Close Open Privacy Scan

bolt Snapshot: commit a72c388
science engine v3
schedule 2026-07-08T18:23:37.241941+00:00

verified_user Application data leak confirmed

High-confidence data exfiltration identified in application code.

Incomplete scan — only 81/196 dependencies were analyzed. Treat the score as provisional.

App Privacy Score

0 /100
High privacy risk — application leak confirmed

High risk · 1213 finding(s)

Dependency score: 27 (High risk)

bar_chart Score Breakdown

pii_flow −60
telemetry −25
egress −15
env_fs −3

list Scan Summary

54 high 58 medium 1101 low
First-party packages: 22
Dependency packages: 27
Ecosystem: npm

swap_horiz Confirmed data exfiltration in application code

External domains: ${process.env.PLAYWRIGHT_SERVER_HOSTapi.anthropic.comapi.emailoctopus.comapi.github.comapi.github.com${endpoint}`,api.github.com`;api.honeycomb.ioapi.opencode.aiapi.releases.hashicorp.comapp.opencode.aicommunity.chocolatey.orgformulae.brew.shgithub.comgithub.com`;gitlab.commcp.exa.aimodels.devoauth2.googleapis.comopencode.airaw.githubusercontent.comregistry.npmjs.orgus.i.posthog.comwww.google.com

high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/.opencode/tool/github-pr-search.ts:7 repo/.opencode/tool/github-pr-search.ts:4
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/.opencode/tool/github-triage.ts:26 repo/.opencode/tool/github-triage.ts:23
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/cli/script/generate.ts:1 repo/packages/cli/script/generate.ts:5
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/app/src/component/email-signup.tsx:13 repo/packages/console/app/src/component/email-signup.tsx:10
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/app/src/lib/salesforce.ts:63 repo/packages/console/app/src/lib/salesforce.ts:54
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/app/src/routes/api/enterprise.ts:42 repo/packages/console/app/src/routes/api/enterprise.ts:39
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/function/src/auth.ts:114 repo/packages/console/function/src/auth.ts:112
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/function/src/auth.ts:121 repo/packages/console/function/src/auth.ts:119
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/function/src/log-processor.ts:72 repo/packages/console/function/src/log-processor.ts:68
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/core/src/plugin/provider/openai.ts:125 repo/packages/core/src/plugin/provider/openai.ts:122
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/core/src/session/compaction.ts:176 repo/packages/core/src/session/compaction.ts:197
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/desktop/scripts/finalize-latest-json.ts:16 repo/packages/desktop/scripts/finalize-latest-json.ts:32
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/desktop/scripts/finalize-latest-json.ts:16 repo/packages/desktop/scripts/finalize-latest-json.ts:116
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/script/generate.ts:10 repo/packages/opencode/script/generate.ts:13
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/cli/cmd/github.handler.ts:471 repo/packages/opencode/src/cli/cmd/github.handler.ts:791
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/cli/cmd/github.handler.ts:471 repo/packages/opencode/src/cli/cmd/github.handler.ts:1583
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/openai/codex.ts:487 repo/packages/opencode/src/plugin/openai/codex.ts:479
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/openai/codex.ts:487 repo/packages/opencode/src/plugin/openai/codex.ts:497
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/xai.ts:149 repo/packages/opencode/src/plugin/xai.ts:149
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/xai.ts:168 repo/packages/opencode/src/plugin/xai.ts:168
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/xai.ts:251 repo/packages/opencode/src/plugin/xai.ts:251
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/session/llm/native-runtime.ts:92 repo/packages/opencode/src/session/llm/native-runtime.ts:90
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/stats/app/src/routes/api/newsletter.ts:20 repo/packages/stats/app/src/routes/api/newsletter.ts:17
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/ui/vite.config.ts:48 repo/packages/ui/vite.config.ts:49
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/ui/vite.config.ts:48 repo/packages/ui/vite.config.ts:54
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/script/github/close-issues.ts:7 repo/script/github/close-issues.ts:45
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/script/github/close-issues.ts:7 repo/script/github/close-issues.ts:52
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/script/github/close-issues.ts:7 repo/script/github/close-issues.ts:67
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/script/stats.ts:4 repo/script/stats.ts:11
high first-party (npm): packages/ui User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/ui/vite.config.ts:48 repo/packages/ui/vite.config.ts:49
high first-party (npm): packages/ui User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/ui/vite.config.ts:48 repo/packages/ui/vite.config.ts:54
high first-party (npm): packages/cli User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/cli/script/generate.ts:1 repo/packages/cli/script/generate.ts:5
high first-party (npm): packages/core User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/core/src/plugin/provider/openai.ts:125 repo/packages/core/src/plugin/provider/openai.ts:122
high first-party (npm): packages/core User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/core/src/session/compaction.ts:176 repo/packages/core/src/session/compaction.ts:197
high first-party (npm): packages/desktop User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/desktop/scripts/finalize-latest-json.ts:16 repo/packages/desktop/scripts/finalize-latest-json.ts:32
high first-party (npm): packages/desktop User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/desktop/scripts/finalize-latest-json.ts:16 repo/packages/desktop/scripts/finalize-latest-json.ts:116
high first-party (npm): packages/opencode User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/script/generate.ts:10 repo/packages/opencode/script/generate.ts:13
high first-party (npm): packages/opencode User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/cli/cmd/github.handler.ts:471 repo/packages/opencode/src/cli/cmd/github.handler.ts:791
high first-party (npm): packages/opencode User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/cli/cmd/github.handler.ts:471 repo/packages/opencode/src/cli/cmd/github.handler.ts:1583
high first-party (npm): packages/opencode User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/openai/codex.ts:487 repo/packages/opencode/src/plugin/openai/codex.ts:479
high first-party (npm): packages/opencode User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/openai/codex.ts:487 repo/packages/opencode/src/plugin/openai/codex.ts:497
high first-party (npm): packages/opencode User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/xai.ts:149 repo/packages/opencode/src/plugin/xai.ts:149
high first-party (npm): packages/opencode User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/xai.ts:168 repo/packages/opencode/src/plugin/xai.ts:168
high first-party (npm): packages/opencode User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/xai.ts:251 repo/packages/opencode/src/plugin/xai.ts:251
high first-party (npm): packages/opencode User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/session/llm/native-runtime.ts:92 repo/packages/opencode/src/session/llm/native-runtime.ts:90
high first-party (npm): packages/stats/app User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/stats/app/src/routes/api/newsletter.ts:20 repo/packages/stats/app/src/routes/api/newsletter.ts:17
high first-party (npm): packages/console/app User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/app/src/component/email-signup.tsx:13 repo/packages/console/app/src/component/email-signup.tsx:10
high first-party (npm): packages/console/app User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/app/src/lib/salesforce.ts:63 repo/packages/console/app/src/lib/salesforce.ts:54
high first-party (npm): packages/console/app User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/app/src/routes/api/enterprise.ts:42 repo/packages/console/app/src/routes/api/enterprise.ts:39
high first-party (npm): packages/console/function User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/function/src/auth.ts:114 repo/packages/console/function/src/auth.ts:112
high first-party (npm): packages/console/function User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/function/src/auth.ts:121 repo/packages/console/function/src/auth.ts:119
high first-party (npm): packages/console/function User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/function/src/log-processor.ts:72 repo/packages/console/function/src/log-processor.ts:68
medium first-party (npm) Credentials parsed from the request URL are applied as authorization on the same outbound HTTP request. This is intentional URL authentication, not unexpected data exfiltration.
repo/packages/console/app/src/lib/salesforce.ts:57 repo/packages/console/app/src/lib/salesforce.ts:54
medium first-party (npm): packages/console/app Credentials parsed from the request URL are applied as authorization on the same outbound HTTP request. This is intentional URL authentication, not unexpected data exfiltration.
repo/packages/console/app/src/lib/salesforce.ts:57 repo/packages/console/app/src/lib/salesforce.ts:54
hub Dependency data flows (2)
high ai dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/[email protected]/src/realtime/realtime-session.ts:110 pkgs/npm/[email protected]/src/realtime/realtime-session.ts:110
high @openauthjs/openauth dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/@[email protected]/src/provider/oauth2.ts:193 pkgs/npm/@[email protected]/src/provider/oauth2.ts:193

</> First-Party Code

first-party (npm)

npm first-party
high pii_flow production #da38c6cd37300ad3 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/.opencode/tool/github-pr-search.ts:4 · flow /tmp/closeopen-dazfq3g5/repo/.opencode/tool/github-pr-search.ts:7 → /tmp/closeopen-dazfq3g5/repo/.opencode/tool/github-pr-search.ts:4
  const response = await fetch(`https://api.github.com${endpoint}`, {
    ...options,
    headers: {
      Authorization: `Bearer ${process.env.GITHUB_TOKEN}`,
      Accept: "application/vnd.github+json",
      "Content-Type": "application/json",
      ...(options.headers instanceof Headers ? Object.fromEntries(options.headers.entries()) : options.headers),
    },
  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #64179a92f23569bf User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/.opencode/tool/github-triage.ts:23 · flow /tmp/closeopen-dazfq3g5/repo/.opencode/tool/github-triage.ts:26 → /tmp/closeopen-dazfq3g5/repo/.opencode/tool/github-triage.ts:23
  const response = await fetch(`https://api.github.com${endpoint}`, {
    ...options,
    headers: {
      Authorization: `Bearer ${process.env.GITHUB_TOKEN}`,
      Accept: "application/vnd.github+json",
      "Content-Type": "application/json",
      ...(options.headers instanceof Headers ? Object.fromEntries(options.headers.entries()) : options.headers),
    },
  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #e71e2f440d8d1463 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/cli/script/generate.ts:5 · flow /tmp/closeopen-dazfq3g5/repo/packages/cli/script/generate.ts:1 → /tmp/closeopen-dazfq3g5/repo/packages/cli/script/generate.ts:5
  : await fetch(`${modelsUrl}/api.json`).then((response) => response.text())

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #61a601408bb2b31c User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/app/src/component/email-signup.tsx:10 · flow /tmp/closeopen-dazfq3g5/repo/packages/console/app/src/component/email-signup.tsx:13 → /tmp/closeopen-dazfq3g5/repo/packages/console/app/src/component/email-signup.tsx:10
  const response = await fetch(`https://api.emailoctopus.com/lists/${listId}/contacts`, {
    method: "PUT",
    headers: {
      Authorization: `Bearer ${Resource.EMAILOCTOPUS_API_KEY.value}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      email_address: emailAddress,
    }),
  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #8e3a30af3f34c9d8 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/app/src/lib/salesforce.ts:54 · flow /tmp/closeopen-dazfq3g5/repo/packages/console/app/src/lib/salesforce.ts:63 → /tmp/closeopen-dazfq3g5/repo/packages/console/app/src/lib/salesforce.ts:54
  const res = await fetch(`${auth.url}/services/data/v59.0/sobjects/Lead`, {
    method: "POST",
    headers: {
      Authorization: `Bearer ${auth.token}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      LastName: input.name,
      Company: input.company?.trim() || "Website",
      Email: input.email,
      Phone: input.phone ?? null,
      Title: input.role,
      Description: input.message,
      LeadSource: "Website",
    }),
  }).catch((err) => {

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #a4af5327824029e0 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/app/src/routes/api/enterprise.ts:39 · flow /tmp/closeopen-dazfq3g5/repo/packages/console/app/src/routes/api/enterprise.ts:42 → /tmp/closeopen-dazfq3g5/repo/packages/console/app/src/routes/api/enterprise.ts:39
  return fetch(`https://api.emailoctopus.com/lists/${EMAIL_OCTOPUS_LIST_ID}/contacts`, {
    method: "PUT",
    headers: {
      Authorization: `Bearer ${Resource.EMAILOCTOPUS_API_KEY.value}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify(payload),
  }).then(

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #9e0fa252fdd07bc6 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/function/src/auth.ts:112 · flow /tmp/closeopen-dazfq3g5/repo/packages/console/function/src/auth.ts:114 → /tmp/closeopen-dazfq3g5/repo/packages/console/function/src/auth.ts:112
          const emails = (await fetch("https://api.github.com/user/emails", {
            headers: {
              Authorization: `Bearer ${response.tokenset.access}`,
              "User-Agent": "opencode",
              Accept: "application/vnd.github+json",
            },
          }).then((x) => x.json())) as any

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #ea442e2e74cbb299 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/function/src/auth.ts:119 · flow /tmp/closeopen-dazfq3g5/repo/packages/console/function/src/auth.ts:121 → /tmp/closeopen-dazfq3g5/repo/packages/console/function/src/auth.ts:119
          const user = (await fetch("https://api.github.com/user", {
            headers: {
              Authorization: `Bearer ${response.tokenset.access}`,
              "User-Agent": "opencode",
              Accept: "application/vnd.github+json",
            },
          }).then((x) => x.json())) as any

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #92df2b8cbf489e2a User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/function/src/log-processor.ts:68 · flow /tmp/closeopen-dazfq3g5/repo/packages/console/function/src/log-processor.ts:72 → /tmp/closeopen-dazfq3g5/repo/packages/console/function/src/log-processor.ts:68
              fetch(lakeIngest.url, {
                method: "POST",
                headers: {
                  "Content-Type": "application/json",
                  Authorization: `Bearer ${lakeIngest.secret}`,
                },
                body: JSON.stringify({ events: events.map((event) => toLakeEvent(event.time, event.data)) }),
              }),

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #04c953f847a4683b User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/core/src/plugin/provider/openai.ts:122 · flow /tmp/closeopen-dazfq3g5/repo/packages/core/src/plugin/provider/openai.ts:125 → /tmp/closeopen-dazfq3g5/repo/packages/core/src/plugin/provider/openai.ts:122
                fetch(`${issuer}/api/accounts/deviceauth/token`, {
                  method: "POST",
                  headers: headers("application/json"),
                  body: JSON.stringify({ device_auth_id: device.device_auth_id, user_code: device.user_code }),
                  signal,
                }),

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #72290f1703505a21 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/core/src/session/compaction.ts:197 · flow /tmp/closeopen-dazfq3g5/repo/packages/core/src/session/compaction.ts:176 → /tmp/closeopen-dazfq3g5/repo/packages/core/src/session/compaction.ts:197
        LLM.request({
          model: input.model,
          messages: [Message.user(summaryPrompt)],
          tools: [],
          generation: { maxTokens: summaryOutput },
        }),

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #54339237163cbb1d User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/desktop/scripts/finalize-latest-json.ts:32 · flow /tmp/closeopen-dazfq3g5/repo/packages/desktop/scripts/finalize-latest-json.ts:16 → /tmp/closeopen-dazfq3g5/repo/packages/desktop/scripts/finalize-latest-json.ts:32
const rel = await fetch(`https://api.github.com/repos/${repo}/releases/${releaseId}`, {
  headers: {
    Authorization: `token ${token}`,
    Accept: "application/vnd.github+json",
  },
})

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #6b6d14708990e4e1 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/desktop/scripts/finalize-latest-json.ts:116 · flow /tmp/closeopen-dazfq3g5/repo/packages/desktop/scripts/finalize-latest-json.ts:16 → /tmp/closeopen-dazfq3g5/repo/packages/desktop/scripts/finalize-latest-json.ts:116
  const res = await fetch(asset?.url ?? url, {
    headers: {
      Authorization: `token ${token}`,
      ...(asset ? { Accept: "application/octet-stream" } : {}),
    },
  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #659dd6288ff0627e User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/script/generate.ts:13 · flow /tmp/closeopen-dazfq3g5/repo/packages/opencode/script/generate.ts:10 → /tmp/closeopen-dazfq3g5/repo/packages/opencode/script/generate.ts:13
  : await fetch(`${modelsUrl}/api.json`).then((x) => x.text())

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #d0d16803297b105f User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/cli/cmd/github.handler.ts:791 · flow /tmp/closeopen-dazfq3g5/repo/packages/opencode/src/cli/cmd/github.handler.ts:471 → /tmp/closeopen-dazfq3g5/repo/packages/opencode/src/cli/cmd/github.handler.ts:791
        const res = await fetch(url, {
          headers: {
            Authorization: `Bearer ${appToken}`,
            Accept: "application/vnd.github.v3+json",
          },
        })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #b1d7bc57e6c4db95 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/cli/cmd/github.handler.ts:1583 · flow /tmp/closeopen-dazfq3g5/repo/packages/opencode/src/cli/cmd/github.handler.ts:471 → /tmp/closeopen-dazfq3g5/repo/packages/opencode/src/cli/cmd/github.handler.ts:1583
      await fetch("https://api.github.com/installation/token", {
        method: "DELETE",
        headers: {
          Authorization: `Bearer ${appToken}`,
          Accept: "application/vnd.github+json",
          "X-GitHub-Api-Version": "2022-11-28",
        },
      })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #4367165a7834f135 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/openai/codex.ts:479 · flow /tmp/closeopen-dazfq3g5/repo/packages/opencode/src/plugin/openai/codex.ts:487 → /tmp/closeopen-dazfq3g5/repo/packages/opencode/src/plugin/openai/codex.ts:479
                  const response = await fetch(`${ISSUER}/api/accounts/deviceauth/token`, {
                    method: "POST",
                    headers: {
                      "Content-Type": "application/json",
                      "User-Agent": `opencode/${InstallationVersion}`,
                    },
                    body: JSON.stringify({
                      device_auth_id: deviceData.device_auth_id,
                      user_code: deviceData.user_code,
                    }),
                  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #a9155a83e8b96622 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/openai/codex.ts:497 · flow /tmp/closeopen-dazfq3g5/repo/packages/opencode/src/plugin/openai/codex.ts:487 → /tmp/closeopen-dazfq3g5/repo/packages/opencode/src/plugin/openai/codex.ts:497
                    const tokenResponse = await fetch(`${ISSUER}/oauth/token`, {
                      method: "POST",
                      headers: { "Content-Type": "application/x-www-form-urlencoded" },
                      body: new URLSearchParams({
                        grant_type: "authorization_code",
                        code: data.authorization_code,
                        redirect_uri: `${ISSUER}/deviceauth/callback`,
                        client_id: CLIENT_ID,
                        code_verifier: data.code_verifier,
                      }).toString(),
                    })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #2838975ed3ff6a95 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/xai.ts:149 · flow /tmp/closeopen-dazfq3g5/repo/packages/opencode/src/plugin/xai.ts:149 → /tmp/closeopen-dazfq3g5/repo/packages/opencode/src/plugin/xai.ts:149
  const response = await fetch(options.tokenUrl ?? TOKEN_URL, {
    method: "POST",
    headers: authHeaders(),
    body: new URLSearchParams({
      grant_type: "authorization_code",
      code,
      redirect_uri: REDIRECT_URI,
      client_id: CLIENT_ID,
      code_verifier: pkce.verifier,
    }).toString(),
  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #7330cff124c228d7 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/xai.ts:168 · flow /tmp/closeopen-dazfq3g5/repo/packages/opencode/src/plugin/xai.ts:168 → /tmp/closeopen-dazfq3g5/repo/packages/opencode/src/plugin/xai.ts:168
  const response = await fetch(options.tokenUrl ?? TOKEN_URL, {
    method: "POST",
    headers: authHeaders(),
    body: new URLSearchParams({
      grant_type: "refresh_token",
      refresh_token: refreshToken,
      client_id: CLIENT_ID,
    }).toString(),
  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #1626aa2c49beb506 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/xai.ts:251 · flow /tmp/closeopen-dazfq3g5/repo/packages/opencode/src/plugin/xai.ts:251 → /tmp/closeopen-dazfq3g5/repo/packages/opencode/src/plugin/xai.ts:251
    const response = await fetch(options.tokenUrl ?? TOKEN_URL, {
      method: "POST",
      headers: authHeaders(),
      body: new URLSearchParams({
        grant_type: DEVICE_CODE_GRANT_TYPE,
        client_id: CLIENT_ID,
        device_code: device.device_code,
      }).toString(),
    })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #09a1b8a9fbff4ea7 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/session/llm/native-runtime.ts:90 · flow /tmp/closeopen-dazfq3g5/repo/packages/opencode/src/session/llm/native-runtime.ts:92 → /tmp/closeopen-dazfq3g5/repo/packages/opencode/src/session/llm/native-runtime.ts:90
  const request = LLMNative.request({
    model: input.model,
    apiKey: current.apiKey,
    baseURL: current.baseURL,
    messages: ProviderTransform.message(input.messages, input.model, input.providerOptions ?? {}),
    toolChoice: input.toolChoice,
    temperature: input.temperature,
    topP: input.topP,
    topK: input.topK,
    maxOutputTokens: input.maxOutputTokens,
    providerOptions: ProviderTransform.providerOptions(input.model, input.providerOptions ?? {}),
    headers: { ...providerHeaders(input.provider.options.headers), ...input.headers },
  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #9d1525bc4d433e3c User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/stats/app/src/routes/api/newsletter.ts:17 · flow /tmp/closeopen-dazfq3g5/repo/packages/stats/app/src/routes/api/newsletter.ts:20 → /tmp/closeopen-dazfq3g5/repo/packages/stats/app/src/routes/api/newsletter.ts:17
  const response = await fetch(`https://api.emailoctopus.com/lists/${listId}/contacts`, {
    method: "PUT",
    headers: {
      Authorization: `Bearer ${Resource.EMAILOCTOPUS_API_KEY.value}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      email_address: emailAddress.trim(),
    }),
  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #544183b547ab892f User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/ui/vite.config.ts:49 · flow /tmp/closeopen-dazfq3g5/repo/packages/ui/vite.config.ts:48 → /tmp/closeopen-dazfq3g5/repo/packages/ui/vite.config.ts:49
  const providers = await fetch(`${url}/api.json`)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #6e7310893069654e User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/ui/vite.config.ts:54 · flow /tmp/closeopen-dazfq3g5/repo/packages/ui/vite.config.ts:48 → /tmp/closeopen-dazfq3g5/repo/packages/ui/vite.config.ts:54
      fetch(`${url}/logos/${provider}.svg`)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #f2b0db26993d31b2 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/script/github/close-issues.ts:45 · flow /tmp/closeopen-dazfq3g5/repo/script/github/close-issues.ts:7 → /tmp/closeopen-dazfq3g5/repo/script/github/close-issues.ts:45
  const comment = await fetch(`${base}/comments`, {
    method: "POST",
    headers,
    body: JSON.stringify({ body: msg }),
  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #35497a3139722d35 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/script/github/close-issues.ts:52 · flow /tmp/closeopen-dazfq3g5/repo/script/github/close-issues.ts:7 → /tmp/closeopen-dazfq3g5/repo/script/github/close-issues.ts:52
  const patch = await fetch(base, {
    method: "PATCH",
    headers,
    body: JSON.stringify({ state: "closed", state_reason: "not_planned" }),
  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #08212435533c1ebf User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/script/github/close-issues.ts:67 · flow /tmp/closeopen-dazfq3g5/repo/script/github/close-issues.ts:7 → /tmp/closeopen-dazfq3g5/repo/script/github/close-issues.ts:67
    const res = await fetch(
      `https://api.github.com/repos/${repo}/issues?state=open&sort=updated&direction=asc&per_page=100&page=${page}`,
      { headers },
    )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #2aeaa38ae1c7cec0 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/script/stats.ts:11 · flow /tmp/closeopen-dazfq3g5/repo/script/stats.ts:4 → /tmp/closeopen-dazfq3g5/repo/script/stats.ts:11
  const response = await fetch("https://us.i.posthog.com/i/v0/e/", {
    method: "POST",
    headers: {
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      distinct_id: "download",
      api_key: key,
      event,
      properties: {
        ...properties,
      },
    }),
  }).catch(() => null)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

medium telemetry production #c1e3e42b5a82d976 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/app/src/app.tsx:2
import * as Sentry from "@sentry/solid"

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #dd689515e1195c02 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/app/src/entry.tsx:3
import * as Sentry from "@sentry/solid"

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #daa50768f8ef18ce Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/app/src/pages/error.tsx:2
import * as Sentry from "@sentry/solid"

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #e591be29d7f7b02c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/app/vite.config.ts:1
import { sentryVitePlugin } from "@sentry/vite-plugin"

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium pii_flow production #fff23f96a1cdf681 Credentials parsed from the request URL are applied as authorization on the same outbound HTTP request. This is intentional URL authentication, not unexpected data exfiltration.
repo/packages/console/app/src/lib/salesforce.ts:54 · flow /tmp/closeopen-dazfq3g5/repo/packages/console/app/src/lib/salesforce.ts:57 → /tmp/closeopen-dazfq3g5/repo/packages/console/app/src/lib/salesforce.ts:54
  const res = await fetch(`${auth.url}/services/data/v59.0/sobjects/Lead`, {
    method: "POST",
    headers: {
      Authorization: `Bearer ${auth.token}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      LastName: input.name,
      Company: input.company?.trim() || "Website",
      Email: input.email,
      Phone: input.phone ?? null,
      Title: input.role,
      Description: input.message,
      LeadSource: "Website",
    }),
  }).catch((err) => {

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

medium telemetry production #9b98805dc7727a82 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:312
      await rateLimiter?.track()

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #8eddb80e3cf89e20 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:317
        await trialLimiter?.track(usageInfo)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #9f23cf4c0d82e986 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:318
        await modelTpmLimiter?.track(providerInfo.id, providerInfo.model, usageInfo)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ad5a46b31764fd99 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:319
        await providerBudgetTracker?.track(providerInfo.id, providerInfo.budgetPriority, costInfo.totalCostInCent)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #9ebac4a8345473e5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:366
                await rateLimiter?.track()

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #bd791250e93d1134 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:371
                  await trialLimiter?.track(usageInfo)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #12b95138fb862e15 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:372
                  await modelTpmLimiter?.track(providerInfo.id, providerInfo.model, usageInfo)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #6cdc4614399e0927 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:373
                  await modelTpsLimiter?.track(
                    providerInfo.id,
                    providerInfo.model,
                    providerInfo.tpsGoal,
                    timestampFirstByte,
                    timestampLastByte,
                    usageInfo,
                  )

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #2fef1c2df4143da0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:381
                  await providerBudgetTracker?.track(
                    providerInfo.id,
                    providerInfo.budgetPriority,
                    costInfo.totalCostInCent,
                  )

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #676f38b2e01f1373 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/desktop/electron.vite.config.ts:1
import { sentryVitePlugin } from "@sentry/vite-plugin"

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #96b9cf0e16cbd31c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/desktop/src/renderer/index.tsx:18
import * as Sentry from "@sentry/solid"

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #688d4a6ec06a70b2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/cli/cmd/debug/snapshot.ts:17
    const out = yield* Snapshot.Service.use((svc) => svc.track())

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #f95fcf344b2c06bd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/plugin/tui/runtime.ts:153
            return scope.track(typeof dispose === "function" ? (dispose as () => void) : undefined)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #45c53f9f202270c6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/plugin/tui/runtime.ts:173
        return scope.track(
          attention.soundboard.registerPack({
            ...pack,
            sounds: resolveHostAttentionSoundPaths(root, pack.sounds, { trim: true }),
          }),
        )

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #29a11246792bf255 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/plugin/tui/runtime.ts:199
      return scope.track(mode.push(value))

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #0d6363648fb40257 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/plugin/tui/runtime.ts:579
      return scope.track(api.route.register(list))

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #3b2023b77e43911a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/plugin/tui/runtime.ts:595
      return scope.track(api.event.on(type, handler))

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #a94a08274882dbb2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/plugin/tui/runtime.ts:607
      scope.track(host.register({ ...plugin, id }))

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #5d9a7a8b84f165fb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/session/processor.ts:102
      const initialSnapshot = yield* snapshot.track()

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #e56b0133f3c20f83 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/session/processor.ts:425
            if (!ctx.snapshot) ctx.snapshot = yield* snapshot.track()

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #eb02a43feb9d7542 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/session/processor.ts:436
            const completedSnapshot = yield* snapshot.track()

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #bb3f967de4f4fcd5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/session/revert.ts:70
      rev.snapshot = session.revert?.snapshot ?? (yield* snap.track())

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #4a0cc8861f4f2bb3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/snapshot/index.ts:780
        return yield* InstanceState.useEffect(state, (s) => s.track())

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #5e6030245b519575 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/session-ui/src/components/file.tsx:231
    if (bridge.track(event.buttons, hit.line)) return

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 476 low-confidence finding(s)
low env_fs production #f579c5af6afeffee Environment-variable access.
repo/.opencode/tool/github-pr-search.ts:7
      Authorization: `Bearer ${process.env.GITHUB_TOKEN}`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #11d3408772dd35e2 Environment-variable access.
repo/.opencode/tool/github-triage.ts:17
  const issue = parseInt(process.env.ISSUE_NUMBER ?? "", 10)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dc56110aad44fc6a Environment-variable access.
repo/.opencode/tool/github-triage.ts:26
      Authorization: `Bearer ${process.env.GITHUB_TOKEN}`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ca92cba51dcc0aa6 Environment-variable access.
repo/github/index.ts:302
  const value = process.env["MODEL"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #60e10ae733742738 Environment-variable access.
repo/github/index.ts:316
  const runId = process.env["GITHUB_RUN_ID"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1546a8dc036f0801 Environment-variable access.
repo/github/index.ts:323
  return process.env["AGENT"] || undefined

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #982850bb9b29bfc6 Environment-variable access.
repo/github/index.ts:327
  const value = process.env["SHARE"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8e832f4b9560a7ae Environment-variable access.
repo/github/index.ts:336
    mockEvent: process.env["MOCK_EVENT"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0987af5376d9c8e0 Environment-variable access.
repo/github/index.ts:337
    mockToken: process.env["MOCK_TOKEN"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8b77fca7c0e2ca17 Environment-variable access.
repo/github/index.ts:342
  return process.env["TOKEN"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #81284096be61a7f0 Hardcoded external endpoint. Review what data is sent to this destination.
repo/github/index.ts:377
    response = await fetch("https://api.opencode.ai/exchange_github_app_token_with_pat", {
      method: "POST",
      headers: {
        Authorization: `Bearer ${useEnvMock().mockToken}`,
      },
      body: JSON.stringify({ owner: repo.owner, repo: repo.repo }),
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #37aa83cca157a1a3 Hardcoded external endpoint. Review what data is sent to this destination.
repo/github/index.ts:386
    response = await fetch("https://api.opencode.ai/exchange_github_app_token", {
      method: "POST",
      headers: {
        Authorization: `Bearer ${oidcToken}`,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #ff191f5548e308b9 Hardcoded external endpoint. Review what data is sent to this destination.
repo/github/index.ts:1064
  await fetch("https://api.github.com/installation/token", {
    method: "DELETE",
    headers: {
      Authorization: `Bearer ${accessToken}`,
      Accept: "application/vnd.github+json",
      "X-GitHub-Api-Version": "2022-11-28",
    },
  })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #e451b6dc151678aa Environment-variable access.
repo/infra/console.ts:276
          new sst.Secret("CLOUDFLARE_DEFAULT_ACCOUNT_ID", process.env.CLOUDFLARE_DEFAULT_ACCOUNT_ID!),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9fc3e2de4eea26b5 Environment-variable access.
repo/infra/console.ts:277
          new sst.Secret("CLOUDFLARE_API_TOKEN", process.env.CLOUDFLARE_API_TOKEN!),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #98ee51e26dd745c0 Filesystem access.
repo/nix/scripts/canonicalize-node-modules.ts:1
import { lstat, mkdir, readdir, rm, symlink } from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #944fca559fd65e8d Filesystem access.
repo/nix/scripts/normalize-bun-binaries.ts:1
import { lstat, mkdir, readdir, rm, symlink } from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e7f4dfd9aa1d46b7 Environment-variable access.
repo/packages/app/e2e/performance/benchmark.ts:32
          runID: process.env.OPENCODE_PERFORMANCE_RUN_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7b6a305f543e5378 Environment-variable access.
repo/packages/app/e2e/performance/benchmark.ts:125
      runID: process.env.OPENCODE_PERFORMANCE_RUN_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #97e18d87b8f6d84c Environment-variable access.
repo/packages/app/e2e/performance/benchmark.ts:133
        selectorTrace: process.env.OPENCODE_PERFORMANCE_SELECTOR_TRACE === "1",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #66cf76fc914b8bd6 Environment-variable access.
repo/packages/app/e2e/performance/chrome-trace.ts:22
  const directory = process.env.OPENCODE_PERFORMANCE_TRACE_DIR

