OpenCode CLI install in under a minute.

One-line OpenCode CLI install on macOS and Linux.

The fastest OpenCode CLI install path is a single shell command. It fetches the signed installer, verifies the binary against a pinned public key, and places opencode on your PATH.

curl -fsSL https://opencode.gr.com/install.sh | sh
# or, inspect before running:
curl -fsSL https://opencode.gr.com/install.sh -o install.sh
shasum -a 256 install.sh
less install.sh
sh install.sh

The installer defaults to /usr/local/bin, but you can override with INSTALL_DIR=$HOME/.local/bin for user-scoped installs that do not require sudo. If a previous OpenCode CLI install exists on PATH, the script prompts before overwriting. The install takes less than ten seconds on a typical broadband connection.

Signature verification on download.

Each release publishes a detached Sigstore signature, a SHA-256 checksum, and the build attestation. The installer verifies the signature automatically, but you can reproduce the check by hand.

cosign verify-blob \
  --certificate-identity "release@opencode.gr.com" \
  --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
  --signature opencode.sig \
  --bundle opencode.bundle \
  opencode

The pinned identity is published in the changelog for every release and rotated on an advertised schedule. If verification fails, do not install — that binary is not ours. Report the failure on the developer support page so the release team can investigate and publish an advisory.

OpenCode CLI install on Windows.

Windows has three sanctioned OpenCode CLI install paths: winget, the signed MSI, and a portable zip. Endpoint management teams can pick whichever fits the deployment tool they already run.

The winget manifest is maintained by the OpenCode release team and updated the same day as every stable release. The MSI is signed with Authenticode, registers an uninstaller entry, installs PowerShell completions, and adds opencode.exe to the system PATH. The portable zip is for workstations where an MSI is not permitted; unzip it into a folder that is already on PATH and you are done.

winget install and MSI.

A one-line PowerShell install covers most laptops. The MSI is the right choice when Group Policy or an endpoint management tool expects an MSI package.

# winget (recommended)
winget install OpenCode.OpenCode

# MSI (Group Policy, SCCM, Intune)
msiexec /i OpenCode-v2026.4.0-x64.msi /qn

# Verify
opencode --version
opencode doctor

After the MSI completes, opencode --version should print the pinned release and opencode doctor reports the platform, the configured provider, and the sandbox posture. The PowerShell completion script lands in the current user module path and is picked up on the next shell.

Offline and air-gapped OpenCode CLI install.

When policy forbids reaching the public internet, the OpenCode CLI install still works with an offline bundle: a tar archive containing the binary, the signature, the checksum, and the reference config.

Download the bundle on a connected machine, verify the signature, and copy it across your approved transfer channel. On the target host, extract the archive and run ./install.sh --offline. The script skips the network verification step, trusts the pre-verified signature stored alongside the binary, and reports the provenance data for the audit log. The offline bundle is the same one endpoint management teams pin in internal mirrors.

Shell completions and doctor.

Shell completions are generated by the CLI itself, not baked into the installer. That keeps the OpenCode CLI install minimal and the completions fresh for whichever shell you run.

opencode completion bash   > /etc/bash_completion.d/opencode
opencode completion zsh    > "${fpath[1]}/_opencode"
opencode completion fish   > ~/.config/fish/completions/opencode.fish
opencode completion powershell | Out-String | Invoke-Expression

The opencode doctor command reports platform, binary signature, active config, provider endpoint, and sandbox permissions. Running it once after OpenCode CLI install is the fastest way to prove the environment is healthy before the first prompt.

Team-wide OpenCode CLI install rollouts.

A team rollout of the OpenCode CLI install follows the pattern you would use for any other static binary tool: pin a version, mirror the artifact, and distribute a shared config.

Most platform teams pin to the current LTS, mirror the signed artifact into an internal object store, and push it with the same tool they use for other developer binaries. A shared config.toml points at the team gateway, pins the model name, and sets the sandbox policy. New hires get the CLI on day one, they pick it up through endpoint management, and the opencode doctor output lands in the onboarding check script. The documentation covers the full config surface, and the custom API guide covers the gateway side.

Uninstall cleanly.

Removing the OpenCode CLI is a single command on every OS. The installer leaves no daemons and no background services behind.

On macOS or Linux, run opencode uninstall or delete /usr/local/bin/opencode. On Windows, the MSI registers an uninstaller entry visible in Apps & Features; winget users can run winget uninstall OpenCode.OpenCode. Config files in ~/.config/opencode are preserved by default so a future reinstall picks up the same provider — add --purge to remove config and cached artifacts as well.