SSO

Pilot plan

Task class: Terminal and coding agent

Environment: local sandbox or non-production repository

Maximum access: shell command execution

Reviewer: senior developer plus security reviewer

Success criteria: bounded maintenance tasks complete with inspected commands and clean diffs

Stop conditions: unsafe shell command, unapproved network/secret access, or unreviewable changes

Prohibited: production systems, credential stores, unbounded shell access

Blocking issues and unknowns

Blockers: Record has not been launch-audited for rollout use.; reads repository is not explicitly evidenced in the current source set.

Unknowns: Human editorial review pending.

Limitations: Tracked record depth is limited; do not use as an approval basis.

Claim-level evidence

reads repository

OpenCode: reads repository

Status: not-evidenced · Reviewer: automated-extraction · Confidence: 24/100

Source: SST official source set (official-docs)

Excerpt:

Limitations: No exact official-source excerpt was found for reads repository; treat as an evidence gap.

edits files

OpenCode: edits files

Status: not-evidenced · Reviewer: automated-extraction · Confidence: 24/100

Source: SST official source set (official-docs)

Excerpt:

Limitations: No exact official-source excerpt was found for edits files; treat as an evidence gap.

runs commands

OpenCode: runs commands

Status: not-evidenced · Reviewer: automated-extraction · Confidence: 24/100

Source: SST official source set (official-docs)

Excerpt:

Limitations: No exact official-source excerpt was found for runs commands; treat as an evidence gap.

opens pull requests

OpenCode: opens pull requests

Status: not-evidenced · Reviewer: automated-extraction · Confidence: 24/100

Source: SST official source set (official-docs)

Excerpt:

Limitations: No exact official-source excerpt was found for opens pull requests; treat as an evidence gap.

comments on issues or PRs

OpenCode: comments on issues or PRs

Status: not-evidenced · Reviewer: automated-extraction · Confidence: 24/100

Source: SST official source set (official-docs)

Excerpt:

Limitations: No exact official-source excerpt was found for comments on issues or PRs; treat as an evidence gap.

accesses secrets or environment variables

OpenCode: accesses secrets or environment variables

Status: not-evidenced · Reviewer: automated-extraction · Confidence: 24/100

Source: SST official source set (official-docs)

Excerpt:

Limitations: No exact official-source excerpt was found for accesses secrets or environment variables; treat as an evidence gap.

makes network/API calls

OpenCode: makes network/API calls

Status: not-evidenced · Reviewer: automated-extraction · Confidence: 24/100

Source: SST official source set (official-docs)

Excerpt:

Limitations: No exact official-source excerpt was found for makes network/API calls; treat as an evidence gap.

supports sandboxing

OpenCode: supports sandboxing

Status: not-evidenced · Reviewer: automated-extraction · Confidence: 24/100

Source: SST official source set (official-docs)

Excerpt:

Limitations: No exact official-source excerpt was found for supports sandboxing; treat as an evidence gap.

supports permission controls

OpenCode: supports permission controls

Status: not-evidenced · Reviewer: automated-extraction · Confidence: 24/100

Source: SST official source set (official-docs)

Excerpt:

Limitations: No exact official-source excerpt was found for supports permission controls; treat as an evidence gap.

provides audit logging

OpenCode: provides audit logging

Status: not-evidenced · Reviewer: automated-extraction · Confidence: 24/100

Source: SST official source set (official-docs)

Excerpt:

Limitations: No exact official-source excerpt was found for provides audit logging; treat as an evidence gap.

supports enterprise administration

OpenCode: supports enterprise administration

Status: not-evidenced · Reviewer: automated-extraction · Confidence: 24/100

Source: SST official source set (official-docs)

Excerpt:

Limitations: No exact official-source excerpt was found for supports enterprise administration; treat as an evidence gap.

supports branch isolation

OpenCode: supports branch isolation

Status: not-evidenced · Reviewer: automated-extraction · Confidence: 24/100

Source: SST official source set (official-docs)

Excerpt:

Limitations: No exact official-source excerpt was found for supports branch isolation; treat as an evidence gap.

Alternatives

  • No editorial alternatives set yet.