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cba2ada670988cc5 Environment-variable access.
repo/packages/app/e2e/performance/chrome-trace.ts:25
  const selectors = process.env.OPENCODE_PERFORMANCE_SELECTOR_TRACE === "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #325f3c6ebec1671c Environment-variable access.
repo/packages/app/e2e/performance/chrome-trace.ts:76
  const run = process.env.OPENCODE_PERFORMANCE_RUN_ID ?? "manual"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #72dd40e01fb999a6 Environment-variable access.
repo/packages/app/e2e/performance/playwright.config.ts:3
const port = Number(process.env.PLAYWRIGHT_PORT ?? 3000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d9fc0f5f485fdd6d Environment-variable access.
repo/packages/app/e2e/performance/playwright.config.ts:4
process.env.PLAYWRIGHT_SERVER_PORT = String(port)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #95cfad0bcce01e86 Environment-variable access.
repo/packages/app/e2e/performance/playwright.config.ts:5
process.env.OPENCODE_PERFORMANCE_RUN_ID ??= `${new Date().toISOString().replace(/[:.]/g, "-")}-${process.pid}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #945dd8a9d6f1fc1e Environment-variable access.
repo/packages/app/e2e/performance/timeline-stability/fixture.ts:113
    server: `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a00d8352126ef103 Environment-variable access.
repo/packages/app/e2e/performance/timeline/review-pane-scaling-benchmark.spec.ts:10
const completionTimeoutMs = Number(process.env.REVIEW_PANE_COMPLETION_TIMEOUT_MS ?? 900_000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #411e8ff3e519005d Environment-variable access.
repo/packages/app/e2e/performance/timeline/review-pane-scaling-benchmark.spec.ts:44
        const patchByteLimit = Number(process.env.REVIEW_PANE_PATCH_BYTE_LIMIT ?? Number.POSITIVE_INFINITY)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #22fc69e305451d04 Environment-variable access.
repo/packages/app/e2e/performance/timeline/review-pane-scaling-benchmark.spec.ts:46
          throw new Error(`Invalid REVIEW_PANE_PATCH_BYTE_LIMIT: ${process.env.REVIEW_PANE_PATCH_BYTE_LIMIT}`)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9b04bc9dbfc5fed1 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-parent-hydration-benchmark.spec.ts:11
const mode = process.env.SESSION_PARENT_HYDRATION_BENCHMARK_MODE ?? "natural"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dce203ea35dac6ca Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-tab-switch-benchmark.spec.ts:33
    const runs = Number(process.env.SESSION_TAB_SWITCH_RUNS ?? 5)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d3ef6f761c284734 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:43
    benchmark.setTimeout(Number(process.env.TIMELINE_COMPLETION_TIMEOUT_MS ?? 420_000) + 60_000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ce579fdb60e68a90 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:49
    benchmark.setTimeout(Number(process.env.TIMELINE_COMPLETION_TIMEOUT_MS ?? 420_000) + 60_000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9010920a73526dda Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:55
    benchmark.setTimeout(Number(process.env.TIMELINE_COMPLETION_TIMEOUT_MS ?? 420_000) + 60_000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d0219d53866d6342 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:61
    benchmark.setTimeout(Number(process.env.TIMELINE_COMPLETION_TIMEOUT_MS ?? 420_000) + 60_000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c7c25028616552a7 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:70
    const historyTurns = Number(process.env.REVIEW_PANE_HISTORY_TURNS ?? 72)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #55621aa9e5d80c50 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:103
  const completionTimeoutMs = Number(process.env.TIMELINE_COMPLETION_TIMEOUT_MS ?? 420_000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fd85978e9609c208 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:104
  const cpuThrottle = Number(process.env.TIMELINE_CPU_THROTTLE ?? 30)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fcac996da40eb206 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:105
  const deltaCount = Number(process.env.TIMELINE_DELTA_COUNT ?? 160)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1bb08d8c1a8e25bb Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:106
  const historyTurns = Number(process.env.TIMELINE_HISTORY_TURNS ?? 320)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7a8ead7ea6fab643 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:107
  const eventBatch = Number(process.env.TIMELINE_EVENT_BATCH ?? 1)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ad2a65a3e5d03b90 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:108
  const minimal = process.env.TIMELINE_MINIMAL === "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9c5e6973ac446206 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:109
  const profileCPU = process.env.TIMELINE_CPU_PROFILE === "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e5330b232bfac912 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:110
  const profileVisual = !minimal && profileCPU && process.env.TIMELINE_VISUAL_PROFILE !== "0"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6f850f60072c623f Environment-variable access.
repo/packages/app/e2e/performance/timeline/timeline-test-helpers.ts:83
  return `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6f7fb44ac10c9803 Environment-variable access.
repo/packages/app/e2e/performance/timeline/timeline-test-helpers.ts:87
  return Array.from({ length: Number(process.env.REVIEW_PANE_DIFF_COUNT ?? 72) }, (_, index) => {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3707d5bc8a221f03 Environment-variable access.
repo/packages/app/e2e/regression/new-session-panel-corner.spec.ts:7
const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c0a652e6d999a322 Environment-variable access.
repo/packages/app/e2e/regression/review-tab-switch.spec.ts:12
const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d9501dbe42eb6ce9 Environment-variable access.
repo/packages/app/e2e/regression/session-timeline-history-root.spec.ts:56
      server: `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #027d58f21e6e43e2 Environment-variable access.
repo/packages/app/e2e/regression/session-todo-dock-navigation.spec.ts:136
  const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e227bbdd6a32f79f Environment-variable access.
repo/packages/app/e2e/regression/session-todo-dock-navigation.spec.ts:157
  const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #03317b97cef628ec Environment-variable access.
repo/packages/app/e2e/regression/subagent-child-navigation.spec.ts:78
    (url) => url.pathname === "/session" && url.port === (process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cdba344369f066fb Environment-variable access.
repo/packages/app/e2e/regression/subagent-child-navigation.spec.ts:180
  const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #de91c368838a16a9 Environment-variable access.
repo/packages/app/e2e/regression/subagent-child-navigation.spec.ts:198
  const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #21d8cf74f1733061 Environment-variable access.
repo/packages/app/e2e/regression/terminal-tab-switch.spec.ts:13
const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d34dc26b1eaabbb4 Environment-variable access.
repo/packages/app/e2e/utils/mock-server.ts:49
    const targetPort = process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1126baf97e9462fb Environment-variable access.
repo/packages/app/e2e/utils/mock-server.ts:51
      process.env.PLAYWRIGHT_BASE_URL ?? `http://127.0.0.1:${process.env.PLAYWRIGHT_PORT ?? "3000"}`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2dae7102cebb606e Environment-variable access.
repo/packages/app/e2e/utils/visual-stability/capture.ts:13
  if (process.env.OPENCODE_STABILITY_CAPTURE !== "1") return

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0cb89ee535691bdd Filesystem access.
repo/packages/app/e2e/utils/visual-stability/reporter.ts:19
  await writeFile(tracePath, JSON.stringify(trace, null, 2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a12d05d00301990e Filesystem access.
repo/packages/app/e2e/utils/visual-stability/reporter.ts:20
  await writeFile(
    issuesPath,
    JSON.stringify({ issues, markers: result.markers, capturedFrameCount: result.frames.length }, null, 2),
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b621eab717c03070 Environment-variable access.
repo/packages/app/playwright.config.ts:3
const port = Number(process.env.PLAYWRIGHT_PORT ?? 3000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3121247600072eb3 Environment-variable access.
repo/packages/app/playwright.config.ts:4
const baseURL = process.env.PLAYWRIGHT_BASE_URL ?? `http://127.0.0.1:${port}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4fd4a5c977fbc2f9 Environment-variable access.
repo/packages/app/playwright.config.ts:5
const serverHost = process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #05489e2065a87bd5 Environment-variable access.
repo/packages/app/playwright.config.ts:6
const serverPort = process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b2fa765d47faf604 Environment-variable access.
repo/packages/app/playwright.config.ts:8
const reuse = !process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ab70aea7329443f1 Environment-variable access.
repo/packages/app/playwright.config.ts:9
const workers = Number(process.env.PLAYWRIGHT_WORKERS ?? (process.env.CI ? 5 : 0)) || undefined

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #13800b0dd04227fe Environment-variable access.
repo/packages/app/playwright.config.ts:12
  testIgnore: process.env.OPENCODE_PERFORMANCE === "1" ? "performance/**/*.test.ts" : "performance/**",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ad0d14a67c10a937 Environment-variable access.
repo/packages/app/playwright.config.ts:18
  fullyParallel: process.env.PLAYWRIGHT_FULLY_PARALLEL === "1",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d518979197dde5df Environment-variable access.
repo/packages/app/playwright.config.ts:19
  forbidOnly: !!process.env.CI,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #01454890d633ac55 Environment-variable access.
repo/packages/app/playwright.config.ts:20
  retries: process.env.CI ? 2 : 0,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #42e407cba3c367aa Environment-variable access.
repo/packages/app/vite.config.ts:6
  process.env.SENTRY_AUTH_TOKEN && process.env.SENTRY_ORG && process.env.SENTRY_PROJECT

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #78bf49d77206d30e Environment-variable access.
repo/packages/app/vite.config.ts:8
        authToken: process.env.SENTRY_AUTH_TOKEN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c38406e5c16be335 Environment-variable access.
repo/packages/app/vite.config.ts:9
        org: process.env.SENTRY_ORG,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5e79a099b8b884f6 Environment-variable access.
repo/packages/app/vite.config.ts:10
        project: process.env.SENTRY_PROJECT,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d9a4c3ed9d3a1c22 Environment-variable access.
repo/packages/app/vite.config.ts:13
          name: process.env.SENTRY_RELEASE ?? process.env.VITE_SENTRY_RELEASE,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9123da8a4a168a77 Environment-variable access.
repo/packages/app/vite.js:9
  const raw = process.env.OPENCODE_CHANNEL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3edd4868f0562436 Environment-variable access.
repo/packages/app/vite.js:11
  if (process.env.OPENCODE_CHANNEL === "latest") return "prod"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9a749d3783c38399 Filesystem access.
repo/packages/app/vite.js:42
        `<script id="oc-theme-preload-script">${readFileSync(theme, "utf8")}</script>`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e9c189e3c5075cf5 Filesystem access.
repo/packages/cli/bin/lildax.cjs:4
const fs = require("fs")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7c32c78380bec33e Environment-variable access.
repo/packages/cli/bin/lildax.cjs:32
const envPath = process.env.OPENCODE_BIN_PATH

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #61ecd2cc0595eca1 Filesystem access.
repo/packages/cli/bin/lildax.cjs:44
      return /(^|\s)avx2(\s|$)/i.test(fs.readFileSync("/proc/cpuinfo", "utf8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #98e44d1c5212a4f2 Filesystem access.
repo/packages/cli/script/build.ts:4
import fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d5a554d9179c25ac Filesystem access.
repo/packages/cli/script/build.ts:5
import { rm } from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5c1e5b9cd891300c Environment-variable access.
repo/packages/cli/script/generate.ts:1
const modelsUrl = process.env.OPENCODE_MODELS_URL || "https://models.dev"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c0c3f6fa9c2e07b1 Environment-variable access.
repo/packages/cli/script/generate.ts:3
export const modelsData = process.env.MODELS_DEV_API_JSON

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #82b372d9aefc6348 Environment-variable access.
repo/packages/cli/script/generate.ts:4
  ? await Bun.file(process.env.MODELS_DEV_API_JSON).text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #84124d9978408686 Filesystem access.
repo/packages/console/app/script/generate-sitemap.ts:2
import { readdir, writeFile } from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #564c28bc34a519b9 Filesystem access.
repo/packages/console/app/script/generate-sitemap.ts:103
  await writeFile(outputPath, xml, "utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #070ef8d9698b7bfe Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/console/app/src/component/email-signup.tsx:10
  const response = await fetch(`https://api.emailoctopus.com/lists/${listId}/contacts`, {
    method: "PUT",
    headers: {
      Authorization: `Bearer ${Resource.EMAILOCTOPUS_API_KEY.value}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      email_address: emailAddress,
    }),
  })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #07637196088e9a45 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/console/app/src/lib/changelog.ts:42
  const response = await fetch("https://api.github.com/repos/anomalyco/opencode/releases?per_page=20", {
    headers: {
      Accept: "application/vnd.github.v3+json",
      "User-Agent": "OpenCode-Console",
    },
    cf: {
      // best-effort edge caching (ignored outside Cloudflare)
      cacheTtl: 60 * 5,
      cacheEverything: true,
    },
  } as RequestInit).catch(() => undefined)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #26ed49a4cedb1a98 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/console/app/src/routes/api/enterprise.ts:39
  return fetch(`https://api.emailoctopus.com/lists/${EMAIL_OCTOPUS_LIST_ID}/contacts`, {
    method: "PUT",
    headers: {
      Authorization: `Bearer ${Resource.EMAILOCTOPUS_API_KEY.value}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify(payload),
  }).then(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #44a3a36cf543f750 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/console/app/src/routes/openapi.json.ts:2
  const response = await fetch(
    "https://raw.githubusercontent.com/anomalyco/opencode/refs/heads/dev/packages/sdk/openapi.json",
  )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #ab2c3f02ca94b197 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/console/function/src/auth.ts:112
          const emails = (await fetch("https://api.github.com/user/emails", {
            headers: {
              Authorization: `Bearer ${response.tokenset.access}`,
              "User-Agent": "opencode",
              Accept: "application/vnd.github+json",
            },
          }).then((x) => x.json())) as any

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #8544e75318840854 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/console/function/src/auth.ts:119
          const user = (await fetch("https://api.github.com/user", {
            headers: {
              Authorization: `Bearer ${response.tokenset.access}`,
              "User-Agent": "opencode",
              Accept: "application/vnd.github+json",
            },
          }).then((x) => x.json())) as any

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #92780f4a70e89b81 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/console/function/src/log-processor.ts:58
        fetch("https://api.honeycomb.io/1/batch/zen", {
          method: "POST",
          headers: {
            "Content-Type": "application/json",
            "X-Honeycomb-Team": Resource.HONEYCOMB_API_KEY.value,
          },
          body: JSON.stringify(events),
        }),

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #bcee7f88d45e4418 Environment-variable access.
repo/packages/containers/script/build.ts:10
const reg = process.env.REGISTRY ?? "ghcr.io/anomalyco"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fe0e9e010a862034 Environment-variable access.
repo/packages/containers/script/build.ts:11
const tag = process.env.TAG ?? "24.04"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3a066e73fa9ffe48 Environment-variable access.
repo/packages/containers/script/build.ts:12
const push = process.argv.includes("--push") || process.env.PUSH === "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a41388927af24e2f Filesystem access.
repo/packages/core/script/fix-node-pty.ts:3
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f2e2e89e727497e4 Filesystem access.
repo/packages/core/script/migration.ts:4
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d7f13ea629016731 Environment-variable access.
repo/packages/core/src/database/database.ts:50
    process.env.OPENCODE_DISABLE_CHANNEL_DB === "1" ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6bdaee763f3757bf Environment-variable access.
repo/packages/core/src/database/database.ts:51
    process.env.OPENCODE_DISABLE_CHANNEL_DB === "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5a8830007d10b33e Filesystem access.
repo/packages/core/src/file-mutation.ts:112
          const current = yield* fs
            .readFile(input.target.canonical)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4c4e59b747f193e2 Filesystem access.
repo/packages/core/src/file-mutation.ts:130
              : fs.writeFile(input.target.canonical, input.content, { flag: "wx" })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #97a591f721620553 Filesystem access.
repo/packages/core/src/file-mutation.ts:147
          const current = yield* fs.readFile(input.target.canonical)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #55b54ea57ab560da Filesystem access.
repo/packages/core/src/file-mutation.ts:153
            : fs.writeFile(input.target.canonical, input.content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #11db301138b257e8 Filesystem access.
repo/packages/core/src/filesystem.ts:83
          content: yield* fs.readFile(target.real).pipe(Effect.orDie),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8f2facdda2dc2b82 Environment-variable access.
repo/packages/core/src/flag/flag.ts:4
  const value = process.env[key]?.toLowerCase()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6d9771639b1c7e4d Environment-variable access.
repo/packages/core/src/flag/flag.ts:8
const copy = process.env["OPENCODE_EXPERIMENTAL_DISABLE_COPY_ON_SELECT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a64a2f1147d3a699 Environment-variable access.
repo/packages/core/src/flag/flag.ts:9
const fff = process.env["OPENCODE_DISABLE_FFF"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7f8e27604ed471cf Environment-variable access.
repo/packages/core/src/flag/flag.ts:12
  return process.env[key] === undefined ? truthy("OPENCODE_EXPERIMENTAL") : truthy(key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9411df4405a2925e Environment-variable access.
repo/packages/core/src/flag/flag.ts:16
  OTEL_EXPORTER_OTLP_ENDPOINT: process.env["OTEL_EXPORTER_OTLP_ENDPOINT"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #203f47d2ae5c065e Environment-variable access.
repo/packages/core/src/flag/flag.ts:17
  OTEL_EXPORTER_OTLP_HEADERS: process.env["OTEL_EXPORTER_OTLP_HEADERS"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f71bfcfbbcb68b8e Environment-variable access.
repo/packages/core/src/flag/flag.ts:20
  OPENCODE_GIT_BASH_PATH: process.env["OPENCODE_GIT_BASH_PATH"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #083bcde5219dc253 Environment-variable access.
repo/packages/core/src/flag/flag.ts:21
  OPENCODE_CONFIG: process.env["OPENCODE_CONFIG"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e5cd2526dfbcb75d Environment-variable access.
repo/packages/core/src/flag/flag.ts:22
  OPENCODE_CONFIG_CONTENT: process.env["OPENCODE_CONFIG_CONTENT"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9f7e9876c1b0804d Environment-variable access.
repo/packages/core/src/flag/flag.ts:31
  OPENCODE_FAKE_VCS: process.env["OPENCODE_FAKE_VCS"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c8d0d152f25e063d Environment-variable access.
repo/packages/core/src/flag/flag.ts:32
  OPENCODE_SERVER_PASSWORD: process.env["OPENCODE_SERVER_PASSWORD"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d64f90d805d54b4a Environment-variable access.
repo/packages/core/src/flag/flag.ts:33
  OPENCODE_SERVER_USERNAME: process.env["OPENCODE_SERVER_USERNAME"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #03f1b5e908ac972d Environment-variable access.
repo/packages/core/src/flag/flag.ts:45
  OPENCODE_MODELS_URL: process.env["OPENCODE_MODELS_URL"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8e8155022ced3fc3 Environment-variable access.
repo/packages/core/src/flag/flag.ts:46
  OPENCODE_MODELS_PATH: process.env["OPENCODE_MODELS_PATH"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b74f009b2ce7a33d Environment-variable access.
repo/packages/core/src/flag/flag.ts:47
  OPENCODE_DB: process.env["OPENCODE_DB"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0c168ce7cb0810c7 Environment-variable access.
repo/packages/core/src/flag/flag.ts:49
  OPENCODE_WORKSPACE_ID: process.env["OPENCODE_WORKSPACE_ID"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ac771f7a4f84b987 Environment-variable access.
repo/packages/core/src/flag/flag.ts:61
    return process.env["OPENCODE_TUI_CONFIG"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fb02bd50770b7695 Environment-variable access.
repo/packages/core/src/flag/flag.ts:64
    return process.env["OPENCODE_CONFIG_DIR"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2bafae0a9c303afb Environment-variable access.
repo/packages/core/src/flag/flag.ts:70
    return process.env["OPENCODE_PERMISSION"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a53db52a65fa2fbe Environment-variable access.
repo/packages/core/src/flag/flag.ts:73
    return process.env["OPENCODE_PLUGIN_META_FILE"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #abafe00fc2eda2cd Environment-variable access.
repo/packages/core/src/flag/flag.ts:76
    return process.env["OPENCODE_CLIENT"] ?? "cli"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #81270619169f1f01 Filesystem access.
repo/packages/core/src/fs-util.ts:3
import { realpathSync } from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9676d9e2c73f4680 Filesystem access.
repo/packages/core/src/fs-util.ts:4
import * as NFS from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fdf4c4ce152bc6b9 Filesystem access.
repo/packages/core/src/global.ts:2
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #edea1d539307c970 Environment-variable access.
repo/packages/core/src/global.ts:19
    return process.env.OPENCODE_TEST_HOME ?? os.homedir()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3b7c21ac72108b86 Environment-variable access.
repo/packages/core/src/integration.ts:298
        .flatMap((method) => method.names.filter((name) => process.env[name]))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a55d78b21c0189ae Environment-variable access.
repo/packages/core/src/integration.ts:387
            const key = process.env[connection.name]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e4d7b5c2b9839eef Environment-variable access.
repo/packages/core/src/observability/logging.ts:57
  const value = process.env.OPENCODE_LOG_LEVEL?.toUpperCase()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c4d9c4971a0dd6bc Environment-variable access.
repo/packages/core/src/observability/logging.ts:68
  return process.env.OPENCODE_PRINT_LOGS === "1" ? [fileLogger(), stderrLogger] : [fileLogger()]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5bcf9b35358ed194 Environment-variable access.
repo/packages/core/src/observability/otlp.ts:21
  const value = process.env.OTEL_RESOURCE_ATTRIBUTES

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3c2b776705fc8b6b Environment-variable access.
repo/packages/core/src/plugin/provider/amazon-bedrock.ts:85
        const profile = typeof options.profile === "string" ? options.profile : process.env.AWS_PROFILE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f34a0d3172a593ab Environment-variable access.
repo/packages/core/src/plugin/provider/amazon-bedrock.ts:86
        const region = typeof options.region === "string" ? options.region : (process.env.AWS_REGION ?? "us-east-1")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #59151de82d0b8d91 Environment-variable access.
repo/packages/core/src/plugin/provider/amazon-bedrock.ts:88
          process.env.AWS_BEARER_TOKEN_BEDROCK ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #33dc957eba3d17ad Environment-variable access.
repo/packages/core/src/plugin/provider/amazon-bedrock.ts:90
        if (bearerToken && !process.env.AWS_BEARER_TOKEN_BEDROCK) process.env.AWS_BEARER_TOKEN_BEDROCK = bearerToken

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dd08544e4712acd7 Environment-variable access.
repo/packages/core/src/plugin/provider/amazon-bedrock.ts:92
          process.env.AWS_CONTAINER_CREDENTIALS_RELATIVE_URI || process.env.AWS_CONTAINER_CREDENTIALS_FULL_URI,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5e2014b49cae6ba7 Environment-variable access.
repo/packages/core/src/plugin/provider/amazon-bedrock.ts:121
        const region = typeof evt.options.region === "string" ? evt.options.region : process.env.AWS_REGION

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #92e4cd57b6f57ba9 Environment-variable access.
repo/packages/core/src/plugin/provider/azure.ts:23
            typeof configured === "string" && configured.trim() !== "" ? configured : process.env.AZURE_RESOURCE_NAME

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e52ce6cf98a51c95 Environment-variable access.
repo/packages/core/src/plugin/provider/azure.ts:63
        const resourceName = process.env.AZURE_COGNITIVE_SERVICES_RESOURCE_NAME

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3639ab8726046fba Environment-variable access.
repo/packages/core/src/plugin/provider/cloudflare-ai-gateway.ts:47
  const accountId = process.env.CLOUDFLARE_ACCOUNT_ID ?? stringOption(options, "accountId")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e9db4e5acb24d2d4 Environment-variable access.
repo/packages/core/src/plugin/provider/cloudflare-ai-gateway.ts:51
    process.env.CLOUDFLARE_GATEWAY_ID ?? stringOption(options, "gatewayId") ?? stringOption(options, "gateway")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a22f5f5d675a01fe Environment-variable access.
repo/packages/core/src/plugin/provider/cloudflare-ai-gateway.ts:52
  const apiKey = process.env.CLOUDFLARE_API_TOKEN ?? process.env.CF_AIG_TOKEN ?? stringOption(options, "apiKey")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fac86d6716a2361f Environment-variable access.
repo/packages/core/src/plugin/provider/cloudflare-workers-ai.ts:50
  return process.env.CLOUDFLARE_ACCOUNT_ID ?? stringOption(options, "accountId")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #82a631bf42e86e9f Environment-variable access.
repo/packages/core/src/plugin/provider/cloudflare-workers-ai.ts:65
    apiKey: process.env.CLOUDFLARE_API_KEY ?? options.apiKey,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bfcee0c582a6120b Environment-variable access.
repo/packages/core/src/plugin/provider/cloudflare-workers-ai.ts:76
  return baseURL.replaceAll("${CLOUDFLARE_ACCOUNT_ID}", process.env.CLOUDFLARE_ACCOUNT_ID ?? "${CLOUDFLARE_ACCOUNT_ID}")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3cc6d7ae48abf892 Environment-variable access.
repo/packages/core/src/plugin/provider/gitlab.ts:19
              : (process.env.GITLAB_INSTANCE_URL ?? "https://gitlab.com"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ce0307ea0a555814 Environment-variable access.
repo/packages/core/src/plugin/provider/gitlab.ts:20
          apiKey: typeof evt.options.apiKey === "string" ? evt.options.apiKey : process.env.GITLAB_TOKEN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9641684b8ef2911c Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:10
    process.env.GOOGLE_VERTEX_PROJECT ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bf52f3ad2acdb95b Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:11
    process.env.GOOGLE_CLOUD_PROJECT ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c4e728948db4d7a9 Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:12
    process.env.GCP_PROJECT ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bcc67e8fa5d76eb3 Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:13
    process.env.GCLOUD_PROJECT

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f68244a9d6418312 Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:20
    process.env.GOOGLE_VERTEX_LOCATION ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7291de7dc4b96b71 Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:21
    process.env.GOOGLE_CLOUD_LOCATION ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5a3568b02b81a06c Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:22
    process.env.VERTEX_LOCATION ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #287a3bed5e4e40cf Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:125
            process.env.GOOGLE_CLOUD_PROJECT ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0d441c4c7a9acc82 Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:126
            process.env.GCP_PROJECT ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c224def0dce7d291 Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:127
            process.env.GCLOUD_PROJECT

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5b0390bee4cdefd3 Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:130
            process.env.GOOGLE_CLOUD_LOCATION ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d2e6c1e7bee81ce9 Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:131
            process.env.VERTEX_LOCATION ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f3acc8d3ed53eb1c Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:147
            : (process.env.GOOGLE_CLOUD_PROJECT ?? process.env.GCP_PROJECT ?? process.env.GCLOUD_PROJECT)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a461a596c3f766df Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:151
            : (process.env.GOOGLE_CLOUD_LOCATION ?? process.env.VERTEX_LOCATION ?? "global")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #ff640c4192738a1a Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/core/src/plugin/provider/openai.ts:122
                fetch(`${issuer}/api/accounts/deviceauth/token`, {
                  method: "POST",
                  headers: headers("application/json"),
                  body: JSON.stringify({ device_auth_id: device.device_auth_id, user_code: device.user_code }),
                  signal,
                }),

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #f1f9678c1edf8ef0 Environment-variable access.
repo/packages/core/src/plugin/provider/opencode.ts:167
      const hasKey = Boolean(process.env.OPENCODE_API_KEY || connected || item.provider.request.body.apiKey)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #648202a3f5c982b7 Environment-variable access.
repo/packages/core/src/plugin/provider/sap-ai-core.ts:15
          process.env.AICORE_SERVICE_KEY ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d950736e83c9805c Environment-variable access.
repo/packages/core/src/plugin/provider/sap-ai-core.ts:17
        if (serviceKey && !process.env.AICORE_SERVICE_KEY) process.env.AICORE_SERVICE_KEY = serviceKey

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fb5e4b8fc7595167 Environment-variable access.
repo/packages/core/src/plugin/provider/sap-ai-core.ts:34
            ? { deploymentId: process.env.AICORE_DEPLOYMENT_ID, resourceGroup: process.env.AICORE_RESOURCE_GROUP }

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0b6b6e76acd8cb8e Environment-variable access.
repo/packages/core/src/plugin/provider/snowflake-cortex.ts:74
          process.env.SNOWFLAKE_CORTEX_TOKEN ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8b36fb920425f91e Environment-variable access.
repo/packages/core/src/plugin/provider/snowflake-cortex.ts:75
          process.env.SNOWFLAKE_CORTEX_PAT ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d6ac014ebad3f33b Environment-variable access.
repo/packages/core/src/repository.ts:169
  const base = process.env.OPENCODE_REPO_CLONE_GITHUB_BASE_URL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0c0b80d4e49e5e83 Filesystem access.
repo/packages/core/src/shell.ts:5
import { readFile } from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #becccb2b928c6c99 Filesystem access.
repo/packages/core/src/shell.ts:6
import { statSync } from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ca50f3a33129be50 Environment-variable access.
repo/packages/core/src/shell.ts:101
      [which("pwsh"), which("powershell"), gitbash(), process.env.COMSPEC || "cmd.exe"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #45be702f1bdbef51 Filesystem access.
repo/packages/core/src/shell.ts:109
  const text = await readFile("/etc/shells", "utf8").catch(() => "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c2f623ccedc7bbe0 Environment-variable access.
repo/packages/core/src/shell.ts:207
  defaultPreferred ??= select(process.env.SHELL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2d08b88900e7697a Environment-variable access.
repo/packages/core/src/shell.ts:216
  defaultAcceptable ??= select(process.env.SHELL, { acceptable: true })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e7491cd31559339a Filesystem access.
repo/packages/core/src/tool/apply-patch.ts:139
                    const source = yield* fs.readFile(target.canonical)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d5070361866d986c Environment-variable access.
repo/packages/core/src/tool/bash.ts:49
const defaultShell = () => (process.platform === "win32" ? (process.env.COMSPEC ?? "cmd.exe") : "/bin/sh")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fa327e2260b4edd6 Filesystem access.
repo/packages/core/src/tool/edit.ts:161
                const source = decodeUtf8(yield* unableToEdit(fs.readFile(target.canonical)))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6a73cbd21dc81876 Environment-variable access.
repo/packages/core/src/tool/websearch.ts:76
      process.env.OPENCODE_WEBSEARCH_PROVIDER === "exa" || process.env.OPENCODE_WEBSEARCH_PROVIDER === "parallel"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #476b6c437fe6e94a Environment-variable access.
repo/packages/core/src/tool/websearch.ts:77
        ? process.env.OPENCODE_WEBSEARCH_PROVIDER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f54a8dba731f62fd Environment-variable access.
repo/packages/core/src/tool/websearch.ts:81
    exaApiKey: process.env.EXA_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b00ff9f2418afd61 Environment-variable access.
repo/packages/core/src/tool/websearch.ts:82
    parallelApiKey: process.env.PARALLEL_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #daaedfe48cef6494 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/core/src/tool/websearch.ts:147
  const url = new URL(EXA_URL)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #415e5484578a56a8 Filesystem access.
repo/packages/core/src/util/flock.ts:4
import { mkdir, readFile, rm, stat, utimes, writeFile } from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6f120d1007e0ee09 Environment-variable access.
repo/packages/core/src/util/which.ts:6
  const base = env?.PATH ?? env?.Path ?? process.env.PATH ?? process.env.Path ?? ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e58b0a1688767925 Environment-variable access.
repo/packages/core/src/util/which.ts:11
    pathExt: env?.PATHEXT ?? env?.PathExt ?? process.env.PATHEXT ?? process.env.PathExt,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1776e2628a315c6b Environment-variable access.
repo/packages/desktop/electron-builder.config.test.ts:14
    const previous = process.env.OPENCODE_CHANNEL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5012129fcfa7ae1d Environment-variable access.
repo/packages/desktop/electron-builder.config.test.ts:15
    process.env.OPENCODE_CHANNEL = channel.channel

