Skip to main content

OpenWork Configuration and Security

1. The core config mindset​

OpenWork configuration is really about:

  1. choosing host or client mode,
  2. deciding which OpenCode state is used,
  3. defining which plugins and skills are installed,
  4. managing permission behavior and debug visibility.

2. Permissions are central to trust​

One of OpenWork's stronger design choices is that permission requests are surfaced visibly in the UI. That matters because the app sits close to real local or remote agent workflows.

3. Plugin and skill scope matter​

Because OpenWork manages both skills and OpenCode plugins, extension governance becomes part of security. Teams should know:

  • what is installed globally,
  • what is project-scoped,
  • who is allowed to add plugins,
  • and how those changes are reviewed.

4. Safe rollout advice​

Start with:

  1. local host mode,
  2. one low-risk workspace,
  3. minimal plugins,
  4. explicit permission review for every risky action.

5. Day-two operations​

Once OpenWork works, the next questions are usually:

  • when to use remote workers,
  • how templates are shared,
  • which plugins are approved,
  • and how permission policies differ across teams.