Summary
OpenCode is S-tier but only has 18 rules vs Claude Code's 79. Research revealed a comprehensive TypeScript config schema.
OpenCode config surface (from research)
Config file: opencode.json (with $schema support)
Full schema discovered (from config.ts source):
| Field |
Type |
Default |
Validatable |
$schema |
string |
https://opencode.ai/config.json |
Validate URL |
model |
string (format: provider/model) |
- |
Validate format |
small_model |
string |
- |
Validate format |
default_agent |
string |
build |
Validate known agents |
username |
string |
system |
- |
share |
enum |
- |
manual/auto/disabled |
autoupdate |
boolean|"notify" |
- |
Type check |
disabled_providers |
string[] |
- |
Validate provider names |
enabled_providers |
string[] |
- |
Validate provider names |
snapshot |
boolean |
- |
Type check |
plugin |
string[] |
- |
Validate plugin identifiers |
Agent configuration
| Field |
Type |
Validatable |
name |
string |
- |
model |
string |
Validate format |
variant |
string |
- |
temperature |
number |
Range 0-2 |
top_p |
number |
Range 0-1 |
prompt |
string |
Content quality |
disable |
boolean |
- |
mode |
enum |
subagent/primary/all |
color |
string |
Hex or theme color |
steps |
number |
Positive integer |
permission |
Permission |
Validate structure |
Permission configuration
| Field |
Type |
Values |
read/edit/glob/grep/list/bash/task/lsp/skill |
PermissionRule |
ask/allow/deny or per-pattern |
todowrite/todoread/question/webfetch/websearch |
PermissionAction |
ask/allow/deny |
external_directory |
PermissionRule |
- |
doom_loop |
PermissionAction |
- |
MCP configuration
Local server: type: "local", command: string[], environment, enabled, timeout
Remote server: type: "remote", url, headers, oauth, enabled, timeout
Provider configuration
whitelist, blacklist, models, options (apiKey, baseURL, timeout)
Other
compaction: auto, prune, reservedskills: paths[], urls[]formatter: per-language config or falselsp: per-language config or falseserver: port, hostname, mdns, corsexperimental: feature flags
Proposed new rules
Config validation (OC-CFG-*)
| Rule |
What |
Confidence |
| OC-CFG-001 |
Invalid model format (must be provider/model) |
HIGH |
| OC-CFG-002 |
Invalid share value |
HIGH |
| OC-CFG-003 |
Unknown top-level config field |
MEDIUM |
| OC-CFG-004 |
Invalid default_agent (must be build or custom) |
MEDIUM |
| OC-CFG-005 |
Hardcoded API key in provider options |
HIGH |
| OC-CFG-006 |
Invalid MCP server structure |
HIGH |
| OC-CFG-007 |
MCP server missing command (local) or url (remote) |
HIGH |
Agent validation (OC-AG-*)
| Rule |
What |
Confidence |
| OC-AG-001 |
Invalid agent mode value |
HIGH |
| OC-AG-002 |
Invalid color format (not hex or theme color) |
HIGH |
| OC-AG-003 |
temperature out of range (0-2) |
HIGH |
| OC-AG-004 |
steps not a positive integer |
HIGH |
Permission validation (OC-PM-*)
| Rule |
What |
Confidence |
| OC-PM-001 |
Invalid permission action (not ask/allow/deny) |
HIGH |
| OC-PM-002 |
Unknown permission key |
MEDIUM |
AGENTS.md quality (OC-AGM-*)
| Rule |
What |
Confidence |
| OC-AGM-001 |
Empty AGENTS.md |
HIGH |
| OC-AGM-002 |
Secrets in AGENTS.md |
HIGH |
Total: 15 new rules (18 current + 15 = 33, exceeds 30 target)
Acceptance criteria