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #71e25833467731c8 Environment-variable access.
repo/packages/desktop/electron-builder.config.test.ts:20
    if (previous === undefined) delete process.env.OPENCODE_CHANNEL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f15698f6c5d06b27 Environment-variable access.
repo/packages/desktop/electron-builder.config.test.ts:21
    else process.env.OPENCODE_CHANNEL = previous

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8dcecb9f5c828abf Environment-variable access.
repo/packages/desktop/electron-builder.config.test.ts:31
  const previous = process.env.OPENCODE_CHANNEL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6ac82c4463b185fc Environment-variable access.
repo/packages/desktop/electron-builder.config.test.ts:32
  process.env.OPENCODE_CHANNEL = "prod"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4c135867d269ae11 Environment-variable access.
repo/packages/desktop/electron-builder.config.test.ts:37
  if (previous === undefined) delete process.env.OPENCODE_CHANNEL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #77042e26332bb2dc Environment-variable access.
repo/packages/desktop/electron-builder.config.test.ts:38
  else process.env.OPENCODE_CHANNEL = previous

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #01c03b6bc5a8be8d Environment-variable access.
repo/packages/desktop/electron-builder.config.ts:20
  if (process.env.GITHUB_ACTIONS !== "true") return

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #25cf629f64347d83 Environment-variable access.
repo/packages/desktop/electron-builder.config.ts:30
  const raw = process.env.OPENCODE_CHANNEL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #314b72574d463d09 Environment-variable access.
repo/packages/desktop/electron.vite.config.ts:9
  const raw = process.env.OPENCODE_CHANNEL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #53b12e6bbeef349c Environment-variable access.
repo/packages/desktop/electron.vite.config.ts:11
  if (process.env.OPENCODE_CHANNEL === "latest") return "prod"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b559cbb5ee3cd232 Environment-variable access.
repo/packages/desktop/electron.vite.config.ts:18
  process.env.SENTRY_AUTH_TOKEN && process.env.SENTRY_ORG && process.env.SENTRY_PROJECT

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #65891138d8fdafab Environment-variable access.
repo/packages/desktop/electron.vite.config.ts:20
        authToken: process.env.SENTRY_AUTH_TOKEN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4bdc4b953c97fef6 Environment-variable access.
repo/packages/desktop/electron.vite.config.ts:21
        org: process.env.SENTRY_ORG,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6037c711061d9463 Environment-variable access.
repo/packages/desktop/electron.vite.config.ts:22
        project: process.env.SENTRY_PROJECT,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b21441b1434da9a7 Environment-variable access.
repo/packages/desktop/electron.vite.config.ts:25
          name: process.env.SENTRY_RELEASE ?? process.env.VITE_SENTRY_RELEASE,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #64aec405690b62e2 Filesystem access.
repo/packages/desktop/electron.vite.config.ts:76
            await fs.writeFile(`./out/main/chunks/${l}`, await fs.readFile(`${OPENCODE_SERVER_DIST}/${l}`))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2b7dd02cc6cee826 Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-json.ts:16
const repo = process.env.GH_REPO

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6717baf6685d221a Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-json.ts:19
const releaseId = process.env.OPENCODE_RELEASE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2e7fa2471c5ff1c4 Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-json.ts:22
const version = process.env.OPENCODE_VERSION

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #44f6a7e6627e9ab3 Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-json.ts:25
const dir = process.env.LATEST_YML_DIR

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9625b79a70c01f41 Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-json.ts:29
const token = process.env.GH_TOKEN ?? process.env.GITHUB_TOKEN

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5874b83039c1589c Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-json.ts:126
  const tmp = process.env.RUNNER_TEMP ?? "/tmp"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #541df8cf048f9e55 Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-json.ts:207
const tmp = process.env.RUNNER_TEMP ?? "/tmp"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6e201ecb862427f2 Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-yml.ts:6
const dir = process.env.LATEST_YML_DIR!

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d31aeaf730b19de4 Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-yml.ts:9
const repo = process.env.GH_REPO

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b8469b016aa45ed7 Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-yml.ts:12
const version = process.env.OPENCODE_VERSION

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #60768c6659f5bc2a Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-yml.ts:115
const tmp = process.env.RUNNER_TEMP ?? "/tmp"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ac3422fe8f05b530 Environment-variable access.
repo/packages/desktop/scripts/predev.ts:3
await $`bun ./scripts/copy-icons.ts ${process.env.OPENCODE_CHANNEL ?? "dev"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #395577a97cd6de10 Environment-variable access.
repo/packages/desktop/scripts/utils.ts:66
  if (process.platform === "win32" && process.env.GITHUB_ACTIONS === "true") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c805e31b48421e78 Environment-variable access.
repo/packages/desktop/src/main/apps.ts:27
  const home = process.env.HOME

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6b12a4a69359b977 Filesystem access.
repo/packages/desktop/src/main/apps.ts:58
    const content = await readFile(path, "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ec83021b2ed6e831 Filesystem access.
repo/packages/desktop/src/main/attachment-picker.test.ts:27
      await writeFile(file, "lorem ipsum")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #45fc73f62d6f7618 Filesystem access.
repo/packages/desktop/src/main/attachment-picker.test.ts:38
      await writeFile(file, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e8a6c443fdd92002 Environment-variable access.
repo/packages/desktop/src/main/index.ts:56
const TEST_ONBOARDING = process.env.OPENCODE_TEST_ONBOARDING === "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f1e66f47e23278c5 Environment-variable access.
repo/packages/desktop/src/main/index.ts:90
    const items = (process.env[key] ?? "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8cd55369eba9ff3d Environment-variable access.
repo/packages/desktop/src/main/index.ts:100
    process.env[key] = items.join(",")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a9a6f6a458517b68 Environment-variable access.
repo/packages/desktop/src/main/index.ts:115
  process.env.OPENCODE_DISABLE_EMBEDDED_WEB_UI = "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b446a3393a0b3a44 Environment-variable access.
repo/packages/desktop/src/main/index.ts:126
    process.env.OPENCODE_DB = ":memory:"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #deaaaf083580f83f Environment-variable access.
repo/packages/desktop/src/main/index.ts:127
    process.env.XDG_DATA_HOME = join(root, "data")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a6378f0a980d51ff Environment-variable access.
repo/packages/desktop/src/main/index.ts:128
    process.env.XDG_CONFIG_HOME = join(root, "config")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a1a8fef4b372b111 Environment-variable access.
repo/packages/desktop/src/main/index.ts:129
    process.env.XDG_CACHE_HOME = join(root, "cache")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1682bc90a68a399f Environment-variable access.
repo/packages/desktop/src/main/index.ts:130
    process.env.XDG_STATE_HOME = join(root, "state")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #279772fa82e67ee6 Environment-variable access.
repo/packages/desktop/src/main/index.ts:308
    const fromEnv = process.env.OPENCODE_PORT

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b67ea9e590d4e436 Filesystem access.
repo/packages/desktop/src/main/logging.ts:93
    const contents = readFileSync(path, "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #39b224c0f53e8707 Environment-variable access.
repo/packages/desktop/src/main/logging.ts:153
  const xdgData = process.env.XDG_DATA_HOME || join(homedir(), ".local", "share")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9d5ac2f5bee2a007 Filesystem access.
repo/packages/desktop/src/main/logging.ts:184
    const data = entry.data ?? readFileSync(entry.path!)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #718a28650d5f256a Filesystem access.
repo/packages/desktop/src/main/logging.ts:188
  writeFileSync(output, Buffer.from(await zip.arrayBuffer()))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #645ee6e6517bfe3e Environment-variable access.
repo/packages/desktop/src/main/migrate.ts:18
      return join(process.env.APPDATA ?? join(homedir(), "AppData", "Roaming"), id)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f2ecbefd203eeaa5 Environment-variable access.
repo/packages/desktop/src/main/migrate.ts:20
      return join(process.env.XDG_DATA_HOME ?? join(homedir(), ".local", "share"), id)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2fa8a250e0fc4961 Filesystem access.
repo/packages/desktop/src/main/migrate.ts:42
    data = JSON.parse(readFileSync(datPath, "utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3acbb5bc8855f8d0 Environment-variable access.
repo/packages/desktop/src/main/server.ts:51
    XDG_STATE_HOME: process.env.XDG_STATE_HOME ?? userDataPath,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0befda49ab3e0d15 Environment-variable access.
repo/packages/desktop/src/main/shell-env.ts:19
    return resolveUserShell(process.env.SHELL, userInfo().shell)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b36ec81119621b31 Environment-variable access.
repo/packages/desktop/src/main/shell-env.ts:21
    return resolveUserShell(process.env.SHELL, undefined)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d9556b8aa790e642 Environment-variable access.
repo/packages/desktop/src/main/sidecar.ts:87
    XDG_STATE_HOME: process.env.XDG_STATE_HOME ?? userDataPath,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #39e09d02347c9c44 Environment-variable access.
repo/packages/desktop/src/main/sidecar.ts:94
    const items = (process.env[key] ?? "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7e266ca2afb6b4a3 Environment-variable access.
repo/packages/desktop/src/main/sidecar.ts:104
    process.env[key] = items.join(",")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e874c8272ed77089 Filesystem access.
repo/packages/desktop/src/main/store-cleanup.test.ts:16
  await writeFile(join(root, name), value)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #da08b589a575e652 Filesystem access.
repo/packages/desktop/src/main/store-cleanup.ts:84
  const raw = await readFile(file, "utf8").catch(() => undefined)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1f0b281c756a2228 Environment-variable access.
repo/packages/desktop/src/main/windows.ts:292
  const devUrl = process.env.ELECTRON_RENDERER_URL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #53772606a2a81ae0 Environment-variable access.
repo/packages/desktop/src/main/windows.ts:455
  const devUrl = process.env.ELECTRON_RENDERER_URL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6d3a059c212aba11 Environment-variable access.
repo/packages/desktop/src/main/wsl/runtime.ts:389
  const root = process.env.SystemRoot ?? process.env.windir

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ee46f77ec44ae292 Environment-variable access.
repo/packages/enterprise/vite.config.ts:7
  const target = process.env.OPENCODE_DEPLOYMENT_TARGET

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9e767462ff3fce02 Environment-variable access.
repo/packages/enterprise/vite.config.ts:26
      baseURL: process.env.OPENCODE_BASE_URL,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #9b71580c4143ba7b Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/function/src/api.ts:271
    const JWKS = createRemoteJWKSet(new URL(JWKS_URL))

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #b6e3b77138bc93e3 Filesystem access.
repo/packages/http-recorder/script/verify-package.ts:16
    await writeFile(
      path.join(directory, "package.json"),
      JSON.stringify({ name: "http-recorder-consumer", private: true, type: "module" }),
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4b4017dbd94663b7 Filesystem access.
repo/packages/http-recorder/script/verify-package.ts:20
    await writeFile(
      path.join(directory, "consumer.ts"),
      `import { HttpRecorder } from "@opencode-ai/http-recorder"
import { NodeSocket } from "@effect/platform-node"
import { Layer } from "effect"
import { HttpClient } from "effect/unstable/http"
import { Socket } from "effect/unstable/socket"

const options: HttpRecorder.RecorderOptions = { redact: { jsonFields: ["access_token"] } }
HttpRecorder.http("consumer", options) satisfies Layer.Layer<HttpClient.HttpClient>
HttpRecorder.socket("consumer/socket", options).pipe(
  Layer.provide(NodeSocket.layerWebSocket("wss://example.test")),
) satisfies Layer.Layer<Socket.Socket>
`,
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dddb7275d883018c Filesystem access.
repo/packages/http-recorder/script/verify-package.ts:35
    await writeFile(
      path.join(directory, "tsconfig.json"),
      JSON.stringify({
        compilerOptions: {
          target: "ES2022",
          module: "NodeNext",
          moduleResolution: "NodeNext",
          strict: true,
          noEmit: true,
          // Required by [email protected]: its schema.d.ts references an undeclared SchemaErrorTypeId.
          skipLibCheck: true,
          lib: ["ES2022", "DOM", "ESNext.Disposable"],
        },
        include: ["consumer.ts"],
      }),
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #80d4e2f9f6106faa Environment-variable access.
repo/packages/http-recorder/src/recorder.ts:7
  const value = process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #034e5cf35ca40ae6 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/llm/script/recording-cost-report.ts:219
const models = (await (await fetch(MODELS_DEV_URL)).json()) as JsonRecord

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #71e59af342984b1f Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/llm/script/setup-recording-env.ts:44
      HttpClientRequest.get("https://api.anthropic.com/v1/models").pipe(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #0bd270e8e0e1faef Environment-variable access.
repo/packages/llm/script/setup-recording-env.ts:290
  if (process.env[name]) return "shell"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #65336a5598f6e580 Filesystem access.
repo/packages/opencode/bin/opencode:4
const fs = require("fs")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0af3e20af7f30aa1 Environment-variable access.
repo/packages/opencode/bin/opencode:46
const envPath = process.env.OPENCODE_BIN_PATH

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #36f8a937a462cfed Filesystem access.
repo/packages/opencode/bin/opencode:81
      return /(^|\s)avx2(\s|$)/i.test(fs.readFileSync("/proc/cpuinfo", "utf8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #10a3143df232705e Filesystem access.
repo/packages/opencode/script/build.ts:4
import fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #60973d43d8731c18 Environment-variable access.
repo/packages/opencode/script/build.ts:240
  await $`gh release upload v${Script.version} ./dist/*.zip ./dist/*.tar.gz --clobber --repo ${process.env.GH_REPO}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d7a31f4147f33cf9 Environment-variable access.
repo/packages/opencode/script/generate.ts:10
const modelsUrl = process.env.OPENCODE_MODELS_URL || "https://models.dev"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8cd3dabe3263dd49 Environment-variable access.
repo/packages/opencode/script/generate.ts:11
export const modelsData = process.env.MODELS_DEV_API_JSON

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6f481fa9698a95c9 Environment-variable access.
repo/packages/opencode/script/generate.ts:12
  ? await Bun.file(process.env.MODELS_DEV_API_JSON).text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2ae1a459df68f39d Filesystem access.
repo/packages/opencode/script/postinstall.mjs:4
import fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2f41a836fa0387b7 Filesystem access.
repo/packages/opencode/script/postinstall.mjs:12
const packageJson = JSON.parse(fs.readFileSync(path.join(__dirname, "package.json"), "utf8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b9b803e90fdf54ae Filesystem access.
repo/packages/opencode/script/postinstall.mjs:36
      return /(^|\s)avx2(\s|$)/i.test(fs.readFileSync("/proc/cpuinfo", "utf8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b7af077faed2fae7 Environment-variable access.
repo/packages/opencode/script/publish.ts:199
  const token = process.env.GITHUB_TOKEN

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #55c94b99b631bd01 Environment-variable access.
repo/packages/opencode/specs/v2/api.ts:28
  value: process.env.OPENAI_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #97fa399fc6c8341b Environment-variable access.
repo/packages/opencode/src/acp/profile.ts:1
const enabled = process.env.OPENCODE_ACP_PROFILE === "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #98238ef08a50de4d Environment-variable access.
repo/packages/opencode/src/auth/index.ts:59
      if (process.env.OPENCODE_AUTH_CONTENT) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b4fed5abc50f95a1 Environment-variable access.
repo/packages/opencode/src/auth/index.ts:61
          return JSON.parse(process.env.OPENCODE_AUTH_CONTENT)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fda006c814845d59 Environment-variable access.
repo/packages/opencode/src/cli/cmd/acp.ts:23
    process.env.OPENCODE_CLIENT = "acp"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d5675b4cbf555904 Filesystem access.
repo/packages/opencode/src/cli/cmd/agent.ts:6
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #270147554b680dc4 Environment-variable access.
repo/packages/opencode/src/cli/cmd/debug/index.ts:56
    const termProgram = process.env.TERM_PROGRAM

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #13e6b9dd6a143490 Environment-variable access.
repo/packages/opencode/src/cli/cmd/debug/index.ts:57
      ? `${process.env.TERM_PROGRAM}${process.env.TERM_PROGRAM_VERSION ? ` ${process.env.TERM_PROGRAM_VERSION}` : ""}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e74d0ad7680591dc Environment-variable access.
repo/packages/opencode/src/cli/cmd/debug/index.ts:59
    const terminal = [termProgram, process.env.TERM].filter((item): item is string => Boolean(item)).join(" / ")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4ba40e203c6ee4b8 Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:406
    const variant = process.env["VARIANT"] || undefined

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #11102b6bd8f10cc7 Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:471
        const githubToken = process.env["GITHUB_TOKEN"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d4a44c38a83c9a59 Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:656
      const value = process.env["MODEL"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #520f23f6a47b55fd Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:667
      const value = process.env["GITHUB_RUN_ID"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d60726c5470030ce Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:673
      const value = process.env["SHARE"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a7068b15ee7a56fe Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:681
      const value = process.env["USE_GITHUB_TOKEN"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6c5f951c196c41ad Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:689
      const value = process.env["OIDC_BASE_URL"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ee5545d722704c26 Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:724
      const customPrompt = process.env["PROMPT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9a50c371a219b75b Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:739
      const mentions = (process.env["MENTIONS"] || "/opencode,/oc")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #7d8052d86718f4df Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/cli/cmd/github.handler.ts:1583
      await fetch("https://api.github.com/installation/token", {
        method: "DELETE",
        headers: {
          Authorization: `Bearer ${appToken}`,
          Accept: "application/vnd.github+json",
          "X-GitHub-Api-Version": "2022-11-28",
        },
      })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #be600e6990dd510f Environment-variable access.
repo/packages/opencode/src/cli/cmd/providers.ts:277
        if (process.env[envVar]) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7b79aa4aed73b615 Environment-variable access.
repo/packages/opencode/src/cli/cmd/run.ts:333
      const root = Filesystem.resolve(process.env.PWD ?? process.cwd())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4968f16285243013 Filesystem access.
repo/packages/opencode/src/cli/cmd/run/runtime.stdin.ts:1
import fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fedb4966a2b02667 Filesystem access.
repo/packages/opencode/src/cli/cmd/run/trace.ts:14
import fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3c6ec2b081c7cbd3 Environment-variable access.
repo/packages/opencode/src/cli/cmd/run/trace.ts:58
  if (!process.env.OPENCODE_DIRECT_TRACE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c2c3dfe432dd37bc Filesystem access.
repo/packages/opencode/src/cli/cmd/run/trace.ts:65
  fs.writeFileSync(
    latest(),
    text({
      time: new Date().toISOString(),
      pid: process.pid,
      cwd: process.cwd(),
      argv: process.argv.slice(2),
      path: target,
    }) + "\n",
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2dc411132d1a7c9e Environment-variable access.
repo/packages/opencode/src/cli/cmd/tui.ts:66
export function resolveThreadDirectory(project?: string, envPWD = process.env.PWD, cwd = process.cwd()) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f075834d85057ae9 Filesystem access.
repo/packages/opencode/src/cli/cmd/uninstall.ts:6
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #13961af3ef34fb49 Environment-variable access.
repo/packages/opencode/src/cli/cmd/uninstall.ts:236
  const shell = path.basename(process.env.SHELL || "bash")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ec4993aa86be17b1 Environment-variable access.
repo/packages/opencode/src/cli/cmd/uninstall.ts:238
  const xdgConfig = process.env.XDG_CONFIG_HOME || path.join(home, ".config")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0e641a131a07da33 Filesystem access.
repo/packages/opencode/src/config/config.ts:9
import fsNode from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #52ded48ffc6b7d4c Filesystem access.
repo/packages/opencode/src/config/config.ts:15
import { existsSync } from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7e2ac0536368b1c9 Filesystem access.
repo/packages/opencode/src/config/config.ts:271
              await fsNode.writeFile(path.join(Global.Path.config, "config.json"), JSON.stringify(result, null, 2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #51d39ead8464fd22 Environment-variable access.
repo/packages/opencode/src/config/config.ts:468
        if (process.env.OPENCODE_CONFIG_CONTENT) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #10a92fe1e65d2780 Environment-variable access.
repo/packages/opencode/src/config/config.ts:470
          const next = yield* loadConfig(process.env.OPENCODE_CONFIG_CONTENT, {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cca6ac53c4740eea Environment-variable access.
repo/packages/opencode/src/config/config.ts:491
              process.env["OPENCODE_CONSOLE_TOKEN"] = tokenOpt.value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6cf713a7450a2b3b Filesystem access.
repo/packages/opencode/src/config/managed.ts:3
import { existsSync } from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e05c946cf37cc3c3 Environment-variable access.
repo/packages/opencode/src/config/managed.ts:25
      return path.join(process.env.ProgramData || "C:\\ProgramData", "opencode")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eb0c07dcb0a85712 Environment-variable access.
repo/packages/opencode/src/config/managed.ts:32
  return process.env.OPENCODE_TEST_MANAGED_CONFIG_DIR || systemManagedConfigDir()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8b45791d7c04246f Environment-variable access.
repo/packages/opencode/src/config/variable.ts:37
    return (input.env?.[varName] ?? process.env[varName]) || ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b8f9161950fbc670 Filesystem access.
repo/packages/opencode/src/control-plane/dev/debug-workspace-plugin.ts:30
  await writeFile(
    DEV_DATA_TEMP_FILE,
    JSON.stringify(
      {
        port,
        id,
        env,
      },
      null,
      2,
    ),
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fdacd6deabf4bcc3 Environment-variable access.
repo/packages/opencode/src/control-plane/workspace.ts:533
        OTEL_EXPORTER_OTLP_HEADERS: process.env.OTEL_EXPORTER_OTLP_HEADERS,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c1ce60c35b8cfe39 Environment-variable access.
repo/packages/opencode/src/control-plane/workspace.ts:534
        OTEL_EXPORTER_OTLP_ENDPOINT: process.env.OTEL_EXPORTER_OTLP_ENDPOINT,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c0c5ba98f2061852 Environment-variable access.
repo/packages/opencode/src/control-plane/workspace.ts:535
        OTEL_RESOURCE_ATTRIBUTES: process.env.OTEL_RESOURCE_ATTRIBUTES,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f3045d01f87b38b8 Environment-variable access.
repo/packages/opencode/src/ide/index.ts:23
  if (process.env["TERM_PROGRAM"] === "vscode") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f6187ba2b92e2bd8 Environment-variable access.
repo/packages/opencode/src/ide/index.ts:24
    const v = process.env["GIT_ASKPASS"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a275b31a937ddf9e Environment-variable access.
repo/packages/opencode/src/ide/index.ts:33
  return process.env["OPENCODE_CALLER"] === "vscode" || process.env["OPENCODE_CALLER"] === "vscode-insiders"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f7353537e5f54061 Environment-variable access.
repo/packages/opencode/src/index.ts:67
    if (opts.printLogs) process.env.OPENCODE_PRINT_LOGS = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #77b7060bf2ce2c86 Environment-variable access.
repo/packages/opencode/src/index.ts:68
    if (opts.logLevel) process.env.OPENCODE_LOG_LEVEL = opts.logLevel

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #547893d6bc818368 Environment-variable access.
repo/packages/opencode/src/index.ts:70
      process.env.OPENCODE_PURE = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7b746fabe53468a1 Environment-variable access.
repo/packages/opencode/src/index.ts:75
    process.env.AGENT = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #213aaddb96894f1a Environment-variable access.
repo/packages/opencode/src/index.ts:76
    process.env.OPENCODE = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f1aaa1f82aaa1689 Environment-variable access.
repo/packages/opencode/src/index.ts:77
    process.env.OPENCODE_PID = String(process.pid)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #a38bfcbe8a915d19 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/installation/index.ts:147
        const response = yield* httpOk.execute(HttpClientRequest.get("https://opencode.ai/install"))

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #bf9d796e3b083fec Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/installation/index.ts:219
            HttpClientRequest.get("https://formulae.brew.sh/api/formula/opencode.json").pipe(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #55cc312da9347b6d Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/installation/index.ts:239
            HttpClientRequest.get(
              "https://community.chocolatey.org/api/v2/Packages?$filter=Id%20eq%20%27opencode%27%20and%20IsLatestVersion&$select=Version",
            ).pipe(HttpClientRequest.setHeaders({ Accept: "application/json;odata=verbose" })),

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #0aaabd238cd822b8 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/installation/index.ts:249
            HttpClientRequest.get(
              "https://raw.githubusercontent.com/ScoopInstaller/Main/master/bucket/opencode.json",
            ).pipe(HttpClientRequest.setHeaders({ Accept: "application/json" })),

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #764c05c73724ab5f Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/installation/index.ts:258
          HttpClientRequest.get("https://api.github.com/repos/anomalyco/opencode/releases/latest").pipe(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #360e7ebde3becce9 Filesystem access.
repo/packages/opencode/src/lsp/server.ts:6
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #ccc55c627f05f8fe Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:183
      const response = await fetch("https://github.com/microsoft/vscode-eslint/archive/refs/heads/main.zip")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #1a6084c9d86f6e5a Environment-variable access.
repo/packages/opencode/src/lsp/server.ts:445
    const potentialVenvPaths = [process.env["VIRTUAL_ENV"], path.join(root, ".venv"), path.join(root, "venv")].filter(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eb3e42c2a52ef5ee Environment-variable access.
repo/packages/opencode/src/lsp/server.ts:502
    const potentialVenvPaths = [process.env["VIRTUAL_ENV"], path.join(root, ".venv"), path.join(root, "venv")].filter(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #791411dd7d592bca Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:552
        const response = await fetch("https://github.com/elixir-lsp/elixir-ls/archive/refs/heads/master.zip")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #049d960a531b490f Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:600
      const releaseResponse = await fetch("https://api.github.com/repos/zigtools/zls/releases/latest")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #18f44a8a42de859d Environment-variable access.
repo/packages/opencode/src/lsp/server.ts:779
    process.env.DOTNET_CLI_HOME ?? os.homedir(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4847149cb55fb31f Environment-variable access.
repo/packages/opencode/src/lsp/server.ts:789
    process.env.VSCODE_EXTENSIONS,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #3884b85a54f8a7ff Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:976
    const releaseResponse = await fetch("https://api.github.com/repos/clangd/clangd/releases/latest")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #dadcb9cfa318c938 Filesystem access.
repo/packages/opencode/src/lsp/server.ts:1171
        const content = await fs.readFile(pomFiles[i], "utf-8").catch(() => null)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #1c37a3973d62a84c Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:1210
      const download = await fetch(releaseURL)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #9b4e981a9d716bc2 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:1297
      const releaseResponse = await fetch("https://api.github.com/repos/Kotlin/kotlin-lsp/releases/latest")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #385c511ab92a513b Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:1405
      const releaseResponse = await fetch("https://api.github.com/repos/LuaLS/lua-language-server/releases/latest")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #2cad80d3aa37bfe2 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:1632
      const releaseResponse = await fetch("https://api.releases.hashicorp.com/v1/releases/terraform-ls/latest")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #73af66d46cc844d6 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:1705
      const response = await fetch("https://api.github.com/repos/latex-lsp/texlab/releases/latest")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #e48e713030dd09e4 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:1877
      const response = await fetch("https://api.github.com/repos/Myriad-Dreamin/tinymist/releases/latest")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #e09b7dbb96fd63a2 Environment-variable access.
repo/packages/opencode/src/plugin/azure.ts:5
  if (!process.env.AZURE_RESOURCE_NAME) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1a2382d623f21106 Environment-variable access.
repo/packages/opencode/src/plugin/cloudflare.ts:4
  const prompts = !process.env.CLOUDFLARE_ACCOUNT_ID

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dc2329a8f013e62c Environment-variable access.
repo/packages/opencode/src/plugin/cloudflare.ts:31
    ...(!process.env.CLOUDFLARE_ACCOUNT_ID

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3f709b4ca5f32874 Environment-variable access.
repo/packages/opencode/src/plugin/cloudflare.ts:41
    ...(!process.env.CLOUDFLARE_GATEWAY_ID

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #50c7cc323fa2d386 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/plugin/digitalocean.ts:170
  const res = await fetch(`${DO_GENAI_API}/models/routers`, {
    headers: {
      Authorization: `Bearer ${bearer}`,
      Accept: "application/json",
      "User-Agent": `opencode/${InstallationVersion}`,
    },
    signal: AbortSignal.timeout(10_000),
  }).catch(() => undefined)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #ec0d8cb934053837 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/plugin/openai/codex.ts:108
  const response = await fetch(`${ISSUER}/oauth/token`, {
    method: "POST",
    headers: { "Content-Type": "application/x-www-form-urlencoded" },
    body: new URLSearchParams({
      grant_type: "authorization_code",
      code,
      redirect_uri: redirectUri,
      client_id: CLIENT_ID,
      code_verifier: pkce.verifier,
    }).toString(),
  })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #e251b821f31d7c32 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/plugin/openai/codex.ts:455
            const deviceResponse = await fetch(`${ISSUER}/api/accounts/deviceauth/usercode`, {
              method: "POST",
              headers: {
                "Content-Type": "application/json",
                "User-Agent": `opencode/${InstallationVersion}`,
              },
              body: JSON.stringify({ client_id: CLIENT_ID }),
            })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #8f2aaddc086af38a Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/plugin/openai/codex.ts:479
                  const response = await fetch(`${ISSUER}/api/accounts/deviceauth/token`, {
                    method: "POST",
                    headers: {
                      "Content-Type": "application/json",
                      "User-Agent": `opencode/${InstallationVersion}`,
                    },
                    body: JSON.stringify({
                      device_auth_id: deviceData.device_auth_id,
                      user_code: deviceData.user_code,
                    }),
                  })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #2e6f35386e829313 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/plugin/openai/codex.ts:497
                    const tokenResponse = await fetch(`${ISSUER}/oauth/token`, {
                      method: "POST",
                      headers: { "Content-Type": "application/x-www-form-urlencoded" },
                      body: new URLSearchParams({
                        grant_type: "authorization_code",
                        code: data.authorization_code,
                        redirect_uri: `${ISSUER}/deviceauth/callback`,
                        client_id: CLIENT_ID,
                        code_verifier: data.code_verifier,
                      }).toString(),
                    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #112fe5016566b251 Filesystem access.
repo/packages/opencode/src/project/project.ts:327
      const buffer = yield* fs.readFile(shortest).pipe(Effect.orDie)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f799ca8217013a04 Environment-variable access.
repo/packages/opencode/src/provider/provider.ts:306
        const envToken = process.env.AWS_BEARER_TOKEN_BEDROCK

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d2bac288d5aa4c7c Environment-variable access.
repo/packages/opencode/src/provider/provider.ts:309
          process.env.AWS_BEARER_TOKEN_BEDROCK = auth.key

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #febc0b50771138d1 Environment-variable access.
repo/packages/opencode/src/provider/provider.ts:318
        process.env.AWS_CONTAINER_CREDENTIALS_RELATIVE_URI || process.env.AWS_CONTAINER_CREDENTIALS_FULL_URI,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d16d62110d97d664 Environment-variable access.
repo/packages/opencode/src/provider/provider.ts:566
        const envAICoreServiceKey = process.env.AICORE_SERVICE_KEY

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b790ebf0134742e7 Environment-variable access.
repo/packages/opencode/src/provider/provider.ts:569
          process.env.AICORE_SERVICE_KEY = auth.key

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #462b9880effc1e14 Environment-variable access.
repo/packages/opencode/src/provider/provider.ts:574
      const deploymentId = process.env.AICORE_DEPLOYMENT_ID

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9f2ab90c46eff17a Environment-variable access.
repo/packages/opencode/src/provider/provider.ts:575
      const resourceGroup = process.env.AICORE_RESOURCE_GROUP

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #ae4d2412b8990478 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/server/shared/ui.ts:9
export const UI_UPSTREAM = new URL("https://app.opencode.ai")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #836d5a0decf6b729 Filesystem access.
repo/packages/opencode/src/server/shared/ui.ts:72
  return fs.readFile(file).pipe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f2c017feda6ef744 Filesystem access.
repo/packages/opencode/src/session/prompt.ts:964
                    Buffer.from(yield* fsys.readFile(filepath).pipe(Effect.catch(Effect.die))).toString("base64"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2f153dce862a6ee3 Environment-variable access.
repo/packages/opencode/src/share/share-next.ts:23
const disabled = process.env["OPENCODE_DISABLE_SHARE"] === "true" || process.env["OPENCODE_DISABLE_SHARE"] === "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9db451b70d6e0b37 Environment-variable access.
repo/packages/opencode/src/temporary.ts:27
    if (opts.printLogs) process.env.OPENCODE_PRINT_LOGS = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ad0d66f977997b4c Environment-variable access.
repo/packages/opencode/src/temporary.ts:28
    if (opts.logLevel) process.env.OPENCODE_LOG_LEVEL = opts.logLevel

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #febabccbb3938a0b Filesystem access.
repo/packages/opencode/src/tool/apply_patch.ts:115
            const source = yield* Bom.readFile(afs, filePath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b5a113ad590dd804 Filesystem access.
repo/packages/opencode/src/tool/apply_patch.ts:162
            const source = yield* Bom.readFile(afs, filePath).pipe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b4cf0921936d786a Filesystem access.
repo/packages/opencode/src/tool/edit.ts:126
              const source = yield* Bom.readFile(afs, filePath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0ce6205e438fbe93 Environment-variable access.
repo/packages/opencode/src/tool/mcp-websearch.ts:4
export const EXA_URL = process.env.EXA_API_KEY

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0bd52ff628b75e0b Environment-variable access.
repo/packages/opencode/src/tool/mcp-websearch.ts:5
  ? `https://mcp.exa.ai/mcp?exaApiKey=${encodeURIComponent(process.env.EXA_API_KEY)}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #485a39f431117f5e Filesystem access.
repo/packages/opencode/src/tool/read.ts:307
        const bytes = yield* fs.readFile(filepath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e6136953d37511fb Environment-variable access.
repo/packages/opencode/src/tool/shell.ts:142
  if (process.platform !== "win32") return process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #50f0df748996f60c Environment-variable access.
repo/packages/opencode/src/tool/shell.ts:144
  return name ? process.env[name] : undefined

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #87ca091a4cbc3456 Environment-variable access.
repo/packages/opencode/src/tool/websearch.ts:31
  const override = process.env.OPENCODE_WEBSEARCH_PROVIDER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8a06371a3b7f1894 Environment-variable access.
repo/packages/opencode/src/tool/websearch.ts:56
  if (!process.env.PARALLEL_API_KEY) return headers

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8d4b33525af672c3 Environment-variable access.
repo/packages/opencode/src/tool/websearch.ts:57
  return { ...headers, Authorization: `Bearer ${process.env.PARALLEL_API_KEY}` }

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #28e38b9c4ac092b1 Filesystem access.
repo/packages/opencode/src/tool/write.ts:47
          const source = exists ? yield* Bom.readFile(fs, filepath) : { bom: false, text: "" }

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #59d77672ad693a17 Filesystem access.
repo/packages/opencode/src/util/bom.ts:19
  return split(new TextDecoder("utf-8", { ignoreBOM: true }).decode(yield* fs.readFile(filePath)))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #27a365474c926623 Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:1
import { chmod, mkdir, readFile, stat as statFile, writeFile } from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9df2101d0016203b Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:2
import { createWriteStream, existsSync, statSync } from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f50a51b2d02eb917 Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:3
import { realpathSync } from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4af89634de979a1d Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:41
  return readFile(p, "utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f7c91645e736a4a5 Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:45
  return JSON.parse(await readFile(p, "utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #86266d9c763f39e9 Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:49
  return readFile(p)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #09fc50ed136f6cd0 Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:53
  const buf = await readFile(p)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2f10b5c87b6f8c10 Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:64
      await writeFile(p, content, { mode })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #88e3240a66de7818 Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:66
      await writeFile(p, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9ddbfee6898ec2a8 Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:72
        await writeFile(p, content, { mode })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #04740a116d307b9c Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:74
        await writeFile(p, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #19ca1bde1de54f1d Environment-variable access.
repo/packages/opencode/src/util/proxy-env.ts:69
  return process.env[key.toLowerCase()] || process.env[key.toUpperCase()] || ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c4b98dc3f9b9d2e2 Environment-variable access.
repo/packages/opencode/src/util/repository.ts:100
  const base = process.env.OPENCODE_REPO_CLONE_GITHUB_BASE_URL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cddd1f0ea02158f0 Environment-variable access.
repo/packages/script/src/index.ts:21
  OPENCODE_CHANNEL: process.env["OPENCODE_CHANNEL"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e515ec7a5cfa8ab3 Environment-variable access.
repo/packages/script/src/index.ts:22
  OPENCODE_BUMP: process.env["OPENCODE_BUMP"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #87a26b44fa1dcd80 Environment-variable access.
repo/packages/script/src/index.ts:23
  OPENCODE_VERSION: process.env["OPENCODE_VERSION"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1f03e2c488867d3d Environment-variable access.
repo/packages/script/src/index.ts:24
  OPENCODE_RELEASE: process.env["OPENCODE_RELEASE"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #e6dcc506f65484a6 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/script/src/index.ts:37
  const version = await fetch("https://registry.npmjs.org/opencode-ai/latest")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #7897de67612b5dba Environment-variable access.
repo/packages/server/src/auth.ts:53
  const password = credentials?.password ?? process.env.OPENCODE_SERVER_PASSWORD

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fda1814b1586da23 Environment-variable access.
repo/packages/server/src/auth.ts:56
  return `Basic ${Buffer.from(`${credentials?.username ?? process.env.OPENCODE_SERVER_USERNAME ?? "opencode"}:${password}`).toString("base64")}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #572d1c78b3526911 Filesystem access.
repo/packages/session-ui/src/components/file-media.tsx:104
    void input.readFile(input.path).then(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8905eb6b0c303b57 Environment-variable access.
repo/packages/slack/src/index.ts:5
  token: process.env.SLACK_BOT_TOKEN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c562cfdccc4655cd Environment-variable access.
repo/packages/slack/src/index.ts:6
  signingSecret: process.env.SLACK_SIGNING_SECRET,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d23209ef8f25d564 Environment-variable access.
repo/packages/slack/src/index.ts:8
  appToken: process.env.SLACK_APP_TOKEN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a36b57c1b7956162 Environment-variable access.
repo/packages/slack/src/index.ts:12
console.log("- Bot token present:", !!process.env.SLACK_BOT_TOKEN)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #98237702e1f6451e Environment-variable access.
repo/packages/slack/src/index.ts:13
console.log("- Signing secret present:", !!process.env.SLACK_SIGNING_SECRET)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e4b523f71713f9c0 Environment-variable access.
repo/packages/slack/src/index.ts:14
console.log("- App token present:", !!process.env.SLACK_APP_TOKEN)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #12484b1b54ea7f98 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/stats/app/src/routes/api/newsletter.ts:17
  const response = await fetch(`https://api.emailoctopus.com/lists/${listId}/contacts`, {
    method: "PUT",
    headers: {
      Authorization: `Bearer ${Resource.EMAILOCTOPUS_API_KEY.value}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      email_address: emailAddress.trim(),
    }),
  })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #7e5f369af37e150e Environment-variable access.
repo/packages/stats/core/src/domain/home.ts:277
  return process.env.DATABASE_URL ?? Resource.StatsDatabase.url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #42655b004bcac861 Environment-variable access.
repo/packages/stats/core/src/ensure-unique-users.ts:32
    process.env.PLANETSCALE_HOST &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #344d4d8c63bc12fa Environment-variable access.
repo/packages/stats/core/src/ensure-unique-users.ts:33
    process.env.PLANETSCALE_USERNAME &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9146e4f660312e55 Environment-variable access.
repo/packages/stats/core/src/ensure-unique-users.ts:34
    process.env.PLANETSCALE_PASSWORD &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4f948c84a54f42c6 Environment-variable access.
repo/packages/stats/core/src/ensure-unique-users.ts:35
    process.env.PLANETSCALE_DATABASE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #81dcc75e2ecf34f3 Environment-variable access.
repo/packages/stats/core/src/ensure-unique-users.ts:37
    return `mysql://${encodeURIComponent(process.env.PLANETSCALE_USERNAME)}:${encodeURIComponent(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #72ee5a631e47397f Environment-variable access.
repo/packages/stats/core/src/ensure-unique-users.ts:38
      process.env.PLANETSCALE_PASSWORD,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c56d723952843911 Environment-variable access.
repo/packages/stats/core/src/ensure-unique-users.ts:39
    )}@${process.env.PLANETSCALE_HOST}/${process.env.PLANETSCALE_DATABASE}?ssl=${encodeURIComponent(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7a4449f28ba4cd6f Environment-variable access.
repo/packages/stats/core/src/ensure-unique-users.ts:43
  return process.env.DATABASE_URL ?? Resource.StatsDatabase.url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c2c4ef0f8d80a22e Environment-variable access.
repo/packages/stats/core/src/honeycomb-backfill.ts:944
    databaseUrl: flags.get("database-url")?.[0] ?? process.env.DATABASE_URL,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #607b60c2fda4b199 Filesystem access.
repo/packages/storybook/.storybook/playground-css-plugin.ts:117
              const content = fs.readFileSync(abs, "utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2f3575c1376ae38d Filesystem access.
repo/packages/storybook/.storybook/playground-css-plugin.ts:122
                fs.writeFileSync(abs, applied.content, "utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #40de2295b793374a Environment-variable access.
repo/packages/tui/src/app.tsx:267
                        multiplexer: process.env.TMUX ? "tmux" : process.env.STY ? "screen" : undefined,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #65cbe263dea36e82 Environment-variable access.
repo/packages/tui/src/app.tsx:268
                        displayServer: process.env.WAYLAND_DISPLAY

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b328dd387189872c Environment-variable access.
repo/packages/tui/src/app.tsx:270
                          : process.env.DISPLAY

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2fea1c561bfe383a Environment-variable access.
repo/packages/tui/src/app.tsx:277
                          initialRoute: process.env.OPENCODE_ROUTE ? JSON.parse(process.env.OPENCODE_ROUTE) : undefined,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ed5c6b431d35c30f Environment-variable access.
repo/packages/tui/src/app.tsx:278
                          skipInitialLoading: Boolean(process.env.OPENCODE_FAST_BOOT),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3d54d83ee7b2648b Filesystem access.
repo/packages/tui/src/audio.ts:28
  const task = readFile(file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dd5a758c7f0e3bdb Environment-variable access.
repo/packages/tui/src/clipboard.ts:26
  process.stdout.write(process.env.TMUX || process.env.STY ? `\x1bPtmux;\x1b${sequence}\x1b\\` : sequence)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ffb18d35e973baf4 Filesystem access.
repo/packages/tui/src/clipboard.ts:45
      return { data: (await readFile(file)).toString("base64"), mime: "image/png" }

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4ea6898f04ae6619 Environment-variable access.
repo/packages/tui/src/clipboard.ts:101
    const native = copyCommand(platform(), Boolean(process.env.WAYLAND_DISPLAY), (name) => Boolean(which(name)))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #f17917d1269ec514 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/tui/src/component/error-component.tsx:207
  const url = new URL("https://github.com/anomalyco/opencode/issues/new?template=bug-report.yml")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #e25ba5ca5332b439 Filesystem access.
repo/packages/tui/src/component/prompt/local-attachment.ts:17
      readText: (value) => readFile(value, "utf8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ef1fcaaa6126e99a Filesystem access.
repo/packages/tui/src/component/prompt/local-attachment.ts:18
      readBytes: (value) => readFile(value),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5844253581886401 Environment-variable access.
repo/packages/tui/src/context/editor.ts:117
    const value = process.env.CLAUDE_CODE_SSE_PORT || process.env.OPENCODE_EDITOR_SSE_PORT

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #52665587f6e46d86 Environment-variable access.
repo/packages/tui/src/context/editor.ts:121
    const zedTerminal = process.env.ZED_TERM === "true" || process.env.TERM_PROGRAM?.toLowerCase() === "zed"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c701cba227da878b Filesystem access.
repo/packages/tui/src/context/theme.tsx:57
      result[path.basename(file, ".json")] = JSON.parse(await readFile(file, "utf8")) as unknown

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b19c86fbdbc3f6c0 Filesystem access.
repo/packages/tui/src/editor-zed.ts:67
      : await readFileAsync(row.buffer_path, "utf8").catch(() => undefined)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e7628490c90aa627 Environment-variable access.
repo/packages/tui/src/editor-zed.ts:189
    process.env.OPENCODE_ZED_DB,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c40e3e0781933533 Environment-variable access.
repo/packages/tui/src/editor-zed.ts:198
  return process.env.ZED_TERM === "true" || process.env.TERM_PROGRAM?.toLowerCase() === "zed"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #11c06d277d9d120a Environment-variable access.
repo/packages/tui/src/editor.ts:27
  const editor = process.env.VISUAL || process.env.EDITOR

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a818ed266f839433 Filesystem access.
repo/packages/tui/src/editor.ts:30
  await writeFile(file, input.value)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1ce2812bed268f5d Filesystem access.
repo/packages/tui/src/editor.ts:47
    return (await readFile(file, "utf8")) || undefined

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #44969b8afaa65fd3 Filesystem access.
repo/packages/tui/src/editor.ts:71
          const value = JSON.parse(readFileSync(file, "utf8")) as Record<string, unknown>

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ca3c78336312bae0 Filesystem access.
repo/packages/tui/src/routes/session/index.tsx:183
    await writeFile(file, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e6c1612417c5dfc5 Filesystem access.
repo/packages/tui/src/util/persistence.ts:2
import { appendFile, mkdir, rename, rm } from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7719e7b6aa0093cc Environment-variable access.
repo/packages/tui/src/util/system.ts:16
  const program = process.env.TERM_PROGRAM || process.env.TERM || "unknown"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cfa0414f6aa43f4a Environment-variable access.
repo/packages/tui/src/util/system.ts:17
  const version = process.env.TERM_PROGRAM_VERSION ? ` ${process.env.TERM_PROGRAM_VERSION}` : ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0d26b92a31eb7fdf Environment-variable access.
repo/packages/tui/src/util/system.ts:18
  const multiplexer = process.env.TMUX ? " in tmux" : process.env.STY ? " in screen" : ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #226118e05c7334d9 Filesystem access.
repo/packages/ui/vite.config.ts:4
import fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ffef671e7070e43e Environment-variable access.
repo/packages/ui/vite.config.ts:48
  const url = process.env.OPENCODE_MODELS_URL || "https://models.dev"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ae456f2c7ddd6f75 Filesystem access.
repo/packages/ui/vite.config.ts:56
        .then((svg) => fs.writeFileSync(`./src/assets/icons/provider/${provider}.svg`, svg)),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #94fc61b610950017 Environment-variable access.
repo/packages/web/config.mjs:1
const stage = process.env.SST_STAGE || "dev"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e41e6a36fa33955e Filesystem access.
repo/script/beta.ts:4
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d74782bcde53c696 Environment-variable access.
repo/script/beta.ts:61
  if (process.env.GITHUB_ACTIONS !== "true") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #221188207e092054 Filesystem access.
repo/script/changelog.ts:3
import { rm } from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a2fd35501156e658 Environment-variable access.
repo/script/github/close-issues.ts:7
const token = process.env.GITHUB_TOKEN

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #57062ce074b8846a Environment-variable access.
repo/script/github/close-prs.ts:346
  const envToken = process.env.GITHUB_TOKEN ?? process.env.GH_TOKEN

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1e50d88b2f0c995c Environment-variable access.
repo/script/publish.ts:72
  await $`gh release edit ${tag} --draft=false --repo ${process.env.GH_REPO}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0c614d8365af0a96 Environment-variable access.
repo/script/raw-changelog.ts:25
const repo = process.env.GH_REPO ?? "anomalyco/opencode"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f031d4f8bf5f8173 Environment-variable access.
repo/script/stats.ts:4
  const key = process.env["POSTHOG_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #d0fa8f01a87769fd Hardcoded external endpoint. Review what data is sent to this destination.
repo/script/stats.ts:11
  const response = await fetch("https://us.i.posthog.com/i/v0/e/", {
    method: "POST",
    headers: {
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      distinct_id: "download",
      api_key: key,
      event,
      properties: {
        ...properties,
      },
    }),
  }).catch(() => null)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #cec077f11af80931 Environment-variable access.
repo/script/version.ts:7
const sha = process.env.GITHUB_SHA ?? (await $`git rev-parse HEAD`.text()).trim()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #14f0362f7cd7fac3 Environment-variable access.
repo/script/version.ts:15
  const dir = process.env.RUNNER_TEMP ?? "/tmp"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #39ad4bb658c47696 Environment-variable access.
repo/script/version.ts:23
  await $`gh release create v${Script.version} -d --title "v${Script.version}" --repo ${process.env.GH_REPO}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3253f54d5a657070 Environment-variable access.
repo/script/version.ts:25
    await $`gh release view v${Script.version} --json tagName,databaseId --repo ${process.env.GH_REPO}`.json()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c6b7a44e175fc98b Environment-variable access.
repo/script/version.ts:30
output.push(`repo=${process.env.GH_REPO}`)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #76804b5bf79d2c69 Environment-variable access.
repo/script/version.ts:32
if (process.env.GITHUB_OUTPUT) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4edb0a0982c01388 Environment-variable access.
repo/script/version.ts:33
  await Bun.write(process.env.GITHUB_OUTPUT, output.join("\n"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a9e74eccb307c4fa Environment-variable access.
repo/sst.config.ts:14
          profile: process.env.GITHUB_ACTIONS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #781d29f137299687 Environment-variable access.
repo/sst.config.ts:22
          apiKey: process.env.STRIPE_SECRET_KEY!,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/opencode

npm first-party
high pii_flow production #659dd6288ff0627e User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/script/generate.ts:13 · flow /tmp/closeopen-dazfq3g5/repo/packages/opencode/script/generate.ts:10 → /tmp/closeopen-dazfq3g5/repo/packages/opencode/script/generate.ts:13
  : await fetch(`${modelsUrl}/api.json`).then((x) => x.text())

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #d0d16803297b105f User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/cli/cmd/github.handler.ts:791 · flow /tmp/closeopen-dazfq3g5/repo/packages/opencode/src/cli/cmd/github.handler.ts:471 → /tmp/closeopen-dazfq3g5/repo/packages/opencode/src/cli/cmd/github.handler.ts:791
        const res = await fetch(url, {
          headers: {
            Authorization: `Bearer ${appToken}`,
            Accept: "application/vnd.github.v3+json",
          },
        })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #b1d7bc57e6c4db95 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/cli/cmd/github.handler.ts:1583 · flow /tmp/closeopen-dazfq3g5/repo/packages/opencode/src/cli/cmd/github.handler.ts:471 → /tmp/closeopen-dazfq3g5/repo/packages/opencode/src/cli/cmd/github.handler.ts:1583
      await fetch("https://api.github.com/installation/token", {
        method: "DELETE",
        headers: {
          Authorization: `Bearer ${appToken}`,
          Accept: "application/vnd.github+json",
          "X-GitHub-Api-Version": "2022-11-28",
        },
      })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #4367165a7834f135 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/openai/codex.ts:479 · flow /tmp/closeopen-dazfq3g5/repo/packages/opencode/src/plugin/openai/codex.ts:487 → /tmp/closeopen-dazfq3g5/repo/packages/opencode/src/plugin/openai/codex.ts:479
                  const response = await fetch(`${ISSUER}/api/accounts/deviceauth/token`, {
                    method: "POST",
                    headers: {
                      "Content-Type": "application/json",
                      "User-Agent": `opencode/${InstallationVersion}`,
                    },
                    body: JSON.stringify({
                      device_auth_id: deviceData.device_auth_id,
                      user_code: deviceData.user_code,
                    }),
                  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #a9155a83e8b96622 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/openai/codex.ts:497 · flow /tmp/closeopen-dazfq3g5/repo/packages/opencode/src/plugin/openai/codex.ts:487 → /tmp/closeopen-dazfq3g5/repo/packages/opencode/src/plugin/openai/codex.ts:497
                    const tokenResponse = await fetch(`${ISSUER}/oauth/token`, {
                      method: "POST",
                      headers: { "Content-Type": "application/x-www-form-urlencoded" },
                      body: new URLSearchParams({
                        grant_type: "authorization_code",
                        code: data.authorization_code,
                        redirect_uri: `${ISSUER}/deviceauth/callback`,
                        client_id: CLIENT_ID,
                        code_verifier: data.code_verifier,
                      }).toString(),
                    })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #2838975ed3ff6a95 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/xai.ts:149 · flow /tmp/closeopen-dazfq3g5/repo/packages/opencode/src/plugin/xai.ts:149 → /tmp/closeopen-dazfq3g5/repo/packages/opencode/src/plugin/xai.ts:149
  const response = await fetch(options.tokenUrl ?? TOKEN_URL, {
    method: "POST",
    headers: authHeaders(),
    body: new URLSearchParams({
      grant_type: "authorization_code",
      code,
      redirect_uri: REDIRECT_URI,
      client_id: CLIENT_ID,
      code_verifier: pkce.verifier,
    }).toString(),
  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #7330cff124c228d7 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/xai.ts:168 · flow /tmp/closeopen-dazfq3g5/repo/packages/opencode/src/plugin/xai.ts:168 → /tmp/closeopen-dazfq3g5/repo/packages/opencode/src/plugin/xai.ts:168
  const response = await fetch(options.tokenUrl ?? TOKEN_URL, {
    method: "POST",
    headers: authHeaders(),
    body: new URLSearchParams({
      grant_type: "refresh_token",
      refresh_token: refreshToken,
      client_id: CLIENT_ID,
    }).toString(),
  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #1626aa2c49beb506 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/xai.ts:251 · flow /tmp/closeopen-dazfq3g5/repo/packages/opencode/src/plugin/xai.ts:251 → /tmp/closeopen-dazfq3g5/repo/packages/opencode/src/plugin/xai.ts:251
    const response = await fetch(options.tokenUrl ?? TOKEN_URL, {
      method: "POST",
      headers: authHeaders(),
      body: new URLSearchParams({
        grant_type: DEVICE_CODE_GRANT_TYPE,
        client_id: CLIENT_ID,
        device_code: device.device_code,
      }).toString(),
    })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #09a1b8a9fbff4ea7 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/session/llm/native-runtime.ts:90 · flow /tmp/closeopen-dazfq3g5/repo/packages/opencode/src/session/llm/native-runtime.ts:92 → /tmp/closeopen-dazfq3g5/repo/packages/opencode/src/session/llm/native-runtime.ts:90
  const request = LLMNative.request({
    model: input.model,
    apiKey: current.apiKey,
    baseURL: current.baseURL,
    messages: ProviderTransform.message(input.messages, input.model, input.providerOptions ?? {}),
    toolChoice: input.toolChoice,
    temperature: input.temperature,
    topP: input.topP,
    topK: input.topK,
    maxOutputTokens: input.maxOutputTokens,
    providerOptions: ProviderTransform.providerOptions(input.model, input.providerOptions ?? {}),
    headers: { ...providerHeaders(input.provider.options.headers), ...input.headers },
  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

medium telemetry production #688d4a6ec06a70b2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/cli/cmd/debug/snapshot.ts:17
    const out = yield* Snapshot.Service.use((svc) => svc.track())

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #f95fcf344b2c06bd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/plugin/tui/runtime.ts:153
            return scope.track(typeof dispose === "function" ? (dispose as () => void) : undefined)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #45c53f9f202270c6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/plugin/tui/runtime.ts:173
        return scope.track(
          attention.soundboard.registerPack({
            ...pack,
            sounds: resolveHostAttentionSoundPaths(root, pack.sounds, { trim: true }),
          }),
        )

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #29a11246792bf255 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/plugin/tui/runtime.ts:199
      return scope.track(mode.push(value))

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #0d6363648fb40257 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/plugin/tui/runtime.ts:579
      return scope.track(api.route.register(list))

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #3b2023b77e43911a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/plugin/tui/runtime.ts:595
      return scope.track(api.event.on(type, handler))

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #a94a08274882dbb2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/plugin/tui/runtime.ts:607
      scope.track(host.register({ ...plugin, id }))

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #5d9a7a8b84f165fb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/session/processor.ts:102
      const initialSnapshot = yield* snapshot.track()

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #e56b0133f3c20f83 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/session/processor.ts:425
            if (!ctx.snapshot) ctx.snapshot = yield* snapshot.track()

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #eb02a43feb9d7542 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/session/processor.ts:436
            const completedSnapshot = yield* snapshot.track()

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #bb3f967de4f4fcd5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/session/revert.ts:70
      rev.snapshot = session.revert?.snapshot ?? (yield* snap.track())

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #4a0cc8861f4f2bb3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/snapshot/index.ts:780
        return yield* InstanceState.useEffect(state, (s) => s.track())

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 134 low-confidence finding(s)
low env_fs production #65336a5598f6e580 Filesystem access.
repo/packages/opencode/bin/opencode:4
const fs = require("fs")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0af3e20af7f30aa1 Environment-variable access.
repo/packages/opencode/bin/opencode:46
const envPath = process.env.OPENCODE_BIN_PATH

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #36f8a937a462cfed Filesystem access.
repo/packages/opencode/bin/opencode:81
      return /(^|\s)avx2(\s|$)/i.test(fs.readFileSync("/proc/cpuinfo", "utf8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #10a3143df232705e Filesystem access.
repo/packages/opencode/script/build.ts:4
import fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #60973d43d8731c18 Environment-variable access.
repo/packages/opencode/script/build.ts:240
  await $`gh release upload v${Script.version} ./dist/*.zip ./dist/*.tar.gz --clobber --repo ${process.env.GH_REPO}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d7a31f4147f33cf9 Environment-variable access.
repo/packages/opencode/script/generate.ts:10
const modelsUrl = process.env.OPENCODE_MODELS_URL || "https://models.dev"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8cd3dabe3263dd49 Environment-variable access.
repo/packages/opencode/script/generate.ts:11
export const modelsData = process.env.MODELS_DEV_API_JSON

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6f481fa9698a95c9 Environment-variable access.
repo/packages/opencode/script/generate.ts:12
  ? await Bun.file(process.env.MODELS_DEV_API_JSON).text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2ae1a459df68f39d Filesystem access.
repo/packages/opencode/script/postinstall.mjs:4
import fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2f41a836fa0387b7 Filesystem access.
repo/packages/opencode/script/postinstall.mjs:12
const packageJson = JSON.parse(fs.readFileSync(path.join(__dirname, "package.json"), "utf8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b9b803e90fdf54ae Filesystem access.
repo/packages/opencode/script/postinstall.mjs:36
      return /(^|\s)avx2(\s|$)/i.test(fs.readFileSync("/proc/cpuinfo", "utf8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b7af077faed2fae7 Environment-variable access.
repo/packages/opencode/script/publish.ts:199
  const token = process.env.GITHUB_TOKEN

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #55c94b99b631bd01 Environment-variable access.
repo/packages/opencode/specs/v2/api.ts:28
  value: process.env.OPENAI_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #97fa399fc6c8341b Environment-variable access.
repo/packages/opencode/src/acp/profile.ts:1
const enabled = process.env.OPENCODE_ACP_PROFILE === "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #98238ef08a50de4d Environment-variable access.
repo/packages/opencode/src/auth/index.ts:59
      if (process.env.OPENCODE_AUTH_CONTENT) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b4fed5abc50f95a1 Environment-variable access.
repo/packages/opencode/src/auth/index.ts:61
          return JSON.parse(process.env.OPENCODE_AUTH_CONTENT)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fda006c814845d59 Environment-variable access.
repo/packages/opencode/src/cli/cmd/acp.ts:23
    process.env.OPENCODE_CLIENT = "acp"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d5675b4cbf555904 Filesystem access.
repo/packages/opencode/src/cli/cmd/agent.ts:6
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #270147554b680dc4 Environment-variable access.
repo/packages/opencode/src/cli/cmd/debug/index.ts:56
    const termProgram = process.env.TERM_PROGRAM

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #13e6b9dd6a143490 Environment-variable access.
repo/packages/opencode/src/cli/cmd/debug/index.ts:57
      ? `${process.env.TERM_PROGRAM}${process.env.TERM_PROGRAM_VERSION ? ` ${process.env.TERM_PROGRAM_VERSION}` : ""}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e74d0ad7680591dc Environment-variable access.
repo/packages/opencode/src/cli/cmd/debug/index.ts:59
    const terminal = [termProgram, process.env.TERM].filter((item): item is string => Boolean(item)).join(" / ")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4ba40e203c6ee4b8 Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:406
    const variant = process.env["VARIANT"] || undefined

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #11102b6bd8f10cc7 Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:471
        const githubToken = process.env["GITHUB_TOKEN"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d4a44c38a83c9a59 Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:656
      const value = process.env["MODEL"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #520f23f6a47b55fd Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:667
      const value = process.env["GITHUB_RUN_ID"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d60726c5470030ce Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:673
      const value = process.env["SHARE"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a7068b15ee7a56fe Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:681
      const value = process.env["USE_GITHUB_TOKEN"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6c5f951c196c41ad Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:689
      const value = process.env["OIDC_BASE_URL"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ee5545d722704c26 Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:724
      const customPrompt = process.env["PROMPT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9a50c371a219b75b Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:739
      const mentions = (process.env["MENTIONS"] || "/opencode,/oc")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #7d8052d86718f4df Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/cli/cmd/github.handler.ts:1583
      await fetch("https://api.github.com/installation/token", {
        method: "DELETE",
        headers: {
          Authorization: `Bearer ${appToken}`,
          Accept: "application/vnd.github+json",
          "X-GitHub-Api-Version": "2022-11-28",
        },
      })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #be600e6990dd510f Environment-variable access.
repo/packages/opencode/src/cli/cmd/providers.ts:277
        if (process.env[envVar]) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7b79aa4aed73b615 Environment-variable access.
repo/packages/opencode/src/cli/cmd/run.ts:333
      const root = Filesystem.resolve(process.env.PWD ?? process.cwd())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4968f16285243013 Filesystem access.
repo/packages/opencode/src/cli/cmd/run/runtime.stdin.ts:1
import fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fedb4966a2b02667 Filesystem access.
repo/packages/opencode/src/cli/cmd/run/trace.ts:14
import fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3c6ec2b081c7cbd3 Environment-variable access.
repo/packages/opencode/src/cli/cmd/run/trace.ts:58
  if (!process.env.OPENCODE_DIRECT_TRACE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c2c3dfe432dd37bc Filesystem access.
repo/packages/opencode/src/cli/cmd/run/trace.ts:65
  fs.writeFileSync(
    latest(),
    text({
      time: new Date().toISOString(),
      pid: process.pid,
      cwd: process.cwd(),
      argv: process.argv.slice(2),
      path: target,
    }) + "\n",
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2dc411132d1a7c9e Environment-variable access.
repo/packages/opencode/src/cli/cmd/tui.ts:66
export function resolveThreadDirectory(project?: string, envPWD = process.env.PWD, cwd = process.cwd()) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f075834d85057ae9 Filesystem access.
repo/packages/opencode/src/cli/cmd/uninstall.ts:6
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #13961af3ef34fb49 Environment-variable access.
repo/packages/opencode/src/cli/cmd/uninstall.ts:236
  const shell = path.basename(process.env.SHELL || "bash")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ec4993aa86be17b1 Environment-variable access.
repo/packages/opencode/src/cli/cmd/uninstall.ts:238
  const xdgConfig = process.env.XDG_CONFIG_HOME || path.join(home, ".config")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0e641a131a07da33 Filesystem access.
repo/packages/opencode/src/config/config.ts:9
import fsNode from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #52ded48ffc6b7d4c Filesystem access.
repo/packages/opencode/src/config/config.ts:15
import { existsSync } from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7e2ac0536368b1c9 Filesystem access.
repo/packages/opencode/src/config/config.ts:271
              await fsNode.writeFile(path.join(Global.Path.config, "config.json"), JSON.stringify(result, null, 2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #51d39ead8464fd22 Environment-variable access.
repo/packages/opencode/src/config/config.ts:468
        if (process.env.OPENCODE_CONFIG_CONTENT) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #10a92fe1e65d2780 Environment-variable access.
repo/packages/opencode/src/config/config.ts:470
          const next = yield* loadConfig(process.env.OPENCODE_CONFIG_CONTENT, {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cca6ac53c4740eea Environment-variable access.
repo/packages/opencode/src/config/config.ts:491
              process.env["OPENCODE_CONSOLE_TOKEN"] = tokenOpt.value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6cf713a7450a2b3b Filesystem access.
repo/packages/opencode/src/config/managed.ts:3
import { existsSync } from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e05c946cf37cc3c3 Environment-variable access.
repo/packages/opencode/src/config/managed.ts:25
      return path.join(process.env.ProgramData || "C:\\ProgramData", "opencode")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eb0c07dcb0a85712 Environment-variable access.
repo/packages/opencode/src/config/managed.ts:32
  return process.env.OPENCODE_TEST_MANAGED_CONFIG_DIR || systemManagedConfigDir()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8b45791d7c04246f Environment-variable access.
repo/packages/opencode/src/config/variable.ts:37
    return (input.env?.[varName] ?? process.env[varName]) || ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b8f9161950fbc670 Filesystem access.
repo/packages/opencode/src/control-plane/dev/debug-workspace-plugin.ts:30
  await writeFile(
    DEV_DATA_TEMP_FILE,
    JSON.stringify(
      {
        port,
        id,
        env,
      },
      null,
      2,
    ),
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fdacd6deabf4bcc3 Environment-variable access.
repo/packages/opencode/src/control-plane/workspace.ts:533
        OTEL_EXPORTER_OTLP_HEADERS: process.env.OTEL_EXPORTER_OTLP_HEADERS,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c1ce60c35b8cfe39 Environment-variable access.
repo/packages/opencode/src/control-plane/workspace.ts:534
        OTEL_EXPORTER_OTLP_ENDPOINT: process.env.OTEL_EXPORTER_OTLP_ENDPOINT,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c0c5ba98f2061852 Environment-variable access.
repo/packages/opencode/src/control-plane/workspace.ts:535
        OTEL_RESOURCE_ATTRIBUTES: process.env.OTEL_RESOURCE_ATTRIBUTES,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f3045d01f87b38b8 Environment-variable access.
repo/packages/opencode/src/ide/index.ts:23
  if (process.env["TERM_PROGRAM"] === "vscode") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f6187ba2b92e2bd8 Environment-variable access.
repo/packages/opencode/src/ide/index.ts:24
    const v = process.env["GIT_ASKPASS"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a275b31a937ddf9e Environment-variable access.
repo/packages/opencode/src/ide/index.ts:33
  return process.env["OPENCODE_CALLER"] === "vscode" || process.env["OPENCODE_CALLER"] === "vscode-insiders"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f7353537e5f54061 Environment-variable access.
repo/packages/opencode/src/index.ts:67
    if (opts.printLogs) process.env.OPENCODE_PRINT_LOGS = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #77b7060bf2ce2c86 Environment-variable access.
repo/packages/opencode/src/index.ts:68
    if (opts.logLevel) process.env.OPENCODE_LOG_LEVEL = opts.logLevel

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #547893d6bc818368 Environment-variable access.
repo/packages/opencode/src/index.ts:70
      process.env.OPENCODE_PURE = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7b746fabe53468a1 Environment-variable access.
repo/packages/opencode/src/index.ts:75
    process.env.AGENT = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #213aaddb96894f1a Environment-variable access.
repo/packages/opencode/src/index.ts:76
    process.env.OPENCODE = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f1aaa1f82aaa1689 Environment-variable access.
repo/packages/opencode/src/index.ts:77
    process.env.OPENCODE_PID = String(process.pid)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #a38bfcbe8a915d19 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/installation/index.ts:147
        const response = yield* httpOk.execute(HttpClientRequest.get("https://opencode.ai/install"))

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #bf9d796e3b083fec Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/installation/index.ts:219
            HttpClientRequest.get("https://formulae.brew.sh/api/formula/opencode.json").pipe(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #55cc312da9347b6d Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/installation/index.ts:239
            HttpClientRequest.get(
              "https://community.chocolatey.org/api/v2/Packages?$filter=Id%20eq%20%27opencode%27%20and%20IsLatestVersion&$select=Version",
            ).pipe(HttpClientRequest.setHeaders({ Accept: "application/json;odata=verbose" })),

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #0aaabd238cd822b8 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/installation/index.ts:249
            HttpClientRequest.get(
              "https://raw.githubusercontent.com/ScoopInstaller/Main/master/bucket/opencode.json",
            ).pipe(HttpClientRequest.setHeaders({ Accept: "application/json" })),

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #764c05c73724ab5f Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/installation/index.ts:258
          HttpClientRequest.get("https://api.github.com/repos/anomalyco/opencode/releases/latest").pipe(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #360e7ebde3becce9 Filesystem access.
repo/packages/opencode/src/lsp/server.ts:6
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #ccc55c627f05f8fe Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:183
      const response = await fetch("https://github.com/microsoft/vscode-eslint/archive/refs/heads/main.zip")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #1a6084c9d86f6e5a Environment-variable access.
repo/packages/opencode/src/lsp/server.ts:445
    const potentialVenvPaths = [process.env["VIRTUAL_ENV"], path.join(root, ".venv"), path.join(root, "venv")].filter(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eb3e42c2a52ef5ee Environment-variable access.
repo/packages/opencode/src/lsp/server.ts:502
    const potentialVenvPaths = [process.env["VIRTUAL_ENV"], path.join(root, ".venv"), path.join(root, "venv")].filter(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #791411dd7d592bca Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:552
        const response = await fetch("https://github.com/elixir-lsp/elixir-ls/archive/refs/heads/master.zip")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #049d960a531b490f Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:600
      const releaseResponse = await fetch("https://api.github.com/repos/zigtools/zls/releases/latest")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #18f44a8a42de859d Environment-variable access.
repo/packages/opencode/src/lsp/server.ts:779
    process.env.DOTNET_CLI_HOME ?? os.homedir(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4847149cb55fb31f Environment-variable access.
repo/packages/opencode/src/lsp/server.ts:789
    process.env.VSCODE_EXTENSIONS,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #3884b85a54f8a7ff Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:976
    const releaseResponse = await fetch("https://api.github.com/repos/clangd/clangd/releases/latest")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #dadcb9cfa318c938 Filesystem access.
repo/packages/opencode/src/lsp/server.ts:1171
        const content = await fs.readFile(pomFiles[i], "utf-8").catch(() => null)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #1c37a3973d62a84c Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:1210
      const download = await fetch(releaseURL)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #9b4e981a9d716bc2 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:1297
      const releaseResponse = await fetch("https://api.github.com/repos/Kotlin/kotlin-lsp/releases/latest")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #385c511ab92a513b Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:1405
      const releaseResponse = await fetch("https://api.github.com/repos/LuaLS/lua-language-server/releases/latest")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #2cad80d3aa37bfe2 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:1632
      const releaseResponse = await fetch("https://api.releases.hashicorp.com/v1/releases/terraform-ls/latest")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #73af66d46cc844d6 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:1705
      const response = await fetch("https://api.github.com/repos/latex-lsp/texlab/releases/latest")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #e48e713030dd09e4 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:1877
      const response = await fetch("https://api.github.com/repos/Myriad-Dreamin/tinymist/releases/latest")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #e09b7dbb96fd63a2 Environment-variable access.
repo/packages/opencode/src/plugin/azure.ts:5
  if (!process.env.AZURE_RESOURCE_NAME) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1a2382d623f21106 Environment-variable access.
repo/packages/opencode/src/plugin/cloudflare.ts:4
  const prompts = !process.env.CLOUDFLARE_ACCOUNT_ID

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dc2329a8f013e62c Environment-variable access.
repo/packages/opencode/src/plugin/cloudflare.ts:31
    ...(!process.env.CLOUDFLARE_ACCOUNT_ID

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3f709b4ca5f32874 Environment-variable access.
repo/packages/opencode/src/plugin/cloudflare.ts:41
    ...(!process.env.CLOUDFLARE_GATEWAY_ID

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #50c7cc323fa2d386 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/plugin/digitalocean.ts:170
  const res = await fetch(`${DO_GENAI_API}/models/routers`, {
    headers: {
      Authorization: `Bearer ${bearer}`,
      Accept: "application/json",
      "User-Agent": `opencode/${InstallationVersion}`,
    },
    signal: AbortSignal.timeout(10_000),
  }).catch(() => undefined)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #ec0d8cb934053837 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/plugin/openai/codex.ts:108
  const response = await fetch(`${ISSUER}/oauth/token`, {
    method: "POST",
    headers: { "Content-Type": "application/x-www-form-urlencoded" },
    body: new URLSearchParams({
      grant_type: "authorization_code",
      code,
      redirect_uri: redirectUri,
      client_id: CLIENT_ID,
      code_verifier: pkce.verifier,
    }).toString(),
  })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #e251b821f31d7c32 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/plugin/openai/codex.ts:455
            const deviceResponse = await fetch(`${ISSUER}/api/accounts/deviceauth/usercode`, {
              method: "POST",
              headers: {
                "Content-Type": "application/json",
                "User-Agent": `opencode/${InstallationVersion}`,
              },
              body: JSON.stringify({ client_id: CLIENT_ID }),
            })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #8f2aaddc086af38a Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/plugin/openai/codex.ts:479
                  const response = await fetch(`${ISSUER}/api/accounts/deviceauth/token`, {
                    method: "POST",
                    headers: {
                      "Content-Type": "application/json",
                      "User-Agent": `opencode/${InstallationVersion}`,
                    },
                    body: JSON.stringify({
                      device_auth_id: deviceData.device_auth_id,
                      user_code: deviceData.user_code,
                    }),
                  })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #2e6f35386e829313 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/plugin/openai/codex.ts:497
                    const tokenResponse = await fetch(`${ISSUER}/oauth/token`, {
                      method: "POST",
                      headers: { "Content-Type": "application/x-www-form-urlencoded" },
                      body: new URLSearchParams({
                        grant_type: "authorization_code",
                        code: data.authorization_code,
                        redirect_uri: `${ISSUER}/deviceauth/callback`,
                        client_id: CLIENT_ID,
                        code_verifier: data.code_verifier,
                      }).toString(),
                    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #112fe5016566b251 Filesystem access.
repo/packages/opencode/src/project/project.ts:327
      const buffer = yield* fs.readFile(shortest).pipe(Effect.orDie)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f799ca8217013a04 Environment-variable access.
repo/packages/opencode/src/provider/provider.ts:306
        const envToken = process.env.AWS_BEARER_TOKEN_BEDROCK

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d2bac288d5aa4c7c Environment-variable access.
repo/packages/opencode/src/provider/provider.ts:309
          process.env.AWS_BEARER_TOKEN_BEDROCK = auth.key

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #febc0b50771138d1 Environment-variable access.
repo/packages/opencode/src/provider/provider.ts:318
        process.env.AWS_CONTAINER_CREDENTIALS_RELATIVE_URI || process.env.AWS_CONTAINER_CREDENTIALS_FULL_URI,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d16d62110d97d664 Environment-variable access.
repo/packages/opencode/src/provider/provider.ts:566
        const envAICoreServiceKey = process.env.AICORE_SERVICE_KEY

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b790ebf0134742e7 Environment-variable access.
repo/packages/opencode/src/provider/provider.ts:569
          process.env.AICORE_SERVICE_KEY = auth.key

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #462b9880effc1e14 Environment-variable access.
repo/packages/opencode/src/provider/provider.ts:574
      const deploymentId = process.env.AICORE_DEPLOYMENT_ID

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9f2ab90c46eff17a Environment-variable access.
repo/packages/opencode/src/provider/provider.ts:575
      const resourceGroup = process.env.AICORE_RESOURCE_GROUP

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #ae4d2412b8990478 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/server/shared/ui.ts:9
export const UI_UPSTREAM = new URL("https://app.opencode.ai")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #836d5a0decf6b729 Filesystem access.
repo/packages/opencode/src/server/shared/ui.ts:72
  return fs.readFile(file).pipe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f2c017feda6ef744 Filesystem access.
repo/packages/opencode/src/session/prompt.ts:964
                    Buffer.from(yield* fsys.readFile(filepath).pipe(Effect.catch(Effect.die))).toString("base64"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2f153dce862a6ee3 Environment-variable access.
repo/packages/opencode/src/share/share-next.ts:23
const disabled = process.env["OPENCODE_DISABLE_SHARE"] === "true" || process.env["OPENCODE_DISABLE_SHARE"] === "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9db451b70d6e0b37 Environment-variable access.
repo/packages/opencode/src/temporary.ts:27
    if (opts.printLogs) process.env.OPENCODE_PRINT_LOGS = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ad0d66f977997b4c Environment-variable access.
repo/packages/opencode/src/temporary.ts:28
    if (opts.logLevel) process.env.OPENCODE_LOG_LEVEL = opts.logLevel

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #febabccbb3938a0b Filesystem access.
repo/packages/opencode/src/tool/apply_patch.ts:115
            const source = yield* Bom.readFile(afs, filePath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b5a113ad590dd804 Filesystem access.
repo/packages/opencode/src/tool/apply_patch.ts:162
            const source = yield* Bom.readFile(afs, filePath).pipe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b4cf0921936d786a Filesystem access.
repo/packages/opencode/src/tool/edit.ts:126
              const source = yield* Bom.readFile(afs, filePath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0ce6205e438fbe93 Environment-variable access.
repo/packages/opencode/src/tool/mcp-websearch.ts:4
export const EXA_URL = process.env.EXA_API_KEY

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0bd52ff628b75e0b Environment-variable access.
repo/packages/opencode/src/tool/mcp-websearch.ts:5
  ? `https://mcp.exa.ai/mcp?exaApiKey=${encodeURIComponent(process.env.EXA_API_KEY)}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #485a39f431117f5e Filesystem access.
repo/packages/opencode/src/tool/read.ts:307
        const bytes = yield* fs.readFile(filepath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e6136953d37511fb Environment-variable access.
repo/packages/opencode/src/tool/shell.ts:142
  if (process.platform !== "win32") return process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #50f0df748996f60c Environment-variable access.
repo/packages/opencode/src/tool/shell.ts:144
  return name ? process.env[name] : undefined

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #87ca091a4cbc3456 Environment-variable access.
repo/packages/opencode/src/tool/websearch.ts:31
  const override = process.env.OPENCODE_WEBSEARCH_PROVIDER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8a06371a3b7f1894 Environment-variable access.
repo/packages/opencode/src/tool/websearch.ts:56
  if (!process.env.PARALLEL_API_KEY) return headers

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8d4b33525af672c3 Environment-variable access.
repo/packages/opencode/src/tool/websearch.ts:57
  return { ...headers, Authorization: `Bearer ${process.env.PARALLEL_API_KEY}` }

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #28e38b9c4ac092b1 Filesystem access.
repo/packages/opencode/src/tool/write.ts:47
          const source = exists ? yield* Bom.readFile(fs, filepath) : { bom: false, text: "" }

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #59d77672ad693a17 Filesystem access.
repo/packages/opencode/src/util/bom.ts:19
  return split(new TextDecoder("utf-8", { ignoreBOM: true }).decode(yield* fs.readFile(filePath)))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #27a365474c926623 Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:1
import { chmod, mkdir, readFile, stat as statFile, writeFile } from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9df2101d0016203b Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:2
import { createWriteStream, existsSync, statSync } from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f50a51b2d02eb917 Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:3
import { realpathSync } from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4af89634de979a1d Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:41
  return readFile(p, "utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f7c91645e736a4a5 Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:45
  return JSON.parse(await readFile(p, "utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #86266d9c763f39e9 Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:49
  return readFile(p)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #09fc50ed136f6cd0 Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:53
  const buf = await readFile(p)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2f10b5c87b6f8c10 Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:64
      await writeFile(p, content, { mode })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #88e3240a66de7818 Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:66
      await writeFile(p, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9ddbfee6898ec2a8 Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:72
        await writeFile(p, content, { mode })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #04740a116d307b9c Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:74
        await writeFile(p, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #19ca1bde1de54f1d Environment-variable access.
repo/packages/opencode/src/util/proxy-env.ts:69
  return process.env[key.toLowerCase()] || process.env[key.toUpperCase()] || ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c4b98dc3f9b9d2e2 Environment-variable access.
repo/packages/opencode/src/util/repository.ts:100
  const base = process.env.OPENCODE_REPO_CLONE_GITHUB_BASE_URL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/console/app

npm first-party
high pii_flow production #61a601408bb2b31c User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/app/src/component/email-signup.tsx:10 · flow /tmp/closeopen-dazfq3g5/repo/packages/console/app/src/component/email-signup.tsx:13 → /tmp/closeopen-dazfq3g5/repo/packages/console/app/src/component/email-signup.tsx:10
  const response = await fetch(`https://api.emailoctopus.com/lists/${listId}/contacts`, {
    method: "PUT",
    headers: {
      Authorization: `Bearer ${Resource.EMAILOCTOPUS_API_KEY.value}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      email_address: emailAddress,
    }),
  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #8e3a30af3f34c9d8 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/app/src/lib/salesforce.ts:54 · flow /tmp/closeopen-dazfq3g5/repo/packages/console/app/src/lib/salesforce.ts:63 → /tmp/closeopen-dazfq3g5/repo/packages/console/app/src/lib/salesforce.ts:54
  const res = await fetch(`${auth.url}/services/data/v59.0/sobjects/Lead`, {
    method: "POST",
    headers: {
      Authorization: `Bearer ${auth.token}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      LastName: input.name,
      Company: input.company?.trim() || "Website",
      Email: input.email,
      Phone: input.phone ?? null,
      Title: input.role,
      Description: input.message,
      LeadSource: "Website",
    }),
  }).catch((err) => {

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #a4af5327824029e0 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/app/src/routes/api/enterprise.ts:39 · flow /tmp/closeopen-dazfq3g5/repo/packages/console/app/src/routes/api/enterprise.ts:42 → /tmp/closeopen-dazfq3g5/repo/packages/console/app/src/routes/api/enterprise.ts:39
  return fetch(`https://api.emailoctopus.com/lists/${EMAIL_OCTOPUS_LIST_ID}/contacts`, {
    method: "PUT",
    headers: {
      Authorization: `Bearer ${Resource.EMAILOCTOPUS_API_KEY.value}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify(payload),
  }).then(

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

medium pii_flow production #fff23f96a1cdf681 Credentials parsed from the request URL are applied as authorization on the same outbound HTTP request. This is intentional URL authentication, not unexpected data exfiltration.
repo/packages/console/app/src/lib/salesforce.ts:54 · flow /tmp/closeopen-dazfq3g5/repo/packages/console/app/src/lib/salesforce.ts:57 → /tmp/closeopen-dazfq3g5/repo/packages/console/app/src/lib/salesforce.ts:54
  const res = await fetch(`${auth.url}/services/data/v59.0/sobjects/Lead`, {
    method: "POST",
    headers: {
      Authorization: `Bearer ${auth.token}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      LastName: input.name,
      Company: input.company?.trim() || "Website",
      Email: input.email,
      Phone: input.phone ?? null,
      Title: input.role,
      Description: input.message,
      LeadSource: "Website",
    }),
  }).catch((err) => {

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

medium telemetry production #9b98805dc7727a82 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:312
      await rateLimiter?.track()

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #8eddb80e3cf89e20 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:317
        await trialLimiter?.track(usageInfo)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #9f23cf4c0d82e986 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:318
        await modelTpmLimiter?.track(providerInfo.id, providerInfo.model, usageInfo)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ad5a46b31764fd99 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:319
        await providerBudgetTracker?.track(providerInfo.id, providerInfo.budgetPriority, costInfo.totalCostInCent)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #9ebac4a8345473e5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:366
                await rateLimiter?.track()

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #bd791250e93d1134 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:371
                  await trialLimiter?.track(usageInfo)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #12b95138fb862e15 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:372
                  await modelTpmLimiter?.track(providerInfo.id, providerInfo.model, usageInfo)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #6cdc4614399e0927 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:373
                  await modelTpsLimiter?.track(
                    providerInfo.id,
                    providerInfo.model,
                    providerInfo.tpsGoal,
                    timestampFirstByte,
                    timestampLastByte,
                    usageInfo,
                  )

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #2fef1c2df4143da0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:381
                  await providerBudgetTracker?.track(
                    providerInfo.id,
                    providerInfo.budgetPriority,
                    costInfo.totalCostInCent,
                  )

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 6 low-confidence finding(s)
low env_fs production #84124d9978408686 Filesystem access.
repo/packages/console/app/script/generate-sitemap.ts:2
import { readdir, writeFile } from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #564c28bc34a519b9 Filesystem access.
repo/packages/console/app/script/generate-sitemap.ts:103
  await writeFile(outputPath, xml, "utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #070ef8d9698b7bfe Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/console/app/src/component/email-signup.tsx:10
  const response = await fetch(`https://api.emailoctopus.com/lists/${listId}/contacts`, {
    method: "PUT",
    headers: {
      Authorization: `Bearer ${Resource.EMAILOCTOPUS_API_KEY.value}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      email_address: emailAddress,
    }),
  })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #07637196088e9a45 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/console/app/src/lib/changelog.ts:42
  const response = await fetch("https://api.github.com/repos/anomalyco/opencode/releases?per_page=20", {
    headers: {
      Accept: "application/vnd.github.v3+json",
      "User-Agent": "OpenCode-Console",
    },
    cf: {
      // best-effort edge caching (ignored outside Cloudflare)
      cacheTtl: 60 * 5,
      cacheEverything: true,
    },
  } as RequestInit).catch(() => undefined)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #26ed49a4cedb1a98 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/console/app/src/routes/api/enterprise.ts:39
  return fetch(`https://api.emailoctopus.com/lists/${EMAIL_OCTOPUS_LIST_ID}/contacts`, {
    method: "PUT",
    headers: {
      Authorization: `Bearer ${Resource.EMAILOCTOPUS_API_KEY.value}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify(payload),
  }).then(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #44a3a36cf543f750 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/console/app/src/routes/openapi.json.ts:2
  const response = await fetch(
    "https://raw.githubusercontent.com/anomalyco/opencode/refs/heads/dev/packages/sdk/openapi.json",
  )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

first-party (npm): packages/desktop

npm first-party
high pii_flow production #54339237163cbb1d User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/desktop/scripts/finalize-latest-json.ts:32 · flow /tmp/closeopen-dazfq3g5/repo/packages/desktop/scripts/finalize-latest-json.ts:16 → /tmp/closeopen-dazfq3g5/repo/packages/desktop/scripts/finalize-latest-json.ts:32
const rel = await fetch(`https://api.github.com/repos/${repo}/releases/${releaseId}`, {
  headers: {
    Authorization: `token ${token}`,
    Accept: "application/vnd.github+json",
  },
})

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #6b6d14708990e4e1 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/desktop/scripts/finalize-latest-json.ts:116 · flow /tmp/closeopen-dazfq3g5/repo/packages/desktop/scripts/finalize-latest-json.ts:16 → /tmp/closeopen-dazfq3g5/repo/packages/desktop/scripts/finalize-latest-json.ts:116
  const res = await fetch(asset?.url ?? url, {
    headers: {
      Authorization: `token ${token}`,
      ...(asset ? { Accept: "application/octet-stream" } : {}),
    },
  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

medium telemetry production #676f38b2e01f1373 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/desktop/electron.vite.config.ts:1
import { sentryVitePlugin } from "@sentry/vite-plugin"

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #96b9cf0e16cbd31c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/desktop/src/renderer/index.tsx:18
import * as Sentry from "@sentry/solid"

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 63 low-confidence finding(s)
low env_fs production #1776e2628a315c6b Environment-variable access.
repo/packages/desktop/electron-builder.config.test.ts:14
    const previous = process.env.OPENCODE_CHANNEL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5012129fcfa7ae1d Environment-variable access.
repo/packages/desktop/electron-builder.config.test.ts:15
    process.env.OPENCODE_CHANNEL = channel.channel

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #71e25833467731c8 Environment-variable access.
repo/packages/desktop/electron-builder.config.test.ts:20
    if (previous === undefined) delete process.env.OPENCODE_CHANNEL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f15698f6c5d06b27 Environment-variable access.
repo/packages/desktop/electron-builder.config.test.ts:21
    else process.env.OPENCODE_CHANNEL = previous

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8dcecb9f5c828abf Environment-variable access.
repo/packages/desktop/electron-builder.config.test.ts:31
  const previous = process.env.OPENCODE_CHANNEL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6ac82c4463b185fc Environment-variable access.
repo/packages/desktop/electron-builder.config.test.ts:32
  process.env.OPENCODE_CHANNEL = "prod"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4c135867d269ae11 Environment-variable access.
repo/packages/desktop/electron-builder.config.test.ts:37
  if (previous === undefined) delete process.env.OPENCODE_CHANNEL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #77042e26332bb2dc Environment-variable access.
repo/packages/desktop/electron-builder.config.test.ts:38
  else process.env.OPENCODE_CHANNEL = previous

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #01c03b6bc5a8be8d Environment-variable access.
repo/packages/desktop/electron-builder.config.ts:20
  if (process.env.GITHUB_ACTIONS !== "true") return

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #25cf629f64347d83 Environment-variable access.
repo/packages/desktop/electron-builder.config.ts:30
  const raw = process.env.OPENCODE_CHANNEL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #314b72574d463d09 Environment-variable access.
repo/packages/desktop/electron.vite.config.ts:9
  const raw = process.env.OPENCODE_CHANNEL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #53b12e6bbeef349c Environment-variable access.
repo/packages/desktop/electron.vite.config.ts:11
  if (process.env.OPENCODE_CHANNEL === "latest") return "prod"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b559cbb5ee3cd232 Environment-variable access.
repo/packages/desktop/electron.vite.config.ts:18
  process.env.SENTRY_AUTH_TOKEN && process.env.SENTRY_ORG && process.env.SENTRY_PROJECT

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #65891138d8fdafab Environment-variable access.
repo/packages/desktop/electron.vite.config.ts:20
        authToken: process.env.SENTRY_AUTH_TOKEN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4bdc4b953c97fef6 Environment-variable access.
repo/packages/desktop/electron.vite.config.ts:21
        org: process.env.SENTRY_ORG,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6037c711061d9463 Environment-variable access.
repo/packages/desktop/electron.vite.config.ts:22
        project: process.env.SENTRY_PROJECT,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b21441b1434da9a7 Environment-variable access.
repo/packages/desktop/electron.vite.config.ts:25
          name: process.env.SENTRY_RELEASE ?? process.env.VITE_SENTRY_RELEASE,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #64aec405690b62e2 Filesystem access.
repo/packages/desktop/electron.vite.config.ts:76
            await fs.writeFile(`./out/main/chunks/${l}`, await fs.readFile(`${OPENCODE_SERVER_DIST}/${l}`))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2b7dd02cc6cee826 Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-json.ts:16
const repo = process.env.GH_REPO

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6717baf6685d221a Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-json.ts:19
const releaseId = process.env.OPENCODE_RELEASE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2e7fa2471c5ff1c4 Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-json.ts:22
const version = process.env.OPENCODE_VERSION

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #44f6a7e6627e9ab3 Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-json.ts:25
const dir = process.env.LATEST_YML_DIR

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9625b79a70c01f41 Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-json.ts:29
const token = process.env.GH_TOKEN ?? process.env.GITHUB_TOKEN

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5874b83039c1589c Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-json.ts:126
  const tmp = process.env.RUNNER_TEMP ?? "/tmp"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #541df8cf048f9e55 Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-json.ts:207
const tmp = process.env.RUNNER_TEMP ?? "/tmp"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6e201ecb862427f2 Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-yml.ts:6
const dir = process.env.LATEST_YML_DIR!

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d31aeaf730b19de4 Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-yml.ts:9
const repo = process.env.GH_REPO

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b8469b016aa45ed7 Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-yml.ts:12
const version = process.env.OPENCODE_VERSION

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #60768c6659f5bc2a Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-yml.ts:115
const tmp = process.env.RUNNER_TEMP ?? "/tmp"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ac3422fe8f05b530 Environment-variable access.
repo/packages/desktop/scripts/predev.ts:3
await $`bun ./scripts/copy-icons.ts ${process.env.OPENCODE_CHANNEL ?? "dev"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #395577a97cd6de10 Environment-variable access.
repo/packages/desktop/scripts/utils.ts:66
  if (process.platform === "win32" && process.env.GITHUB_ACTIONS === "true") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c805e31b48421e78 Environment-variable access.
repo/packages/desktop/src/main/apps.ts:27
  const home = process.env.HOME

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6b12a4a69359b977 Filesystem access.
repo/packages/desktop/src/main/apps.ts:58
    const content = await readFile(path, "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ec83021b2ed6e831 Filesystem access.
repo/packages/desktop/src/main/attachment-picker.test.ts:27
      await writeFile(file, "lorem ipsum")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #45fc73f62d6f7618 Filesystem access.
repo/packages/desktop/src/main/attachment-picker.test.ts:38
      await writeFile(file, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e8a6c443fdd92002 Environment-variable access.
repo/packages/desktop/src/main/index.ts:56
const TEST_ONBOARDING = process.env.OPENCODE_TEST_ONBOARDING === "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f1e66f47e23278c5 Environment-variable access.
repo/packages/desktop/src/main/index.ts:90
    const items = (process.env[key] ?? "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8cd55369eba9ff3d Environment-variable access.
repo/packages/desktop/src/main/index.ts:100
    process.env[key] = items.join(",")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a9a6f6a458517b68 Environment-variable access.
repo/packages/desktop/src/main/index.ts:115
  process.env.OPENCODE_DISABLE_EMBEDDED_WEB_UI = "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b446a3393a0b3a44 Environment-variable access.
repo/packages/desktop/src/main/index.ts:126
    process.env.OPENCODE_DB = ":memory:"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #deaaaf083580f83f Environment-variable access.
repo/packages/desktop/src/main/index.ts:127
    process.env.XDG_DATA_HOME = join(root, "data")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a6378f0a980d51ff Environment-variable access.
repo/packages/desktop/src/main/index.ts:128
    process.env.XDG_CONFIG_HOME = join(root, "config")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a1a8fef4b372b111 Environment-variable access.
repo/packages/desktop/src/main/index.ts:129
    process.env.XDG_CACHE_HOME = join(root, "cache")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1682bc90a68a399f Environment-variable access.
repo/packages/desktop/src/main/index.ts:130
    process.env.XDG_STATE_HOME = join(root, "state")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #279772fa82e67ee6 Environment-variable access.
repo/packages/desktop/src/main/index.ts:308
    const fromEnv = process.env.OPENCODE_PORT

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b67ea9e590d4e436 Filesystem access.
repo/packages/desktop/src/main/logging.ts:93
    const contents = readFileSync(path, "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #39b224c0f53e8707 Environment-variable access.
repo/packages/desktop/src/main/logging.ts:153
  const xdgData = process.env.XDG_DATA_HOME || join(homedir(), ".local", "share")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9d5ac2f5bee2a007 Filesystem access.
repo/packages/desktop/src/main/logging.ts:184
    const data = entry.data ?? readFileSync(entry.path!)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #718a28650d5f256a Filesystem access.
repo/packages/desktop/src/main/logging.ts:188
  writeFileSync(output, Buffer.from(await zip.arrayBuffer()))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #645ee6e6517bfe3e Environment-variable access.
repo/packages/desktop/src/main/migrate.ts:18
      return join(process.env.APPDATA ?? join(homedir(), "AppData", "Roaming"), id)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f2ecbefd203eeaa5 Environment-variable access.
repo/packages/desktop/src/main/migrate.ts:20
      return join(process.env.XDG_DATA_HOME ?? join(homedir(), ".local", "share"), id)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2fa8a250e0fc4961 Filesystem access.
repo/packages/desktop/src/main/migrate.ts:42
    data = JSON.parse(readFileSync(datPath, "utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3acbb5bc8855f8d0 Environment-variable access.
repo/packages/desktop/src/main/server.ts:51
    XDG_STATE_HOME: process.env.XDG_STATE_HOME ?? userDataPath,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0befda49ab3e0d15 Environment-variable access.
repo/packages/desktop/src/main/shell-env.ts:19
    return resolveUserShell(process.env.SHELL, userInfo().shell)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b36ec81119621b31 Environment-variable access.
repo/packages/desktop/src/main/shell-env.ts:21
    return resolveUserShell(process.env.SHELL, undefined)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d9556b8aa790e642 Environment-variable access.
repo/packages/desktop/src/main/sidecar.ts:87
    XDG_STATE_HOME: process.env.XDG_STATE_HOME ?? userDataPath,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #39e09d02347c9c44 Environment-variable access.
repo/packages/desktop/src/main/sidecar.ts:94
    const items = (process.env[key] ?? "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7e266ca2afb6b4a3 Environment-variable access.
repo/packages/desktop/src/main/sidecar.ts:104
    process.env[key] = items.join(",")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e874c8272ed77089 Filesystem access.
repo/packages/desktop/src/main/store-cleanup.test.ts:16
  await writeFile(join(root, name), value)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #da08b589a575e652 Filesystem access.
repo/packages/desktop/src/main/store-cleanup.ts:84
  const raw = await readFile(file, "utf8").catch(() => undefined)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1f0b281c756a2228 Environment-variable access.
repo/packages/desktop/src/main/windows.ts:292
  const devUrl = process.env.ELECTRON_RENDERER_URL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #53772606a2a81ae0 Environment-variable access.
repo/packages/desktop/src/main/windows.ts:455
  const devUrl = process.env.ELECTRON_RENDERER_URL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6d3a059c212aba11 Environment-variable access.
repo/packages/desktop/src/main/wsl/runtime.ts:389
  const root = process.env.SystemRoot ?? process.env.windir

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/console/function

npm first-party
high pii_flow production #9e0fa252fdd07bc6 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/function/src/auth.ts:112 · flow /tmp/closeopen-dazfq3g5/repo/packages/console/function/src/auth.ts:114 → /tmp/closeopen-dazfq3g5/repo/packages/console/function/src/auth.ts:112
          const emails = (await fetch("https://api.github.com/user/emails", {
            headers: {
              Authorization: `Bearer ${response.tokenset.access}`,
              "User-Agent": "opencode",
              Accept: "application/vnd.github+json",
            },
          }).then((x) => x.json())) as any

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #ea442e2e74cbb299 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/function/src/auth.ts:119 · flow /tmp/closeopen-dazfq3g5/repo/packages/console/function/src/auth.ts:121 → /tmp/closeopen-dazfq3g5/repo/packages/console/function/src/auth.ts:119
          const user = (await fetch("https://api.github.com/user", {
            headers: {
              Authorization: `Bearer ${response.tokenset.access}`,
              "User-Agent": "opencode",
              Accept: "application/vnd.github+json",
            },
          }).then((x) => x.json())) as any

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #92df2b8cbf489e2a User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/function/src/log-processor.ts:68 · flow /tmp/closeopen-dazfq3g5/repo/packages/console/function/src/log-processor.ts:72 → /tmp/closeopen-dazfq3g5/repo/packages/console/function/src/log-processor.ts:68
              fetch(lakeIngest.url, {
                method: "POST",
                headers: {
                  "Content-Type": "application/json",
                  Authorization: `Bearer ${lakeIngest.secret}`,
                },
                body: JSON.stringify({ events: events.map((event) => toLakeEvent(event.time, event.data)) }),
              }),

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 3 low-confidence finding(s)
low egress production #ab2c3f02ca94b197 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/console/function/src/auth.ts:112
          const emails = (await fetch("https://api.github.com/user/emails", {
            headers: {
              Authorization: `Bearer ${response.tokenset.access}`,
              "User-Agent": "opencode",
              Accept: "application/vnd.github+json",
            },
          }).then((x) => x.json())) as any

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #8544e75318840854 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/console/function/src/auth.ts:119
          const user = (await fetch("https://api.github.com/user", {
            headers: {
              Authorization: `Bearer ${response.tokenset.access}`,
              "User-Agent": "opencode",
              Accept: "application/vnd.github+json",
            },
          }).then((x) => x.json())) as any

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #92780f4a70e89b81 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/console/function/src/log-processor.ts:58
        fetch("https://api.honeycomb.io/1/batch/zen", {
          method: "POST",
          headers: {
            "Content-Type": "application/json",
            "X-Honeycomb-Team": Resource.HONEYCOMB_API_KEY.value,
          },
          body: JSON.stringify(events),
        }),

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

first-party (npm): packages/core

npm first-party
high pii_flow production #04c953f847a4683b User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/core/src/plugin/provider/openai.ts:122 · flow /tmp/closeopen-dazfq3g5/repo/packages/core/src/plugin/provider/openai.ts:125 → /tmp/closeopen-dazfq3g5/repo/packages/core/src/plugin/provider/openai.ts:122
                fetch(`${issuer}/api/accounts/deviceauth/token`, {
                  method: "POST",
                  headers: headers("application/json"),
                  body: JSON.stringify({ device_auth_id: device.device_auth_id, user_code: device.user_code }),
                  signal,
                }),

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #72290f1703505a21 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/core/src/session/compaction.ts:197 · flow /tmp/closeopen-dazfq3g5/repo/packages/core/src/session/compaction.ts:176 → /tmp/closeopen-dazfq3g5/repo/packages/core/src/session/compaction.ts:197
        LLM.request({
          model: input.model,
          messages: [Message.user(summaryPrompt)],
          tools: [],
          generation: { maxTokens: summaryOutput },
        }),

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 94 low-confidence finding(s)
low env_fs production #a41388927af24e2f Filesystem access.
repo/packages/core/script/fix-node-pty.ts:3
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f2e2e89e727497e4 Filesystem access.
repo/packages/core/script/migration.ts:4
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d7f13ea629016731 Environment-variable access.
repo/packages/core/src/database/database.ts:50
    process.env.OPENCODE_DISABLE_CHANNEL_DB === "1" ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6bdaee763f3757bf Environment-variable access.
repo/packages/core/src/database/database.ts:51
    process.env.OPENCODE_DISABLE_CHANNEL_DB === "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5a8830007d10b33e Filesystem access.
repo/packages/core/src/file-mutation.ts:112
          const current = yield* fs
            .readFile(input.target.canonical)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4c4e59b747f193e2 Filesystem access.
repo/packages/core/src/file-mutation.ts:130
              : fs.writeFile(input.target.canonical, input.content, { flag: "wx" })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #97a591f721620553 Filesystem access.
repo/packages/core/src/file-mutation.ts:147
          const current = yield* fs.readFile(input.target.canonical)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #55b54ea57ab560da Filesystem access.
repo/packages/core/src/file-mutation.ts:153
            : fs.writeFile(input.target.canonical, input.content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #11db301138b257e8 Filesystem access.
repo/packages/core/src/filesystem.ts:83
          content: yield* fs.readFile(target.real).pipe(Effect.orDie),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8f2facdda2dc2b82 Environment-variable access.
repo/packages/core/src/flag/flag.ts:4
  const value = process.env[key]?.toLowerCase()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6d9771639b1c7e4d Environment-variable access.
repo/packages/core/src/flag/flag.ts:8
const copy = process.env["OPENCODE_EXPERIMENTAL_DISABLE_COPY_ON_SELECT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a64a2f1147d3a699 Environment-variable access.
repo/packages/core/src/flag/flag.ts:9
const fff = process.env["OPENCODE_DISABLE_FFF"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7f8e27604ed471cf Environment-variable access.
repo/packages/core/src/flag/flag.ts:12
  return process.env[key] === undefined ? truthy("OPENCODE_EXPERIMENTAL") : truthy(key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9411df4405a2925e Environment-variable access.
repo/packages/core/src/flag/flag.ts:16
  OTEL_EXPORTER_OTLP_ENDPOINT: process.env["OTEL_EXPORTER_OTLP_ENDPOINT"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #203f47d2ae5c065e Environment-variable access.
repo/packages/core/src/flag/flag.ts:17
  OTEL_EXPORTER_OTLP_HEADERS: process.env["OTEL_EXPORTER_OTLP_HEADERS"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f71bfcfbbcb68b8e Environment-variable access.
repo/packages/core/src/flag/flag.ts:20
  OPENCODE_GIT_BASH_PATH: process.env["OPENCODE_GIT_BASH_PATH"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #083bcde5219dc253 Environment-variable access.
repo/packages/core/src/flag/flag.ts:21
  OPENCODE_CONFIG: process.env["OPENCODE_CONFIG"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e5cd2526dfbcb75d Environment-variable access.
repo/packages/core/src/flag/flag.ts:22
  OPENCODE_CONFIG_CONTENT: process.env["OPENCODE_CONFIG_CONTENT"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9f7e9876c1b0804d Environment-variable access.
repo/packages/core/src/flag/flag.ts:31
  OPENCODE_FAKE_VCS: process.env["OPENCODE_FAKE_VCS"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c8d0d152f25e063d Environment-variable access.
repo/packages/core/src/flag/flag.ts:32
  OPENCODE_SERVER_PASSWORD: process.env["OPENCODE_SERVER_PASSWORD"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d64f90d805d54b4a Environment-variable access.
repo/packages/core/src/flag/flag.ts:33
  OPENCODE_SERVER_USERNAME: process.env["OPENCODE_SERVER_USERNAME"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #03f1b5e908ac972d Environment-variable access.
repo/packages/core/src/flag/flag.ts:45
  OPENCODE_MODELS_URL: process.env["OPENCODE_MODELS_URL"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8e8155022ced3fc3 Environment-variable access.
repo/packages/core/src/flag/flag.ts:46
  OPENCODE_MODELS_PATH: process.env["OPENCODE_MODELS_PATH"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b74f009b2ce7a33d Environment-variable access.
repo/packages/core/src/flag/flag.ts:47
  OPENCODE_DB: process.env["OPENCODE_DB"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0c168ce7cb0810c7 Environment-variable access.
repo/packages/core/src/flag/flag.ts:49
  OPENCODE_WORKSPACE_ID: process.env["OPENCODE_WORKSPACE_ID"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ac771f7a4f84b987 Environment-variable access.
repo/packages/core/src/flag/flag.ts:61
    return process.env["OPENCODE_TUI_CONFIG"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fb02bd50770b7695 Environment-variable access.
repo/packages/core/src/flag/flag.ts:64
    return process.env["OPENCODE_CONFIG_DIR"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2bafae0a9c303afb Environment-variable access.
repo/packages/core/src/flag/flag.ts:70
    return process.env["OPENCODE_PERMISSION"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a53db52a65fa2fbe Environment-variable access.
repo/packages/core/src/flag/flag.ts:73
    return process.env["OPENCODE_PLUGIN_META_FILE"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #abafe00fc2eda2cd Environment-variable access.
repo/packages/core/src/flag/flag.ts:76
    return process.env["OPENCODE_CLIENT"] ?? "cli"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #81270619169f1f01 Filesystem access.
repo/packages/core/src/fs-util.ts:3
import { realpathSync } from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9676d9e2c73f4680 Filesystem access.
repo/packages/core/src/fs-util.ts:4
import * as NFS from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fdf4c4ce152bc6b9 Filesystem access.
repo/packages/core/src/global.ts:2
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #edea1d539307c970 Environment-variable access.
repo/packages/core/src/global.ts:19
    return process.env.OPENCODE_TEST_HOME ?? os.homedir()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3b7c21ac72108b86 Environment-variable access.
repo/packages/core/src/integration.ts:298
        .flatMap((method) => method.names.filter((name) => process.env[name]))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a55d78b21c0189ae Environment-variable access.
repo/packages/core/src/integration.ts:387
            const key = process.env[connection.name]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e4d7b5c2b9839eef Environment-variable access.
repo/packages/core/src/observability/logging.ts:57
  const value = process.env.OPENCODE_LOG_LEVEL?.toUpperCase()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c4d9c4971a0dd6bc Environment-variable access.
repo/packages/core/src/observability/logging.ts:68
  return process.env.OPENCODE_PRINT_LOGS === "1" ? [fileLogger(), stderrLogger] : [fileLogger()]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5bcf9b35358ed194 Environment-variable access.
repo/packages/core/src/observability/otlp.ts:21
  const value = process.env.OTEL_RESOURCE_ATTRIBUTES

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3c2b776705fc8b6b Environment-variable access.
repo/packages/core/src/plugin/provider/amazon-bedrock.ts:85
        const profile = typeof options.profile === "string" ? options.profile : process.env.AWS_PROFILE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f34a0d3172a593ab Environment-variable access.
repo/packages/core/src/plugin/provider/amazon-bedrock.ts:86
        const region = typeof options.region === "string" ? options.region : (process.env.AWS_REGION ?? "us-east-1")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #59151de82d0b8d91 Environment-variable access.
repo/packages/core/src/plugin/provider/amazon-bedrock.ts:88
          process.env.AWS_BEARER_TOKEN_BEDROCK ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #33dc957eba3d17ad Environment-variable access.
repo/packages/core/src/plugin/provider/amazon-bedrock.ts:90
        if (bearerToken && !process.env.AWS_BEARER_TOKEN_BEDROCK) process.env.AWS_BEARER_TOKEN_BEDROCK = bearerToken

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dd08544e4712acd7 Environment-variable access.
repo/packages/core/src/plugin/provider/amazon-bedrock.ts:92
          process.env.AWS_CONTAINER_CREDENTIALS_RELATIVE_URI || process.env.AWS_CONTAINER_CREDENTIALS_FULL_URI,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5e2014b49cae6ba7 Environment-variable access.
repo/packages/core/src/plugin/provider/amazon-bedrock.ts:121
        const region = typeof evt.options.region === "string" ? evt.options.region : process.env.AWS_REGION

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #92e4cd57b6f57ba9 Environment-variable access.
repo/packages/core/src/plugin/provider/azure.ts:23
            typeof configured === "string" && configured.trim() !== "" ? configured : process.env.AZURE_RESOURCE_NAME

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e52ce6cf98a51c95 Environment-variable access.
repo/packages/core/src/plugin/provider/azure.ts:63
        const resourceName = process.env.AZURE_COGNITIVE_SERVICES_RESOURCE_NAME

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3639ab8726046fba Environment-variable access.
repo/packages/core/src/plugin/provider/cloudflare-ai-gateway.ts:47
  const accountId = process.env.CLOUDFLARE_ACCOUNT_ID ?? stringOption(options, "accountId")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e9db4e5acb24d2d4 Environment-variable access.
repo/packages/core/src/plugin/provider/cloudflare-ai-gateway.ts:51
    process.env.CLOUDFLARE_GATEWAY_ID ?? stringOption(options, "gatewayId") ?? stringOption(options, "gateway")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a22f5f5d675a01fe Environment-variable access.
repo/packages/core/src/plugin/provider/cloudflare-ai-gateway.ts:52
  const apiKey = process.env.CLOUDFLARE_API_TOKEN ?? process.env.CF_AIG_TOKEN ?? stringOption(options, "apiKey")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fac86d6716a2361f Environment-variable access.
repo/packages/core/src/plugin/provider/cloudflare-workers-ai.ts:50
  return process.env.CLOUDFLARE_ACCOUNT_ID ?? stringOption(options, "accountId")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #82a631bf42e86e9f Environment-variable access.
repo/packages/core/src/plugin/provider/cloudflare-workers-ai.ts:65
    apiKey: process.env.CLOUDFLARE_API_KEY ?? options.apiKey,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bfcee0c582a6120b Environment-variable access.
repo/packages/core/src/plugin/provider/cloudflare-workers-ai.ts:76
  return baseURL.replaceAll("${CLOUDFLARE_ACCOUNT_ID}", process.env.CLOUDFLARE_ACCOUNT_ID ?? "${CLOUDFLARE_ACCOUNT_ID}")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3cc6d7ae48abf892 Environment-variable access.
repo/packages/core/src/plugin/provider/gitlab.ts:19
              : (process.env.GITLAB_INSTANCE_URL ?? "https://gitlab.com"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ce0307ea0a555814 Environment-variable access.
repo/packages/core/src/plugin/provider/gitlab.ts:20
          apiKey: typeof evt.options.apiKey === "string" ? evt.options.apiKey : process.env.GITLAB_TOKEN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9641684b8ef2911c Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:10
    process.env.GOOGLE_VERTEX_PROJECT ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bf52f3ad2acdb95b Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:11
    process.env.GOOGLE_CLOUD_PROJECT ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c4e728948db4d7a9 Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:12
    process.env.GCP_PROJECT ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bcc67e8fa5d76eb3 Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:13
    process.env.GCLOUD_PROJECT

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f68244a9d6418312 Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:20
    process.env.GOOGLE_VERTEX_LOCATION ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7291de7dc4b96b71 Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:21
    process.env.GOOGLE_CLOUD_LOCATION ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5a3568b02b81a06c Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:22
    process.env.VERTEX_LOCATION ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #287a3bed5e4e40cf Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:125
            process.env.GOOGLE_CLOUD_PROJECT ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0d441c4c7a9acc82 Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:126
            process.env.GCP_PROJECT ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c224def0dce7d291 Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:127
            process.env.GCLOUD_PROJECT

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5b0390bee4cdefd3 Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:130
            process.env.GOOGLE_CLOUD_LOCATION ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d2e6c1e7bee81ce9 Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:131
            process.env.VERTEX_LOCATION ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f3acc8d3ed53eb1c Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:147
            : (process.env.GOOGLE_CLOUD_PROJECT ?? process.env.GCP_PROJECT ?? process.env.GCLOUD_PROJECT)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a461a596c3f766df Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:151
            : (process.env.GOOGLE_CLOUD_LOCATION ?? process.env.VERTEX_LOCATION ?? "global")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #ff640c4192738a1a Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/core/src/plugin/provider/openai.ts:122
                fetch(`${issuer}/api/accounts/deviceauth/token`, {
                  method: "POST",
                  headers: headers("application/json"),
                  body: JSON.stringify({ device_auth_id: device.device_auth_id, user_code: device.user_code }),
                  signal,
                }),

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #f1f9678c1edf8ef0 Environment-variable access.
repo/packages/core/src/plugin/provider/opencode.ts:167
      const hasKey = Boolean(process.env.OPENCODE_API_KEY || connected || item.provider.request.body.apiKey)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #648202a3f5c982b7 Environment-variable access.
repo/packages/core/src/plugin/provider/sap-ai-core.ts:15
          process.env.AICORE_SERVICE_KEY ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d950736e83c9805c Environment-variable access.
repo/packages/core/src/plugin/provider/sap-ai-core.ts:17
        if (serviceKey && !process.env.AICORE_SERVICE_KEY) process.env.AICORE_SERVICE_KEY = serviceKey

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fb5e4b8fc7595167 Environment-variable access.
repo/packages/core/src/plugin/provider/sap-ai-core.ts:34
            ? { deploymentId: process.env.AICORE_DEPLOYMENT_ID, resourceGroup: process.env.AICORE_RESOURCE_GROUP }

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0b6b6e76acd8cb8e Environment-variable access.
repo/packages/core/src/plugin/provider/snowflake-cortex.ts:74
          process.env.SNOWFLAKE_CORTEX_TOKEN ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8b36fb920425f91e Environment-variable access.
repo/packages/core/src/plugin/provider/snowflake-cortex.ts:75
          process.env.SNOWFLAKE_CORTEX_PAT ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d6ac014ebad3f33b Environment-variable access.
repo/packages/core/src/repository.ts:169
  const base = process.env.OPENCODE_REPO_CLONE_GITHUB_BASE_URL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0c0b80d4e49e5e83 Filesystem access.
repo/packages/core/src/shell.ts:5
import { readFile } from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #becccb2b928c6c99 Filesystem access.
repo/packages/core/src/shell.ts:6
import { statSync } from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ca50f3a33129be50 Environment-variable access.
repo/packages/core/src/shell.ts:101
      [which("pwsh"), which("powershell"), gitbash(), process.env.COMSPEC || "cmd.exe"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #45be702f1bdbef51 Filesystem access.
repo/packages/core/src/shell.ts:109
  const text = await readFile("/etc/shells", "utf8").catch(() => "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c2f623ccedc7bbe0 Environment-variable access.
repo/packages/core/src/shell.ts:207
  defaultPreferred ??= select(process.env.SHELL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2d08b88900e7697a Environment-variable access.
repo/packages/core/src/shell.ts:216
  defaultAcceptable ??= select(process.env.SHELL, { acceptable: true })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e7491cd31559339a Filesystem access.
repo/packages/core/src/tool/apply-patch.ts:139
                    const source = yield* fs.readFile(target.canonical)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d5070361866d986c Environment-variable access.
repo/packages/core/src/tool/bash.ts:49
const defaultShell = () => (process.platform === "win32" ? (process.env.COMSPEC ?? "cmd.exe") : "/bin/sh")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fa327e2260b4edd6 Filesystem access.
repo/packages/core/src/tool/edit.ts:161
                const source = decodeUtf8(yield* unableToEdit(fs.readFile(target.canonical)))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6a73cbd21dc81876 Environment-variable access.
repo/packages/core/src/tool/websearch.ts:76
      process.env.OPENCODE_WEBSEARCH_PROVIDER === "exa" || process.env.OPENCODE_WEBSEARCH_PROVIDER === "parallel"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #476b6c437fe6e94a Environment-variable access.
repo/packages/core/src/tool/websearch.ts:77
        ? process.env.OPENCODE_WEBSEARCH_PROVIDER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f54a8dba731f62fd Environment-variable access.
repo/packages/core/src/tool/websearch.ts:81
    exaApiKey: process.env.EXA_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b00ff9f2418afd61 Environment-variable access.
repo/packages/core/src/tool/websearch.ts:82
    parallelApiKey: process.env.PARALLEL_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #daaedfe48cef6494 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/core/src/tool/websearch.ts:147
  const url = new URL(EXA_URL)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #415e5484578a56a8 Filesystem access.
repo/packages/core/src/util/flock.ts:4
import { mkdir, readFile, rm, stat, utimes, writeFile } from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6f120d1007e0ee09 Environment-variable access.
repo/packages/core/src/util/which.ts:6
  const base = env?.PATH ?? env?.Path ?? process.env.PATH ?? process.env.Path ?? ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e58b0a1688767925 Environment-variable access.
repo/packages/core/src/util/which.ts:11
    pathExt: env?.PATHEXT ?? env?.PathExt ?? process.env.PATHEXT ?? process.env.PathExt,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/ui

npm first-party
high pii_flow production #544183b547ab892f User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/ui/vite.config.ts:49 · flow /tmp/closeopen-dazfq3g5/repo/packages/ui/vite.config.ts:48 → /tmp/closeopen-dazfq3g5/repo/packages/ui/vite.config.ts:49
  const providers = await fetch(`${url}/api.json`)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #6e7310893069654e User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/ui/vite.config.ts:54 · flow /tmp/closeopen-dazfq3g5/repo/packages/ui/vite.config.ts:48 → /tmp/closeopen-dazfq3g5/repo/packages/ui/vite.config.ts:54
      fetch(`${url}/logos/${provider}.svg`)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 3 low-confidence finding(s)
low env_fs production #226118e05c7334d9 Filesystem access.
repo/packages/ui/vite.config.ts:4
import fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ffef671e7070e43e Environment-variable access.
repo/packages/ui/vite.config.ts:48
  const url = process.env.OPENCODE_MODELS_URL || "https://models.dev"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ae456f2c7ddd6f75 Filesystem access.
repo/packages/ui/vite.config.ts:56
        .then((svg) => fs.writeFileSync(`./src/assets/icons/provider/${provider}.svg`, svg)),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/cli

npm first-party
high pii_flow production #e71e2f440d8d1463 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/cli/script/generate.ts:5 · flow /tmp/closeopen-dazfq3g5/repo/packages/cli/script/generate.ts:1 → /tmp/closeopen-dazfq3g5/repo/packages/cli/script/generate.ts:5
  : await fetch(`${modelsUrl}/api.json`).then((response) => response.text())

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 8 low-confidence finding(s)
low env_fs production #e9c189e3c5075cf5 Filesystem access.
repo/packages/cli/bin/lildax.cjs:4
const fs = require("fs")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7c32c78380bec33e Environment-variable access.
repo/packages/cli/bin/lildax.cjs:32
const envPath = process.env.OPENCODE_BIN_PATH

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #61ecd2cc0595eca1 Filesystem access.
repo/packages/cli/bin/lildax.cjs:44
      return /(^|\s)avx2(\s|$)/i.test(fs.readFileSync("/proc/cpuinfo", "utf8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #98e44d1c5212a4f2 Filesystem access.
repo/packages/cli/script/build.ts:4
import fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d5a554d9179c25ac Filesystem access.
repo/packages/cli/script/build.ts:5
import { rm } from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5c1e5b9cd891300c Environment-variable access.
repo/packages/cli/script/generate.ts:1
const modelsUrl = process.env.OPENCODE_MODELS_URL || "https://models.dev"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c0c3f6fa9c2e07b1 Environment-variable access.
repo/packages/cli/script/generate.ts:3
export const modelsData = process.env.MODELS_DEV_API_JSON

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #82b372d9aefc6348 Environment-variable access.
repo/packages/cli/script/generate.ts:4
  ? await Bun.file(process.env.MODELS_DEV_API_JSON).text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/stats/app

npm first-party
high pii_flow production #9d1525bc4d433e3c User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/stats/app/src/routes/api/newsletter.ts:17 · flow /tmp/closeopen-dazfq3g5/repo/packages/stats/app/src/routes/api/newsletter.ts:20 → /tmp/closeopen-dazfq3g5/repo/packages/stats/app/src/routes/api/newsletter.ts:17
  const response = await fetch(`https://api.emailoctopus.com/lists/${listId}/contacts`, {
    method: "PUT",
    headers: {
      Authorization: `Bearer ${Resource.EMAILOCTOPUS_API_KEY.value}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      email_address: emailAddress.trim(),
    }),
  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 1 low-confidence finding(s)
low egress production #12484b1b54ea7f98 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/stats/app/src/routes/api/newsletter.ts:17
  const response = await fetch(`https://api.emailoctopus.com/lists/${listId}/contacts`, {
    method: "PUT",
    headers: {
      Authorization: `Bearer ${Resource.EMAILOCTOPUS_API_KEY.value}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      email_address: emailAddress.trim(),
    }),
  })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

first-party (npm): packages/app

npm first-party
medium telemetry production #c1e3e42b5a82d976 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/app/src/app.tsx:2
import * as Sentry from "@sentry/solid"

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #dd689515e1195c02 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/app/src/entry.tsx:3
import * as Sentry from "@sentry/solid"

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #daa50768f8ef18ce Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/app/src/pages/error.tsx:2
import * as Sentry from "@sentry/solid"

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #e591be29d7f7b02c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/app/vite.config.ts:1
import { sentryVitePlugin } from "@sentry/vite-plugin"

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 62 low-confidence finding(s)
low env_fs production #e7f4dfd9aa1d46b7 Environment-variable access.
repo/packages/app/e2e/performance/benchmark.ts:32
          runID: process.env.OPENCODE_PERFORMANCE_RUN_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7b6a305f543e5378 Environment-variable access.
repo/packages/app/e2e/performance/benchmark.ts:125
      runID: process.env.OPENCODE_PERFORMANCE_RUN_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #97e18d87b8f6d84c Environment-variable access.
repo/packages/app/e2e/performance/benchmark.ts:133
        selectorTrace: process.env.OPENCODE_PERFORMANCE_SELECTOR_TRACE === "1",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #66cf76fc914b8bd6 Environment-variable access.
repo/packages/app/e2e/performance/chrome-trace.ts:22
  const directory = process.env.OPENCODE_PERFORMANCE_TRACE_DIR

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cba2ada670988cc5 Environment-variable access.
repo/packages/app/e2e/performance/chrome-trace.ts:25
  const selectors = process.env.OPENCODE_PERFORMANCE_SELECTOR_TRACE === "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #325f3c6ebec1671c Environment-variable access.
repo/packages/app/e2e/performance/chrome-trace.ts:76
  const run = process.env.OPENCODE_PERFORMANCE_RUN_ID ?? "manual"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #72dd40e01fb999a6 Environment-variable access.
repo/packages/app/e2e/performance/playwright.config.ts:3
const port = Number(process.env.PLAYWRIGHT_PORT ?? 3000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d9fc0f5f485fdd6d Environment-variable access.
repo/packages/app/e2e/performance/playwright.config.ts:4
process.env.PLAYWRIGHT_SERVER_PORT = String(port)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #95cfad0bcce01e86 Environment-variable access.
repo/packages/app/e2e/performance/playwright.config.ts:5
process.env.OPENCODE_PERFORMANCE_RUN_ID ??= `${new Date().toISOString().replace(/[:.]/g, "-")}-${process.pid}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #945dd8a9d6f1fc1e Environment-variable access.
repo/packages/app/e2e/performance/timeline-stability/fixture.ts:113
    server: `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a00d8352126ef103 Environment-variable access.
repo/packages/app/e2e/performance/timeline/review-pane-scaling-benchmark.spec.ts:10
const completionTimeoutMs = Number(process.env.REVIEW_PANE_COMPLETION_TIMEOUT_MS ?? 900_000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #411e8ff3e519005d Environment-variable access.
repo/packages/app/e2e/performance/timeline/review-pane-scaling-benchmark.spec.ts:44
        const patchByteLimit = Number(process.env.REVIEW_PANE_PATCH_BYTE_LIMIT ?? Number.POSITIVE_INFINITY)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #22fc69e305451d04 Environment-variable access.
repo/packages/app/e2e/performance/timeline/review-pane-scaling-benchmark.spec.ts:46
          throw new Error(`Invalid REVIEW_PANE_PATCH_BYTE_LIMIT: ${process.env.REVIEW_PANE_PATCH_BYTE_LIMIT}`)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9b04bc9dbfc5fed1 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-parent-hydration-benchmark.spec.ts:11
const mode = process.env.SESSION_PARENT_HYDRATION_BENCHMARK_MODE ?? "natural"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dce203ea35dac6ca Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-tab-switch-benchmark.spec.ts:33
    const runs = Number(process.env.SESSION_TAB_SWITCH_RUNS ?? 5)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d3ef6f761c284734 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:43
    benchmark.setTimeout(Number(process.env.TIMELINE_COMPLETION_TIMEOUT_MS ?? 420_000) + 60_000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ce579fdb60e68a90 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:49
    benchmark.setTimeout(Number(process.env.TIMELINE_COMPLETION_TIMEOUT_MS ?? 420_000) + 60_000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9010920a73526dda Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:55
    benchmark.setTimeout(Number(process.env.TIMELINE_COMPLETION_TIMEOUT_MS ?? 420_000) + 60_000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d0219d53866d6342 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:61
    benchmark.setTimeout(Number(process.env.TIMELINE_COMPLETION_TIMEOUT_MS ?? 420_000) + 60_000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c7c25028616552a7 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:70
    const historyTurns = Number(process.env.REVIEW_PANE_HISTORY_TURNS ?? 72)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #55621aa9e5d80c50 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:103
  const completionTimeoutMs = Number(process.env.TIMELINE_COMPLETION_TIMEOUT_MS ?? 420_000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fd85978e9609c208 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:104
  const cpuThrottle = Number(process.env.TIMELINE_CPU_THROTTLE ?? 30)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fcac996da40eb206 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:105
  const deltaCount = Number(process.env.TIMELINE_DELTA_COUNT ?? 160)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1bb08d8c1a8e25bb Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:106
  const historyTurns = Number(process.env.TIMELINE_HISTORY_TURNS ?? 320)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7a8ead7ea6fab643 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:107
  const eventBatch = Number(process.env.TIMELINE_EVENT_BATCH ?? 1)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ad2a65a3e5d03b90 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:108
  const minimal = process.env.TIMELINE_MINIMAL === "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9c5e6973ac446206 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:109
  const profileCPU = process.env.TIMELINE_CPU_PROFILE === "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e5330b232bfac912 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:110
  const profileVisual = !minimal && profileCPU && process.env.TIMELINE_VISUAL_PROFILE !== "0"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6f850f60072c623f Environment-variable access.
repo/packages/app/e2e/performance/timeline/timeline-test-helpers.ts:83
  return `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6f7fb44ac10c9803 Environment-variable access.
repo/packages/app/e2e/performance/timeline/timeline-test-helpers.ts:87
  return Array.from({ length: Number(process.env.REVIEW_PANE_DIFF_COUNT ?? 72) }, (_, index) => {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3707d5bc8a221f03 Environment-variable access.
repo/packages/app/e2e/regression/new-session-panel-corner.spec.ts:7
const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c0a652e6d999a322 Environment-variable access.
repo/packages/app/e2e/regression/review-tab-switch.spec.ts:12
const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d9501dbe42eb6ce9 Environment-variable access.
repo/packages/app/e2e/regression/session-timeline-history-root.spec.ts:56
      server: `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #027d58f21e6e43e2 Environment-variable access.
repo/packages/app/e2e/regression/session-todo-dock-navigation.spec.ts:136
  const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e227bbdd6a32f79f Environment-variable access.
repo/packages/app/e2e/regression/session-todo-dock-navigation.spec.ts:157
  const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #03317b97cef628ec Environment-variable access.
repo/packages/app/e2e/regression/subagent-child-navigation.spec.ts:78
    (url) => url.pathname === "/session" && url.port === (process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cdba344369f066fb Environment-variable access.
repo/packages/app/e2e/regression/subagent-child-navigation.spec.ts:180
  const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #de91c368838a16a9 Environment-variable access.
repo/packages/app/e2e/regression/subagent-child-navigation.spec.ts:198
  const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #21d8cf74f1733061 Environment-variable access.
repo/packages/app/e2e/regression/terminal-tab-switch.spec.ts:13
const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d34dc26b1eaabbb4 Environment-variable access.
repo/packages/app/e2e/utils/mock-server.ts:49
    const targetPort = process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1126baf97e9462fb Environment-variable access.
repo/packages/app/e2e/utils/mock-server.ts:51
      process.env.PLAYWRIGHT_BASE_URL ?? `http://127.0.0.1:${process.env.PLAYWRIGHT_PORT ?? "3000"}`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2dae7102cebb606e Environment-variable access.
repo/packages/app/e2e/utils/visual-stability/capture.ts:13
  if (process.env.OPENCODE_STABILITY_CAPTURE !== "1") return

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0cb89ee535691bdd Filesystem access.
repo/packages/app/e2e/utils/visual-stability/reporter.ts:19
  await writeFile(tracePath, JSON.stringify(trace, null, 2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a12d05d00301990e Filesystem access.
repo/packages/app/e2e/utils/visual-stability/reporter.ts:20
  await writeFile(
    issuesPath,
    JSON.stringify({ issues, markers: result.markers, capturedFrameCount: result.frames.length }, null, 2),
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b621eab717c03070 Environment-variable access.
repo/packages/app/playwright.config.ts:3
const port = Number(process.env.PLAYWRIGHT_PORT ?? 3000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3121247600072eb3 Environment-variable access.
repo/packages/app/playwright.config.ts:4
const baseURL = process.env.PLAYWRIGHT_BASE_URL ?? `http://127.0.0.1:${port}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4fd4a5c977fbc2f9 Environment-variable access.
repo/packages/app/playwright.config.ts:5
const serverHost = process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #05489e2065a87bd5 Environment-variable access.
repo/packages/app/playwright.config.ts:6
const serverPort = process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b2fa765d47faf604 Environment-variable access.
repo/packages/app/playwright.config.ts:8
const reuse = !process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ab70aea7329443f1 Environment-variable access.
repo/packages/app/playwright.config.ts:9
const workers = Number(process.env.PLAYWRIGHT_WORKERS ?? (process.env.CI ? 5 : 0)) || undefined

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #13800b0dd04227fe Environment-variable access.
repo/packages/app/playwright.config.ts:12
  testIgnore: process.env.OPENCODE_PERFORMANCE === "1" ? "performance/**/*.test.ts" : "performance/**",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ad0d14a67c10a937 Environment-variable access.
repo/packages/app/playwright.config.ts:18
  fullyParallel: process.env.PLAYWRIGHT_FULLY_PARALLEL === "1",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d518979197dde5df Environment-variable access.
repo/packages/app/playwright.config.ts:19
  forbidOnly: !!process.env.CI,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #01454890d633ac55 Environment-variable access.
repo/packages/app/playwright.config.ts:20
  retries: process.env.CI ? 2 : 0,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #42e407cba3c367aa Environment-variable access.
repo/packages/app/vite.config.ts:6
  process.env.SENTRY_AUTH_TOKEN && process.env.SENTRY_ORG && process.env.SENTRY_PROJECT

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #78bf49d77206d30e Environment-variable access.
repo/packages/app/vite.config.ts:8
        authToken: process.env.SENTRY_AUTH_TOKEN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c38406e5c16be335 Environment-variable access.
repo/packages/app/vite.config.ts:9
        org: process.env.SENTRY_ORG,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5e79a099b8b884f6 Environment-variable access.
repo/packages/app/vite.config.ts:10
        project: process.env.SENTRY_PROJECT,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d9a4c3ed9d3a1c22 Environment-variable access.
repo/packages/app/vite.config.ts:13
          name: process.env.SENTRY_RELEASE ?? process.env.VITE_SENTRY_RELEASE,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9123da8a4a168a77 Environment-variable access.
repo/packages/app/vite.js:9
  const raw = process.env.OPENCODE_CHANNEL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3edd4868f0562436 Environment-variable access.
repo/packages/app/vite.js:11
  if (process.env.OPENCODE_CHANNEL === "latest") return "prod"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9a749d3783c38399 Filesystem access.
repo/packages/app/vite.js:42
        `<script id="oc-theme-preload-script">${readFileSync(theme, "utf8")}</script>`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/session-ui

npm first-party
medium telemetry production #5e6030245b519575 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/session-ui/src/components/file.tsx:231
    if (bridge.track(event.buttons, hit.line)) return

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 1 low-confidence finding(s)
low env_fs production #572d1c78b3526911 Filesystem access.
repo/packages/session-ui/src/components/file-media.tsx:104
    void input.readFile(input.path).then(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/enterprise

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs production #ee46f77ec44ae292 Environment-variable access.
repo/packages/enterprise/vite.config.ts:7
  const target = process.env.OPENCODE_DEPLOYMENT_TARGET

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9e767462ff3fce02 Environment-variable access.
repo/packages/enterprise/vite.config.ts:26
      baseURL: process.env.OPENCODE_BASE_URL,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/function

npm first-party
expand_more 1 low-confidence finding(s)
low egress production #9b71580c4143ba7b Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/function/src/api.ts:271
    const JWKS = createRemoteJWKSet(new URL(JWKS_URL))

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

first-party (npm): packages/http-recorder

npm first-party
expand_more 4 low-confidence finding(s)
low env_fs production #b6e3b77138bc93e3 Filesystem access.
repo/packages/http-recorder/script/verify-package.ts:16
    await writeFile(
      path.join(directory, "package.json"),
      JSON.stringify({ name: "http-recorder-consumer", private: true, type: "module" }),
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4b4017dbd94663b7 Filesystem access.
repo/packages/http-recorder/script/verify-package.ts:20
    await writeFile(
      path.join(directory, "consumer.ts"),
      `import { HttpRecorder } from "@opencode-ai/http-recorder"
import { NodeSocket } from "@effect/platform-node"
import { Layer } from "effect"
import { HttpClient } from "effect/unstable/http"
import { Socket } from "effect/unstable/socket"

const options: HttpRecorder.RecorderOptions = { redact: { jsonFields: ["access_token"] } }
HttpRecorder.http("consumer", options) satisfies Layer.Layer<HttpClient.HttpClient>
HttpRecorder.socket("consumer/socket", options).pipe(
  Layer.provide(NodeSocket.layerWebSocket("wss://example.test")),
) satisfies Layer.Layer<Socket.Socket>
`,
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dddb7275d883018c Filesystem access.
repo/packages/http-recorder/script/verify-package.ts:35
    await writeFile(
      path.join(directory, "tsconfig.json"),
      JSON.stringify({
        compilerOptions: {
          target: "ES2022",
          module: "NodeNext",
          moduleResolution: "NodeNext",
          strict: true,
          noEmit: true,
          // Required by [email protected]: its schema.d.ts references an undeclared SchemaErrorTypeId.
          skipLibCheck: true,
          lib: ["ES2022", "DOM", "ESNext.Disposable"],
        },
        include: ["consumer.ts"],
      }),
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #80d4e2f9f6106faa Environment-variable access.
repo/packages/http-recorder/src/recorder.ts:7
  const value = process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/llm

npm first-party
expand_more 3 low-confidence finding(s)
low egress production #034e5cf35ca40ae6 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/llm/script/recording-cost-report.ts:219
const models = (await (await fetch(MODELS_DEV_URL)).json()) as JsonRecord

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #71e59af342984b1f Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/llm/script/setup-recording-env.ts:44
      HttpClientRequest.get("https://api.anthropic.com/v1/models").pipe(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #0bd270e8e0e1faef Environment-variable access.
repo/packages/llm/script/setup-recording-env.ts:290
  if (process.env[name]) return "shell"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/script

npm first-party
expand_more 5 low-confidence finding(s)
low env_fs production #cddd1f0ea02158f0 Environment-variable access.
repo/packages/script/src/index.ts:21
  OPENCODE_CHANNEL: process.env["OPENCODE_CHANNEL"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e515ec7a5cfa8ab3 Environment-variable access.
repo/packages/script/src/index.ts:22
  OPENCODE_BUMP: process.env["OPENCODE_BUMP"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #87a26b44fa1dcd80 Environment-variable access.
repo/packages/script/src/index.ts:23
  OPENCODE_VERSION: process.env["OPENCODE_VERSION"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1f03e2c488867d3d Environment-variable access.
repo/packages/script/src/index.ts:24
  OPENCODE_RELEASE: process.env["OPENCODE_RELEASE"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #e6dcc506f65484a6 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/script/src/index.ts:37
  const version = await fetch("https://registry.npmjs.org/opencode-ai/latest")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

first-party (npm): packages/server

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs production #7897de67612b5dba Environment-variable access.
repo/packages/server/src/auth.ts:53
  const password = credentials?.password ?? process.env.OPENCODE_SERVER_PASSWORD

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fda1814b1586da23 Environment-variable access.
repo/packages/server/src/auth.ts:56
  return `Basic ${Buffer.from(`${credentials?.username ?? process.env.OPENCODE_SERVER_USERNAME ?? "opencode"}:${password}`).toString("base64")}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/slack

npm first-party
expand_more 6 low-confidence finding(s)
low env_fs production #8905eb6b0c303b57 Environment-variable access.
repo/packages/slack/src/index.ts:5
  token: process.env.SLACK_BOT_TOKEN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c562cfdccc4655cd Environment-variable access.
repo/packages/slack/src/index.ts:6
  signingSecret: process.env.SLACK_SIGNING_SECRET,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d23209ef8f25d564 Environment-variable access.
repo/packages/slack/src/index.ts:8
  appToken: process.env.SLACK_APP_TOKEN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a36b57c1b7956162 Environment-variable access.
repo/packages/slack/src/index.ts:12
console.log("- Bot token present:", !!process.env.SLACK_BOT_TOKEN)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #98237702e1f6451e Environment-variable access.
repo/packages/slack/src/index.ts:13
console.log("- Signing secret present:", !!process.env.SLACK_SIGNING_SECRET)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e4b523f71713f9c0 Environment-variable access.
repo/packages/slack/src/index.ts:14
console.log("- App token present:", !!process.env.SLACK_APP_TOKEN)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/stats/core

npm first-party
expand_more 10 low-confidence finding(s)
low env_fs production #7e5f369af37e150e Environment-variable access.
repo/packages/stats/core/src/domain/home.ts:277
  return process.env.DATABASE_URL ?? Resource.StatsDatabase.url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #42655b004bcac861 Environment-variable access.
repo/packages/stats/core/src/ensure-unique-users.ts:32
    process.env.PLANETSCALE_HOST &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #344d4d8c63bc12fa Environment-variable access.
repo/packages/stats/core/src/ensure-unique-users.ts:33
    process.env.PLANETSCALE_USERNAME &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9146e4f660312e55 Environment-variable access.
repo/packages/stats/core/src/ensure-unique-users.ts:34
    process.env.PLANETSCALE_PASSWORD &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4f948c84a54f42c6 Environment-variable access.
repo/packages/stats/core/src/ensure-unique-users.ts:35
    process.env.PLANETSCALE_DATABASE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #81dcc75e2ecf34f3 Environment-variable access.
repo/packages/stats/core/src/ensure-unique-users.ts:37
    return `mysql://${encodeURIComponent(process.env.PLANETSCALE_USERNAME)}:${encodeURIComponent(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #72ee5a631e47397f Environment-variable access.
repo/packages/stats/core/src/ensure-unique-users.ts:38
      process.env.PLANETSCALE_PASSWORD,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c56d723952843911 Environment-variable access.
repo/packages/stats/core/src/ensure-unique-users.ts:39
    )}@${process.env.PLANETSCALE_HOST}/${process.env.PLANETSCALE_DATABASE}?ssl=${encodeURIComponent(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7a4449f28ba4cd6f Environment-variable access.
repo/packages/stats/core/src/ensure-unique-users.ts:43
  return process.env.DATABASE_URL ?? Resource.StatsDatabase.url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c2c4ef0f8d80a22e Environment-variable access.
repo/packages/stats/core/src/honeycomb-backfill.ts:944
    databaseUrl: flags.get("database-url")?.[0] ?? process.env.DATABASE_URL,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/storybook

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs production #607b60c2fda4b199 Filesystem access.
repo/packages/storybook/.storybook/playground-css-plugin.ts:117
              const content = fs.readFileSync(abs, "utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2f3575c1376ae38d Filesystem access.
repo/packages/storybook/.storybook/playground-css-plugin.ts:122
                fs.writeFileSync(abs, applied.content, "utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/tui

npm first-party
expand_more 27 low-confidence finding(s)
low env_fs production #40de2295b793374a Environment-variable access.
repo/packages/tui/src/app.tsx:267
                        multiplexer: process.env.TMUX ? "tmux" : process.env.STY ? "screen" : undefined,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #65cbe263dea36e82 Environment-variable access.
repo/packages/tui/src/app.tsx:268
                        displayServer: process.env.WAYLAND_DISPLAY

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b328dd387189872c Environment-variable access.
repo/packages/tui/src/app.tsx:270
                          : process.env.DISPLAY

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2fea1c561bfe383a Environment-variable access.
repo/packages/tui/src/app.tsx:277
                          initialRoute: process.env.OPENCODE_ROUTE ? JSON.parse(process.env.OPENCODE_ROUTE) : undefined,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ed5c6b431d35c30f Environment-variable access.
repo/packages/tui/src/app.tsx:278
                          skipInitialLoading: Boolean(process.env.OPENCODE_FAST_BOOT),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3d54d83ee7b2648b Filesystem access.
repo/packages/tui/src/audio.ts:28
  const task = readFile(file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dd5a758c7f0e3bdb Environment-variable access.
repo/packages/tui/src/clipboard.ts:26
  process.stdout.write(process.env.TMUX || process.env.STY ? `\x1bPtmux;\x1b${sequence}\x1b\\` : sequence)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ffb18d35e973baf4 Filesystem access.
repo/packages/tui/src/clipboard.ts:45
      return { data: (await readFile(file)).toString("base64"), mime: "image/png" }

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4ea6898f04ae6619 Environment-variable access.
repo/packages/tui/src/clipboard.ts:101
    const native = copyCommand(platform(), Boolean(process.env.WAYLAND_DISPLAY), (name) => Boolean(which(name)))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #f17917d1269ec514 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/tui/src/component/error-component.tsx:207
  const url = new URL("https://github.com/anomalyco/opencode/issues/new?template=bug-report.yml")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #e25ba5ca5332b439 Filesystem access.
repo/packages/tui/src/component/prompt/local-attachment.ts:17
      readText: (value) => readFile(value, "utf8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ef1fcaaa6126e99a Filesystem access.
repo/packages/tui/src/component/prompt/local-attachment.ts:18
      readBytes: (value) => readFile(value),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5844253581886401 Environment-variable access.
repo/packages/tui/src/context/editor.ts:117
    const value = process.env.CLAUDE_CODE_SSE_PORT || process.env.OPENCODE_EDITOR_SSE_PORT

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #52665587f6e46d86 Environment-variable access.
repo/packages/tui/src/context/editor.ts:121
    const zedTerminal = process.env.ZED_TERM === "true" || process.env.TERM_PROGRAM?.toLowerCase() === "zed"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c701cba227da878b Filesystem access.
repo/packages/tui/src/context/theme.tsx:57
      result[path.basename(file, ".json")] = JSON.parse(await readFile(file, "utf8")) as unknown

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b19c86fbdbc3f6c0 Filesystem access.
repo/packages/tui/src/editor-zed.ts:67
      : await readFileAsync(row.buffer_path, "utf8").catch(() => undefined)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e7628490c90aa627 Environment-variable access.
repo/packages/tui/src/editor-zed.ts:189
    process.env.OPENCODE_ZED_DB,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c40e3e0781933533 Environment-variable access.
repo/packages/tui/src/editor-zed.ts:198
  return process.env.ZED_TERM === "true" || process.env.TERM_PROGRAM?.toLowerCase() === "zed"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #11c06d277d9d120a Environment-variable access.
repo/packages/tui/src/editor.ts:27
  const editor = process.env.VISUAL || process.env.EDITOR

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a818ed266f839433 Filesystem access.
repo/packages/tui/src/editor.ts:30
  await writeFile(file, input.value)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1ce2812bed268f5d Filesystem access.
repo/packages/tui/src/editor.ts:47
    return (await readFile(file, "utf8")) || undefined

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #44969b8afaa65fd3 Filesystem access.
repo/packages/tui/src/editor.ts:71
          const value = JSON.parse(readFileSync(file, "utf8")) as Record<string, unknown>

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ca3c78336312bae0 Filesystem access.
repo/packages/tui/src/routes/session/index.tsx:183
    await writeFile(file, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e6c1612417c5dfc5 Filesystem access.
repo/packages/tui/src/util/persistence.ts:2
import { appendFile, mkdir, rename, rm } from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7719e7b6aa0093cc Environment-variable access.
repo/packages/tui/src/util/system.ts:16
  const program = process.env.TERM_PROGRAM || process.env.TERM || "unknown"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cfa0414f6aa43f4a Environment-variable access.
repo/packages/tui/src/util/system.ts:17
  const version = process.env.TERM_PROGRAM_VERSION ? ` ${process.env.TERM_PROGRAM_VERSION}` : ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0d26b92a31eb7fdf Environment-variable access.
repo/packages/tui/src/util/system.ts:18
  const multiplexer = process.env.TMUX ? " in tmux" : process.env.STY ? " in screen" : ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/web

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs production #94fc61b610950017 Environment-variable access.
repo/packages/web/config.mjs:1
const stage = process.env.SST_STAGE || "dev"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

</> Dependencies

@openauthjs/openauth

npm dependency
high pii_flow dependency Excluded from app score #676cd026af9a691b User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/@[email protected]/src/provider/oauth2.ts:193 · flow /tmp/closeopen-dazfq3g5/pkgs/npm/@[email protected]/src/provider/oauth2.ts:193 → /tmp/closeopen-dazfq3g5/pkgs/npm/@[email protected]/src/provider/oauth2.ts:193
        const json: any = await fetch(config.endpoint.token, {
          method: "POST",
          headers: {
            "Content-Type": "application/x-www-form-urlencoded",
            Accept: "application/json",
          },
          body: body.toString(),
        }).then((r) => r.json())

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 13 low-confidence finding(s)
low env_fs dependency Excluded from app score #6c8cf13eb17f64d8 Environment-variable access.
pkgs/npm/@[email protected]/src/client.ts:550
  const issuer = input.issuer || process.env.OPENAUTH_ISSUER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6af188165dd1a81e Environment-variable access.
pkgs/npm/@[email protected]/src/issuer.ts:491
  if (process.env.OPENAUTH_STORAGE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a19bafdd310adb27 Environment-variable access.
pkgs/npm/@[email protected]/src/issuer.ts:492
    const parsed = JSON.parse(process.env.OPENAUTH_STORAGE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #66edf2a177a5359f Environment-variable access.
pkgs/npm/@[email protected]/src/storage/aws.ts:31
  if (process.env.AWS_ACCESS_KEY_ID && process.env.AWS_SECRET_ACCESS_KEY) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #36f6c08fb49b2c7d Environment-variable access.
pkgs/npm/@[email protected]/src/storage/aws.ts:33
      accessKeyId: process.env.AWS_ACCESS_KEY_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #10c8234d57872f61 Environment-variable access.
pkgs/npm/@[email protected]/src/storage/aws.ts:34
      secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #33a4c5846040cba4 Environment-variable access.
pkgs/npm/@[email protected]/src/storage/aws.ts:35
      sessionToken: process.env.AWS_SESSION_TOKEN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2828768881cb760 Environment-variable access.
pkgs/npm/@[email protected]/src/storage/aws.ts:36
      region: process.env.AWS_REGION,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #92933ffecf0c3684 Environment-variable access.
pkgs/npm/@[email protected]/src/storage/aws.ts:40
  if (process.env.AWS_CONTAINER_CREDENTIALS_RELATIVE_URI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29152f7a3e4b6101 Environment-variable access.
pkgs/npm/@[email protected]/src/storage/aws.ts:43
        process.env.AWS_CONTAINER_CREDENTIALS_RELATIVE_URI,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #62f4b4b5bda9141f Environment-variable access.
pkgs/npm/@[email protected]/src/storage/aws.ts:49
      region: process.env.AWS_REGION,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db4274186ec6a137 Filesystem access.
pkgs/npm/@[email protected]/src/storage/memory.ts:59
      const file = readFileSync(input?.persist)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f9b7ae28343a2dc2 Filesystem access.
pkgs/npm/@[email protected]/src/storage/memory.ts:67
    await writeFile(input.persist, file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

ai

npm dependency
high pii_flow dependency Excluded from app score #5453ac91a57ba5ab User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/[email protected]/src/realtime/realtime-session.ts:110 · flow /tmp/closeopen-dazfq3g5/pkgs/npm/[email protected]/src/realtime/realtime-session.ts:110 → /tmp/closeopen-dazfq3g5/pkgs/npm/[email protected]/src/realtime/realtime-session.ts:110
      const response = await fetch(this.api.token, {
        method: 'POST',
        headers: { 'Content-Type': 'application/json' },
        body: JSON.stringify({ sessionConfig: this.sessionConfig }),
      });

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

@actions/core

npm dependency
expand_more 15 low-confidence finding(s)
low env_fs dependency Excluded from app score #504874284205fecc Environment-variable access.
pkgs/npm/@[email protected]/lib/core.js:67
    process.env[name] = convertedVal;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55f94719b3453d37 Environment-variable access.
pkgs/npm/@[email protected]/lib/core.js:68
    const filePath = process.env['GITHUB_ENV'] || '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e85ecd7d5036a797 Environment-variable access.
pkgs/npm/@[email protected]/lib/core.js:88
    const filePath = process.env['GITHUB_PATH'] || '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6a4fb3f600e6740d Environment-variable access.
pkgs/npm/@[email protected]/lib/core.js:95
    process.env['PATH'] = `${inputPath}${path.delimiter}${process.env['PATH']}`;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ddbe5062ac4b4bae Environment-variable access.
pkgs/npm/@[email protected]/lib/core.js:108
    const val = process.env[`INPUT_${name.replace(/ /g, '_').toUpperCase()}`] || '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b9779ffc074e13c5 Environment-variable access.
pkgs/npm/@[email protected]/lib/core.js:166
    const filePath = process.env['GITHUB_OUTPUT'] || '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #37ea5ff021256ddd Environment-variable access.
pkgs/npm/@[email protected]/lib/core.js:203
    return process.env['RUNNER_DEBUG'] === '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d04cead356dc3ec4 Environment-variable access.
pkgs/npm/@[email protected]/lib/core.js:300
    const filePath = process.env['GITHUB_STATE'] || '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e371a2ec0af3ec5f Environment-variable access.
pkgs/npm/@[email protected]/lib/core.js:314
    return process.env[`STATE_${name}`] || '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c7ebba647199da8a Filesystem access.
pkgs/npm/@[email protected]/lib/file-command.js:31
const fs = __importStar(require("fs"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d3d7d0cff9a2775c Environment-variable access.
pkgs/npm/@[email protected]/lib/file-command.js:35
    const filePath = process.env[`GITHUB_${command}`];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0f4c403c2e4aa9bf Environment-variable access.
pkgs/npm/@[email protected]/lib/oidc-utils.js:25
        const token = process.env['ACTIONS_ID_TOKEN_REQUEST_TOKEN'];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55c2be8458f8e807 Environment-variable access.
pkgs/npm/@[email protected]/lib/oidc-utils.js:32
        const runtimeUrl = process.env['ACTIONS_ID_TOKEN_REQUEST_URL'];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #475afa5c88a40856 Filesystem access.
pkgs/npm/@[email protected]/lib/summary.js:14
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d7bdfcfa632d997c Environment-variable access.
pkgs/npm/@[email protected]/lib/summary.js:33
            const pathFromEnv = process.env[exports.SUMMARY_ENV_VAR];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@actions/github

npm dependency
expand_more 21 low-confidence finding(s)
low env_fs dependency Excluded from app score #921427bff7694824 Filesystem access.
pkgs/npm/@[email protected]/lib/context.js:4
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df95b6103ad69662 Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:13
        if (process.env.GITHUB_EVENT_PATH) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9cad062973143e9b Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:14
            if ((0, fs_1.existsSync)(process.env.GITHUB_EVENT_PATH)) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3522d699ec6a1066 Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:15
                this.payload = JSON.parse((0, fs_1.readFileSync)(process.env.GITHUB_EVENT_PATH, { encoding: 'utf8' }));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8935e51a5a9f245b Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:18
                const path = process.env.GITHUB_EVENT_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #679003eefb5db5a2 Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:22
        this.eventName = process.env.GITHUB_EVENT_NAME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #707edd8c358c5e5b Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:23
        this.sha = process.env.GITHUB_SHA;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #18b15ad6e5f13cc8 Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:24
        this.ref = process.env.GITHUB_REF;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a79cc29009164797 Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:25
        this.workflow = process.env.GITHUB_WORKFLOW;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d77fc0cacae3281 Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:26
        this.action = process.env.GITHUB_ACTION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e1388f0a05b3a70 Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:27
        this.actor = process.env.GITHUB_ACTOR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #06eb3521b8d04530 Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:28
        this.job = process.env.GITHUB_JOB;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be845185f37fc535 Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:29
        this.runAttempt = parseInt(process.env.GITHUB_RUN_ATTEMPT, 10);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b1482346c5f0c739 Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:30
        this.runNumber = parseInt(process.env.GITHUB_RUN_NUMBER, 10);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #68babacf01779fc4 Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:31
        this.runId = parseInt(process.env.GITHUB_RUN_ID, 10);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d58334c93196c7e Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:32
        this.apiUrl = (_a = process.env.GITHUB_API_URL) !== null && _a !== void 0 ? _a : `https://api.github.com`;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d076953a732da1b Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:33
        this.serverUrl = (_b = process.env.GITHUB_SERVER_URL) !== null && _b !== void 0 ? _b : `https://github.com`;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #78674bd0c768d5cd Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:35
            (_c = process.env.GITHUB_GRAPHQL_URL) !== null && _c !== void 0 ? _c : `https://api.github.com/graphql`;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fa329b2de9706cd1 Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:42
        if (process.env.GITHUB_REPOSITORY) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d64b4ebd2558e95e Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:43
            const [owner, repo] = process.env.GITHUB_REPOSITORY.split('/');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #def436a18a574dec Environment-variable access.
pkgs/npm/@[email protected]/lib/internal/utils.js:67
    return process.env['GITHUB_API_URL'] || 'https://api.github.com';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@ai-sdk/google-vertex

npm dependency
expand_more 1 low-confidence finding(s)
low egress dependency Excluded from app score #35cbc145aa3f4e4d Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/@[email protected]/src/edge/google-vertex-auth-edge.ts:139
    const response = await fetch('https://oauth2.googleapis.com/token', {
      method: 'POST',
      headers: withUserAgentSuffix(
        { 'Content-Type': 'application/x-www-form-urlencoded' },
        `ai-sdk/google-vertex/${VERSION}`,
        getRuntimeEnvironmentUserAgent(),
      ),
      body: new URLSearchParams({
        grant_type: 'urn:ietf:params:oauth:grant-type:jwt-bearer',
        assertion: jwt,
      }),
    });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

@ai-sdk/togetherai

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #ebb767dd0a822afe Environment-variable access.
pkgs/npm/@[email protected]/src/togetherai-provider.ts:105
  if (typeof process.env.TOGETHER_API_KEY === 'string') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5c2c8a9026fea971 Environment-variable access.
pkgs/npm/@[email protected]/src/togetherai-provider.ts:108
  const key = process.env.TOGETHER_AI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@aws-sdk/credential-providers

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #27e5428a0104eef9 Environment-variable access.
pkgs/npm/@[email protected]/dist-cjs/fromTemporaryCredentials.js:8
    return (0, fromTemporaryCredentials_base_1.fromTemporaryCredentials)(options, fromNodeProviderChain_1.fromNodeProviderChain, async ({ profile = process.env.AWS_PROFILE }) => (0, config_1.loadConfig)({

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ec6e1b69fd8db61 Environment-variable access.
pkgs/npm/@[email protected]/dist-es/fromTemporaryCredentials.js:5
    return fromTemporaryCredentialsBase(options, fromNodeProviderChain, async ({ profile = process.env.AWS_PROFILE }) => loadConfig({

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@ff-labs/fff-bun

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs tooling Excluded from app score unknown #0b0c3dc1e1a673b7 Environment-variable access.
pkgs/npm/@[email protected]/examples/search.ts:171
  const nvimCache = process.env.XDG_CACHE_HOME || join(homedir(), ".cache", "nvim");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #d6a0b74461318b10 Environment-variable access.
pkgs/npm/@[email protected]/examples/search.ts:173
    process.env.XDG_DATA_HOME || join(homedir(), ".local", "share", "nvim");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@opentui/core

npm dependency
expand_more 37 low-confidence finding(s)
low env_fs dependency Excluded from app score #c18a4b37dd5b8006 Filesystem access.
pkgs/npm/@[email protected]/index-d5xqskty.js:714
  await writeFileNode(destinationPath, bytes, { mode: options?.mode });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a2f20b8498f8680 Filesystem access.
pkgs/npm/@[email protected]/index-d5xqskty.js:719
import { existsSync as existsSync3, writeFileSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f3326748b2f32067 Environment-variable access.
pkgs/npm/@[email protected]/index-d5xqskty.js:5935
  const envValue = process.env[config.name];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #758166483d672074 Filesystem access.
pkgs/npm/@[email protected]/index-d5xqskty.js:7917
import { existsSync as existsSync2 } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1019c3192c34666c Environment-variable access.
pkgs/npm/@[email protected]/index-d5xqskty.js:11808
  const libc = process.env.OPENTUI_LIBC;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee737d73f438553d Environment-variable access.
pkgs/npm/@[email protected]/index-d5xqskty.js:11823
      if (process.env.OPENTUI_LIBC === "musl") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1ed03b6b1e90292a Environment-variable access.
pkgs/npm/@[email protected]/index-d5xqskty.js:11830
      if (process.env.OPENTUI_LIBC === "musl") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d53f0b0cd4a1fa24 Filesystem access.
pkgs/npm/@[email protected]/index-d5xqskty.js:13284
      writeFileSync(logPath, msg + `
`, { flag: "a" });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ecf0f46f700bd490 Filesystem access.
pkgs/npm/@[email protected]/index-xt9f071j.js:5371
      fs.writeFileSync(filepath, content, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #294435398e0d4c74 Environment-variable access.
pkgs/npm/@[email protected]/index-xt9f071j.js:6658
  if (process.env.OTUI_USE_ALTERNATE_SCREEN !== undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aab19d5c4bd6ae0d Environment-variable access.
pkgs/npm/@[email protected]/index-xt9f071j.js:6663
  if (process.env.OTUI_OVERRIDE_STDOUT !== undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0786e4f90437967e Environment-variable access.
pkgs/npm/@[email protected]/index-xt9f071j.js:7208
      const value = process.env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c3fec72df6c74840 Filesystem access.
pkgs/npm/@[email protected]/index.js:2643
    const bytes = await readFile(filePath).catch((err) => {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab8bf6027b2ddf98 Filesystem access.
pkgs/npm/@[email protected]/lib/tree-sitter/update-assets.js:5
import { readFile as readFile2, writeFile as writeFile2, mkdir as mkdir2 } from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #891189556b1e788b Filesystem access.
pkgs/npm/@[email protected]/lib/tree-sitter/update-assets.js:9
import { mkdir, readFile, writeFile } from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e49cd0589342d3cd Filesystem access.
pkgs/npm/@[email protected]/lib/tree-sitter/update-assets.js:35
        const cachedContent = await readFile(cacheFile);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e15fb19e20735141 Filesystem access.
pkgs/npm/@[email protected]/lib/tree-sitter/update-assets.js:49
          await writeFile(cacheFile, Buffer.from(content));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8bda708e4f7403c6 Filesystem access.
pkgs/npm/@[email protected]/lib/tree-sitter/update-assets.js:61
        const content = await readFile(source);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #efbb8b0d54e73066 Filesystem access.
pkgs/npm/@[email protected]/lib/tree-sitter/update-assets.js:79
        await writeFile(targetPath, Buffer.from(content));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d0cccb921831ef19 Filesystem access.
pkgs/npm/@[email protected]/lib/tree-sitter/update-assets.js:88
        const content = await readFile(source);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #786bd0c3e5c0f4f7 Filesystem access.
pkgs/npm/@[email protected]/lib/tree-sitter/update-assets.js:89
        await writeFile(targetPath, Buffer.from(content));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #51f215283f787b2b Filesystem access.
pkgs/npm/@[email protected]/lib/tree-sitter/update-assets.js:118
import { readdir } from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #54141a7e877b942a Filesystem access.
pkgs/npm/@[email protected]/lib/tree-sitter/update-assets.js:142
    const configContent = await readFile2(resolvedConfigPath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #51a532266d3c8258 Filesystem access.
pkgs/npm/@[email protected]/lib/tree-sitter/update-assets.js:170
        const content = await readFile2(localPath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dc11c205702ed44b Filesystem access.
pkgs/npm/@[email protected]/lib/tree-sitter/update-assets.js:204
  await writeFile2(queryPath, combinedContent, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aa94d5817dc81e94 Filesystem access.
pkgs/npm/@[email protected]/lib/tree-sitter/update-assets.js:276
  await writeFile2(outputPath, fileContent, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca3ca93df66011d6 Filesystem access.
pkgs/npm/@[email protected]/parser.worker.js:44
import { mkdir as mkdir3 } from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d15eba7b1c6adbf7 Filesystem access.
pkgs/npm/@[email protected]/parser.worker.js:48
import { mkdir, readFile, writeFile } from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #967a1dfea0dd9e29 Filesystem access.
pkgs/npm/@[email protected]/parser.worker.js:74
        const cachedContent = await readFile(cacheFile);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #02c4ae7d372541aa Filesystem access.
pkgs/npm/@[email protected]/parser.worker.js:88
          await writeFile(cacheFile, Buffer.from(content));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0203a25bd005eb7d Filesystem access.
pkgs/npm/@[email protected]/parser.worker.js:100
        const content = await readFile(source);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5b6a87c7b5a8bc0c Filesystem access.
pkgs/npm/@[email protected]/parser.worker.js:118
        await writeFile(targetPath, Buffer.from(content));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2fb8c44a7aa20895 Filesystem access.
pkgs/npm/@[email protected]/parser.worker.js:127
        const content = await readFile(source);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5bb17e274fdf238f Filesystem access.
pkgs/npm/@[email protected]/parser.worker.js:128
        await writeFile(targetPath, Buffer.from(content));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #023f7f731f6aab11 Filesystem access.
pkgs/npm/@[email protected]/parser.worker.js:322
  await writeFileNode(destinationPath, bytes, { mode: options?.mode });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e3a9cd9dd23d0059 Filesystem access.
pkgs/npm/@[email protected]/runtime-plugin.js:113
                const packageJson = JSON.parse(readFileSync(packageJsonPath, "utf8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b6ea651e18bde59 Filesystem access.
pkgs/npm/@[email protected]/runtime-plugin.js:374
                    contents = readFileSync(normalizedPath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@opentui/solid

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #238ac5a2a8ea82ad Environment-variable access.
pkgs/npm/@[email protected]/index.bun.js:517
  if (process.env.DEBUG) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1946fe957d452a0d Environment-variable access.
pkgs/npm/@[email protected]/index.js:491
  if (process.env.DEBUG) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@parcel/watcher

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs tooling Excluded from app score unknown #2cc4fb2222b98512 Environment-variable access.
pkgs/npm/@[email protected]/scripts/build-from-source.js:5
if (process.env.npm_config_build_from_source === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@silvia-odwyer/photon-node

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #7892646ede5c628b Filesystem access.
pkgs/npm/@[email protected]/photon_rs.js:4513
const bytes = require('fs').readFileSync(path);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

chokidar

npm dependency
expand_more 14 low-confidence finding(s)
low env_fs dependency Excluded from app score #eb413cfd05f8abea Filesystem access.
pkgs/npm/[email protected]/esm/handler.d.ts:1
import type { WatchEventType, Stats, FSWatcher as NativeFsWatcher } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd79a23e27771479 Filesystem access.
pkgs/npm/[email protected]/esm/handler.js:1
import { watchFile, unwatchFile, watch as fs_watch } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1b17687d41e242d3 Filesystem access.
pkgs/npm/[email protected]/esm/handler.js:2
import { open, stat, lstat, realpath as fsrealpath } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9189c2ba336bbad7 Filesystem access.
pkgs/npm/[email protected]/esm/index.d.ts:2
import { Stats } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #90ad69e77223068c Filesystem access.
pkgs/npm/[email protected]/esm/index.js:2
import { stat as statcb } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6fd9fe39d44ac7b7 Filesystem access.
pkgs/npm/[email protected]/esm/index.js:3
import { stat, readdir } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4cd5e8e0ed30a4ba Environment-variable access.
pkgs/npm/[email protected]/esm/index.js:260
        const envPoll = process.env.CHOKIDAR_USEPOLLING;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ed73f1e6047d965 Environment-variable access.
pkgs/npm/[email protected]/esm/index.js:270
        const envInterval = process.env.CHOKIDAR_INTERVAL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #57ebc41c8e62ffe5 Filesystem access.
pkgs/npm/[email protected]/handler.d.ts:1
import type { WatchEventType, Stats, FSWatcher as NativeFsWatcher } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be1fb5bddb60e08c Filesystem access.
pkgs/npm/[email protected]/handler.js:4
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1b0a5ad9ded0dcc7 Filesystem access.
pkgs/npm/[email protected]/index.d.ts:2
import { Stats } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3537684bd3bfc357 Filesystem access.
pkgs/npm/[email protected]/index.js:6
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #78ec0bde2b2540c1 Environment-variable access.
pkgs/npm/[email protected]/index.js:265
        const envPoll = process.env.CHOKIDAR_USEPOLLING;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fd4d195d40055370 Environment-variable access.
pkgs/npm/[email protected]/index.js:275
        const envInterval = process.env.CHOKIDAR_INTERVAL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

cross-spawn

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #8c8317ac485f5c78 Environment-variable access.
pkgs/npm/[email protected]/lib/parse.js:58
        parsed.command = process.env.comspec || 'cmd.exe';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #37cb5706719f0a6f Filesystem access.
pkgs/npm/[email protected]/lib/util/readShebang.js:3
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

drizzle-orm

npm dependency
expand_more 4 low-confidence finding(s)
low env_fs dependency Excluded from app score #3904b458b918c429 Filesystem access.
pkgs/npm/[email protected]/migrator.cjs:43
  const journalAsString = import_node_fs.default.readFileSync(`${migrationFolderTo}/meta/_journal.json`).toString();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b743c44bd2f39747 Filesystem access.
pkgs/npm/[email protected]/migrator.cjs:48
      const query = import_node_fs.default.readFileSync(`${migrationFolderTo}/${journalEntry.tag}.sql`).toString();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ce2c3d816a03b49c Filesystem access.
pkgs/npm/[email protected]/migrator.js:10
  const journalAsString = fs.readFileSync(`${migrationFolderTo}/meta/_journal.json`).toString();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5d4f3ac4cf60dce Filesystem access.
pkgs/npm/[email protected]/migrator.js:15
      const query = fs.readFileSync(`${migrationFolderTo}/${journalEntry.tag}.sql`).toString();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

electron-context-menu

npm dependency
expand_more 1 low-confidence finding(s)
low egress dependency Excluded from app score #a83cb3e533ac7d42 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]/index.js:66
					const url = new URL('https://www.google.com/search');

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

electron-log

npm dependency
expand_more 18 low-confidence finding(s)
low env_fs dependency Excluded from app score #7b1d13acbe4dcf0c Filesystem access.
pkgs/npm/[email protected]/src/main/initialize.js:3
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b6a8c6bc8a862f0 Filesystem access.
pkgs/npm/[email protected]/src/main/initialize.js:81
    fs.writeFileSync(preloadPath, preloadCode, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #44d6cbbd6a025496 Environment-variable access.
pkgs/npm/[email protected]/src/node/NodeExternalApi.js:121
        return process.env.APPDATA || path.join(home, 'AppData/Roaming');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #881ba422559bb3e9 Environment-variable access.
pkgs/npm/[email protected]/src/node/NodeExternalApi.js:125
        return process.env.XDG_CONFIG_HOME || path.join(home, '.config');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e6c003afdd6eea7 Environment-variable access.
pkgs/npm/[email protected]/src/node/NodeExternalApi.js:131
    return os.homedir?.() || process.env.HOME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #24b39fd37b0f3725 Environment-variable access.
pkgs/npm/[email protected]/src/node/NodeExternalApi.js:147
    return process.env.NODE_ENV === 'development'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #993e86879047297a Environment-variable access.
pkgs/npm/[email protected]/src/node/NodeExternalApi.js:148
      || process.env.ELECTRON_IS_DEV === '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0cfd28665f8c2033 Filesystem access.
pkgs/npm/[email protected]/src/node/packageJson.js:3
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5a6c54c08ef3ea3c Filesystem access.
pkgs/npm/[email protected]/src/node/packageJson.js:39
    const json = JSON.parse(fs.readFileSync(fileName, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e166b371de6c2dfe Environment-variable access.
pkgs/npm/[email protected]/src/node/transports/console.js:56
    useStyles: process.env.FORCE_STYLES,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf5afc8b92591825 Filesystem access.
pkgs/npm/[email protected]/src/node/transports/file/File.js:4
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2fc44d49d348f6fe Filesystem access.
pkgs/npm/[email protected]/src/node/transports/file/File.js:34
      fs.writeFileSync(this.path, '', {
        mode: this.writeOptions.mode,
        flag: 'w',
      });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c8aba37e7c6fbac8 Filesystem access.
pkgs/npm/[email protected]/src/node/transports/file/File.js:96
    fs.writeFile(this.path, text, this.writeOptions, (e) => {
      file.hasActiveAsyncWriting = false;

      if (e) {
        file.emit(
          'error',
          new Error(`Couldn't write to ${file.path}. ${e.message}`),
          this,
        );
      } else {
        file.increaseBytesWrittenCounter(text);
      }

      file.nextAsyncWrite();
    });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e072d94bc487d387 Filesystem access.
pkgs/npm/[email protected]/src/node/transports/file/File.js:132
      fs.writeFileSync(this.path, text, this.writeOptions);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f6908015f1ff6036 Filesystem access.
pkgs/npm/[email protected]/src/node/transports/file/FileRegistry.js:4
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #85e9e2b40d92a691 Filesystem access.
pkgs/npm/[email protected]/src/node/transports/file/FileRegistry.js:72
    fs.writeFileSync(filePath, '', { flag: 'a', mode: writeOptions.mode });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af8198a75d3ab6d9 Filesystem access.
pkgs/npm/[email protected]/src/node/transports/file/index.js:3
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #94e0af51a39fe4f2 Filesystem access.
pkgs/npm/[email protected]/src/node/transports/file/index.js:149
            lines: fs.readFileSync(logPath, 'utf8').split(os.EOL),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

electron-updater

npm dependency
expand_more 15 low-confidence finding(s)
low env_fs dependency Excluded from app score #f9ed21131b6bcfd2 Environment-variable access.
pkgs/npm/[email protected]/out/AppAdapter.js:11
        result = process.env["LOCALAPPDATA"] || path.join(homedir, "AppData", "Local");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5c458745aa375f15 Environment-variable access.
pkgs/npm/[email protected]/out/AppAdapter.js:17
        result = process.env["XDG_CACHE_HOME"] || path.join(homedir, ".cache");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a7f96c40b690469 Filesystem access.
pkgs/npm/[email protected]/out/AppImageUpdater.js:7
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #31b5bb4bf155259b Environment-variable access.
pkgs/npm/[email protected]/out/AppImageUpdater.js:18
        if (process.env["APPIMAGE"] == null && !this.forceDevUpdateConfig) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #945739c39cc51d18 Environment-variable access.
pkgs/npm/[email protected]/out/AppImageUpdater.js:19
            if (process.env["SNAP"] == null) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9fad4efa5e798c2b Environment-variable access.
pkgs/npm/[email protected]/out/AppImageUpdater.js:38
                const oldFile = process.env["APPIMAGE"];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #50dd6c6f6b18983f Environment-variable access.
pkgs/npm/[email protected]/out/AppImageUpdater.js:73
        const appImageFile = process.env["APPIMAGE"];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b7a38bf40343f36 Filesystem access.
pkgs/npm/[email protected]/out/DownloadedUpdateHelper.js:6
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c644da42af4011d1 Environment-variable access.
pkgs/npm/[email protected]/out/LinuxUpdater.js:96
        const pmOverride = (_a = process.env.ELECTRON_BUILDER_LINUX_PACKAGE_MANAGER) === null || _a === void 0 ? void 0 : _a.trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d29745264c452397 Filesystem access.
pkgs/npm/[email protected]/out/MacUpdater.js:6
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2dfb4993fe84d095 Filesystem access.
pkgs/npm/[email protected]/out/differentialDownloader/DataSplitter.js:6
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #038a2dd42d0916f5 Filesystem access.
pkgs/npm/[email protected]/out/differentialDownloader/DifferentialDownloader.js:6
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7cc30ce1c31acf1d Environment-variable access.
pkgs/npm/[email protected]/out/differentialDownloader/downloadPlanBuilder.js:73
const isValidateOperationRange = process.env["DIFFERENTIAL_DOWNLOAD_PLAN_BUILDER_VALIDATE_RANGES"] === "true";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e0f4b3197bf16784 Environment-variable access.
pkgs/npm/[email protected]/out/providerFactory.js:24
            const token = (githubOptions.private ? process.env["GH_TOKEN"] || process.env["GITHUB_TOKEN"] : null) || githubOptions.token;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #75e19975a8e68dd5 Environment-variable access.
pkgs/npm/[email protected]/out/providers/Provider.js:32
            const arch = process.env["TEST_UPDATER_ARCH"] || process.arch;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

electron-window-state

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #d1ff6cd46a7e792a Filesystem access.
pkgs/npm/[email protected]/index.js:110
      jsonfile.writeFileSync(fullStoreFileName, state);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #03b6a02244ce7178 Filesystem access.
pkgs/npm/[email protected]/index.js:159
    state = jsonfile.readFileSync(fullStoreFileName);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

gray-matter

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #d7011054d4d5c1f6 Filesystem access.
pkgs/npm/[email protected]/index.js:3
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d6a0ef023fa669b Filesystem access.
pkgs/npm/[email protected]/index.js:179
  const str = fs.readFileSync(filepath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

immer

npm dependency
expand_more 5 low-confidence finding(s)
low env_fs dependency Excluded from app score #62479eb00d39ba8c Environment-variable access.
pkgs/npm/[email protected]/src/core/proxy.ts:269
	if (process.env.NODE_ENV !== "production" && isNaN(parseInt(prop as any)))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a736c798dd954716 Environment-variable access.
pkgs/npm/[email protected]/src/core/proxy.ts:276
		process.env.NODE_ENV !== "production" &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cc5833258bf14f6b Environment-variable access.
pkgs/npm/[email protected]/src/plugins/patches.ts:37
	if (process.env.NODE_ENV !== "production") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c82e4aaf1e677dd Environment-variable access.
pkgs/npm/[email protected]/src/utils/errors.ts:4
	process.env.NODE_ENV !== "production"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a5b6286245722b3f Environment-variable access.
pkgs/npm/[email protected]/src/utils/errors.ts:42
	if (process.env.NODE_ENV !== "production") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

open

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #9b1a25b6ce9496c8 Filesystem access.
pkgs/npm/[email protected]/index.js:52
		const configContent = await fs.readFile(configFilePath, {encoding: 'utf8'});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b72e5d4f7b735c9e Environment-variable access.
pkgs/npm/[email protected]/index.js:219
			: `${process.env.SYSTEMROOT || process.env.windir || 'C:\\Windows'}\\System32\\WindowsPowerShell\\v1.0\\powershell`;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

typescript

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #d793165421e5d585 Filesystem access.
pkgs/npm/[email protected]/lib/getExePath.js:11
    const pkg = JSON.parse(fs.readFileSync(path.join(__dirname, "..", "package.json"), "utf8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

vscode-jsonrpc

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #8a88cf26b3f43641 Environment-variable access.
pkgs/npm/[email protected]/lib/node/main.js:152
const XDG_RUNTIME_DIR = process.env['XDG_RUNTIME_DIR'];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

web-tree-sitter

npm dependency
expand_more 20 low-confidence finding(s)
low env_fs dependency Excluded from app score #233ffb099ac00077 Filesystem access.
pkgs/npm/[email protected]/debug/tree-sitter.cjs:83
          var fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a90ee525f1ece4b Filesystem access.
pkgs/npm/[email protected]/debug/tree-sitter.cjs:88
            var ret = fs.readFileSync(filename);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #15a919090f91f632 Filesystem access.
pkgs/npm/[email protected]/debug/tree-sitter.cjs:94
            var ret = fs.readFileSync(filename, binary2 ? void 0 : "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #08cf722cbd968afe Filesystem access.
pkgs/npm/[email protected]/debug/tree-sitter.cjs:4287
        bytes = fs2.readFile(input);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #43bbf91efb3ebd38 Filesystem access.
pkgs/npm/[email protected]/debug/tree-sitter.js:2035
        bytes = fs2.readFile(input);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b559cd8c3bf4c1a Filesystem access.
pkgs/npm/[email protected]/debug/tree-sitter.js:2109
      var fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #908de03fe3cb543d Filesystem access.
pkgs/npm/[email protected]/debug/tree-sitter.js:2116
        var ret = fs.readFileSync(filename);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7034618e8515bfa2 Filesystem access.
pkgs/npm/[email protected]/debug/tree-sitter.js:2122
        var ret = fs.readFileSync(filename, binary2 ? void 0 : "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #964cda4c45bfb109 Filesystem access.
pkgs/npm/[email protected]/lib/tree-sitter.cjs:98
  var fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #85571d6a60b2127d Filesystem access.
pkgs/npm/[email protected]/lib/tree-sitter.cjs:105
    var ret = fs.readFileSync(filename);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f0c876b4da7fa975 Filesystem access.
pkgs/npm/[email protected]/lib/tree-sitter.cjs:112
    var ret = fs.readFileSync(filename, binary ? undefined : "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bba84e755179f015 Filesystem access.
pkgs/npm/[email protected]/src/language.ts:265
        bytes = fs.readFile(input);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #57d88ebab07a13b4 Filesystem access.
pkgs/npm/[email protected]/tree-sitter.cjs:75
          var fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #241dce0cbed02962 Filesystem access.
pkgs/npm/[email protected]/tree-sitter.cjs:80
            var ret = fs.readFileSync(filename);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #79daa29c36476ee0 Filesystem access.
pkgs/npm/[email protected]/tree-sitter.cjs:85
            var ret = fs.readFileSync(filename, binary2 ? void 0 : "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #86d43516854f9112 Filesystem access.
pkgs/npm/[email protected]/tree-sitter.cjs:3760
        bytes = fs2.readFile(input);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #94c21ed2732a795d Filesystem access.
pkgs/npm/[email protected]/tree-sitter.js:2035
        bytes = fs2.readFile(input);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0d4ab555b38c5365 Filesystem access.
pkgs/npm/[email protected]/tree-sitter.js:2101
      var fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #31c75363cf7b8a2b Filesystem access.
pkgs/npm/[email protected]/tree-sitter.js:2108
        var ret = fs.readFileSync(filename);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #85ab548777332487 Filesystem access.
pkgs/npm/[email protected]/tree-sitter.js:2113
        var ret = fs.readFileSync(filename, binary2 ? void 0 : "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

ws

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #2f98198b31307874 Environment-variable access.
pkgs/npm/[email protected]/lib/buffer-util.js:115
if (!process.env.WS_NO_BUFFER_UTIL) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #993abbbf2b6790e4 Environment-variable access.
pkgs/npm/[email protected]/lib/validation.js:142
} /* istanbul ignore else  */ else if (!process.env.WS_NO_UTF_8_VALIDATE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

yargs

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #66963bc2fda58781 Environment-variable access.
pkgs/npm/[email protected]/lib/platform-shims/esm.mjs:29
    return process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

Skipped dependencies

Production

  • @opencode-ai/plugin prod — dist-only: no readable source
  • @opencode-ai/script prod — registry 404
  • @opencode-ai/sdk prod — dist-only: no readable source
  • @agentclientprotocol/sdk prod — dist-only: no readable source
  • @clack/prompts prod — dist-only: no readable source
  • @gitlab/opencode-gitlab-auth prod — dist-only: no readable source
  • @modelcontextprotocol/sdk prod — dist-only: no readable source
  • @opencode-ai/codemode prod — registry 404
  • @opencode-ai/llm prod — registry 404
  • @opencode-ai/tui prod — registry 404
  • @openrouter/ai-sdk-provider prod — dist-only: no readable source
  • @pierre/diffs prod — dist-only: no readable source
  • @solid-primitives/event-bus prod — dist-only: no readable source
  • @solid-primitives/scheduled prod — dist-only: no readable source
  • @standard-schema/spec prod — dist-only: no readable source
  • ai-gateway-provider prod — dist-only: no readable source
  • gitlab-ai-provider prod — dist-only: no readable source
  • minimatch prod — dist-only: no readable source
  • opencode-gitlab-auth prod — dist-only: no readable source
  • opencode-poe-auth prod — dist-only: no readable source
  • opentui-spinner prod — dist-only: no readable source
  • partial-json prod — dist-only: no readable source
  • remeda prod — dist-only: no readable source
  • ulid prod — dist-only: no readable source
  • venice-ai-sdk-provider prod — dist-only: no readable source
  • hono prod — dist-only: no readable source
  • jose prod — dist-only: no readable source
  • @opencode-ai/client prod — no javascript source
  • marked prod — scan budget exceeded
  • acorn prod — scan budget exceeded
  • @ai-sdk/provider-utils prod — scan budget exceeded
  • @effect/sql-sqlite-bun prod — scan budget exceeded
  • @npmcli/arborist prod — scan budget exceeded
  • @npmcli/config prod — scan budget exceeded
  • @opencode-ai/effect-drizzle-sqlite prod — scan budget exceeded
  • @opencode-ai/effect-sqlite-node prod — scan budget exceeded
  • bun-pty prod — scan budget exceeded
  • which prod — scan budget exceeded
  • @kobalte/core prod — scan budget exceeded
  • @shikijs/transformers prod — scan budget exceeded
  • @solid-primitives/bounds prod — scan budget exceeded
  • @solid-primitives/event-listener prod — scan budget exceeded
  • @solid-primitives/media prod — scan budget exceeded
  • @solid-primitives/resize-observer prod — scan budget exceeded
  • @shikijs/stream prod — scan budget exceeded
  • dompurify prod — scan budget exceeded
  • katex prod — scan budget exceeded
  • luxon prod — scan budget exceeded
  • marked-katex-extension prod — scan budget exceeded
  • marked-shiki prod — scan budget exceeded
  • morphdom prod — scan budget exceeded
  • motion prod — scan budget exceeded
  • motion-dom prod — scan budget exceeded
  • motion-utils prod — scan budget exceeded
  • remend prod — scan budget exceeded
  • shiki prod — scan budget exceeded
  • solid-list prod — scan budget exceeded
  • @slack/bolt prod — scan budget exceeded
  • @dnd-kit/abstract prod — scan budget exceeded
  • @dnd-kit/dom prod — scan budget exceeded
  • @dnd-kit/helpers prod — scan budget exceeded
  • @dnd-kit/solid prod — scan budget exceeded
  • @pierre/trees prod — scan budget exceeded
  • @solid-primitives/active-element prod — scan budget exceeded
  • @solid-primitives/audio prod — scan budget exceeded
  • @solid-primitives/scroll prod — scan budget exceeded
  • @solid-primitives/timer prod — scan budget exceeded
  • @solid-primitives/websocket prod — scan budget exceeded
  • @tanstack/solid-query prod — scan budget exceeded
  • @tanstack/solid-virtual prod — scan budget exceeded
  • @thisbeyond/solid-dnd prod — scan budget exceeded
  • ghostty-web prod — scan budget exceeded
  • aws4fetch prod — scan budget exceeded
  • @solidjs/start prod — scan budget exceeded
  • @hono/standard-validator prod — scan budget exceeded
  • hono-openapi prod — scan budget exceeded
  • js-base64 prod — scan budget exceeded
  • nitro prod — scan budget exceeded
  • clipboardy prod — scan budget exceeded
  • @astrojs/cloudflare prod — scan budget exceeded
  • @astrojs/markdown-remark prod — scan budget exceeded
  • @astrojs/solid-js prod — scan budget exceeded
  • @astrojs/starlight prod — scan budget exceeded
  • @fontsource/ibm-plex-mono prod — scan budget exceeded
  • astro prod — scan budget exceeded
  • lang-map prod — scan budget exceeded
  • rehype-autolink-headings prod — scan budget exceeded
  • toolbeam-docs-theme prod — scan budget exceeded
  • @smithy/eventstream-codec prod — scan budget exceeded
  • @smithy/util-utf8 prod — scan budget exceeded
  • @effect/platform-node-shared prod — scan budget exceeded
  • @jsx-email/all prod — scan budget exceeded
  • @jsx-email/cli prod — scan budget exceeded
  • @opencode-ai/console-core prod — scan budget exceeded
  • @opencode-ai/console-resource prod — scan budget exceeded
  • @aws-sdk/client-sts prod — scan budget exceeded
  • @jsx-email/render prod — scan budget exceeded
  • @opencode-ai/console-mail prod — scan budget exceeded
  • @planetscale/database prod — scan budget exceeded
  • postgres prod — scan budget exceeded
  • stripe prod — scan budget exceeded
  • @cloudflare/vite-plugin prod — scan budget exceeded
  • @ibm/plex prod — scan budget exceeded
  • @stripe/stripe-js prod — scan budget exceeded
  • @upstash/redis prod — scan budget exceeded
  • chart.js prod — scan budget exceeded
  • solid-stripe prod — scan budget exceeded
  • @aws-sdk/client-firehose prod — scan budget exceeded
  • @opencode-ai/stats-core prod — scan budget exceeded
  • @aws-sdk/client-athena prod — scan budget exceeded
  • d3-geo prod — scan budget exceeded
  • d3-scale prod — scan budget exceeded
  • i18n-iso-countries prod — scan budget exceeded
  • topojson-client prod — scan budget exceeded
  • world-atlas prod — scan budget exceeded