Skip to main content
OpenCode’s session sharing feature creates public links to your AI conversations, enabling collaboration, code reviews, debugging assistance, and knowledge sharing.
Shared sessions are publicly accessible to anyone with the link. Review content before sharing to avoid exposing sensitive information.

How Session Sharing Works

1

Create or select a session

Work on your code in a session as usual. The session contains:
  • Full conversation history (your prompts + AI responses)
  • File diffs and code changes
  • Tool use records (file reads, writes, bash commands)
  • Session metadata (title, creation date, model used)
2

Share the session

Run /share command or use the API:
# In TUI
/share

# Via API
curl -X POST http://localhost:4096/session/<session-id>/share
3

Unique URL generated

OpenCode creates a unique share URL:
https://opncd.ai/s/s_abc123xyz789
The URL is automatically copied to your clipboard (TUI) or returned in the API response.
4

Data synced to cloud

Session data is uploaded to OpenCode’s servers:
  • All messages and responses
  • File diffs (not full file contents)
  • Session configuration
  • Metadata (timestamps, model info)
5

Share the link

Send the URL to teammates via:
  • Slack/Teams/Discord
  • Email
  • GitHub PR comments
  • Documentation

Sharing Modes

OpenCode supports three sharing modes to match different workflows and security requirements.

Manual (Default)

Sessions are not shared automatically. You explicitly control when to share. 
# Share current session
/share

# Unshare when done
/unshare
Configuration (optional):
opencode.json
{
  "$schema": "https://opncd.ai/config.json",
  "share": "manual"
}
  • Default safe mode for most users
  • Working with proprietary code
  • Only sharing specific debugging sessions
  • Explicit control over what gets shared

Auto-share

Every new session is automatically shared upon creation.
opencode.json
{
  "$schema": "https://opncd.ai/config.json",
  "share": "auto"
}
  • Open source projects
  • Team collaboration where all sessions should be visible
  • Educational/tutorial content creation
  • Public coding demonstrations
Review session content regularly. Even with auto-share, you can /unshare individual sessions.

Disabled

Sharing is completely disabled. The /share command will not work.
opencode.json
{
  "$schema": "https://opncd.ai/config.json",
  "share": "disabled"
}
  • Enterprise environments with strict data policies
  • Highly sensitive projects (healthcare, finance, defense)
  • Compliance requirements (HIPAA, SOC 2, ISO 27001)
  • Air-gapped or offline development
For team-wide enforcement, commit opencode.json with "share": "disabled" to version control.

Using the Share API

Share a Session

curl -X POST http://localhost:4096/session/abc123/share
shareID
string
Unique identifier for the shared session (prefixed with s_).
shareURL
string
Full public URL to the shared session.

Unshare a Session

Remove public access and delete cloud data: 
curl -X DELETE http://localhost:4096/session/abc123/share
shareID and shareURL become null after unsharing. The link will return 404.

Check Share Status

Query whether a session is currently shared: 
curl http://localhost:4096/session/abc123

What Gets Shared

When you share a session, the following data is uploaded:
  • All user prompts (your messages)
  • All AI responses (assistant messages)
  • Tool use records (file operations, bash commands)
  • Timestamps and message order
  • Model and provider information
  • Diffs of changed files (hunks with context)
  • File paths relative to project root
  • Not full file contents, only changes made during the session
  • Session title
  • Creation and update timestamps
  • Parent session ID (if forked)
  • Agent used (e.g., task, research)
  • Model configuration
  • Task breakdown and planning
  • Task completion status
  • Task descriptions

What is NOT Shared

Data that remains local:
  • Full source code files (only diffs are shared)
  • Environment variables
  • API keys and secrets (never include these in prompts!)
  • Local file paths outside the project
  • Git history or repository metadata
  • User’s global OpenCode configuration

Privacy and Security

Data Retention

Shared sessions remain accessible indefinitely until explicitly unshared.
1

Initial share

Data uploaded to opncd.ai servers.
2

Link active

Anyone with the URL can view the session.
3

Unshare

Run /unshare to delete the share:
  • Link becomes invalid (404)
  • Data removed from servers within 24 hours
  • Local session remains intact
Automatic expiration is not currently supported. Always manually unshare sessions when collaboration is complete.

Access Control

Shared sessions use URL-based access (no authentication required):
  • ✅ Simple sharing (no account needed)
  • ✅ Works with any browser
  • ❌ Anyone with the link can access
  • ❌ Cannot restrict to specific users
Best Practices:
  1. Treat share URLs like passwords
    • Share via secure channels (encrypted chat, private repos)
    • Avoid posting in public forums or social media
  2. Time-box sharing
    • Unshare immediately after collaboration ends
    • Review active shares periodically
  3. Use short-lived channels
    • Send links via disappearing messages (Signal, Telegram)
    • Share in private GitHub comments, not PR descriptions
  4. Monitor access (future feature)
    • Request: Star [#issue-number] for access logs

Compliance Considerations

For regulated industries (healthcare, finance, government):

HIPAA

Do not share sessions containing PHI (Protected Health Information). Use "share": "disabled" for HIPAA-regulated projects.

GDPR

Shared sessions may contain personal data. Ensure compliance with:
  • Data processing agreements
  • User consent requirements
  • Right to erasure (use /unshare)

SOC 2

Sharing may violate data residency or access control policies. Audit "share": "auto" configurations.

Export Control

Government/defense contractors: Verify that sharing complies with ITAR, EAR, or similar regulations.

Recommendations by Project Type

Auto-share enabled
opencode.json
{
  "share": "auto"
}
Benefits:
  • Community can learn from your process
  • Easy debugging help from maintainers
  • Transparent development

Use Cases

Remote Debugging

Share a session showing the bug reproduction steps. Teammates can see the full context without screenshots.

Code Review

Link to the session in your PR description. Reviewers see the reasoning behind changes.

Documentation

Create “how we built X” posts by sharing sessions. Perfect for engineering blogs.

Onboarding

Share sessions demonstrating common workflows. New hires learn by example.

Support Tickets

When asking for help in GitHub issues, share the session to provide full context.

Teaching

Instructors can share sessions as interactive tutorials. Students see the AI’s reasoning.

Enterprise Features

For organizations needing advanced sharing controls:
Deploy your own share server:
  • Data never leaves your infrastructure
  • Integrate with SSO (SAML, OAuth)
  • Custom retention policies
  • Audit logs for compliance
Contact sales for self-hosted options.
Require authentication to view shared sessions:
  • Restrict to employees with company email
  • Integrate with Okta, Azure AD, Google Workspace
  • Revoke access when employees leave
Contact sales for SSO integration.
Track who views shared sessions:
  • View counts and timestamps
  • Viewer IP addresses and locations
  • Export access logs for audits
Available in enterprise plans.

Troubleshooting

Possible causes:
  1. Sharing is disabled in config: 
    # Check config
cat ~/.config/opencode/opencode.json | grep share
# Should not be "disabled"
  2. Network connectivity issues: 
    # Test connectivity
curl https://opncd.ai/health
  3. Session has no content yet:
    • Only sessions with messages can be shared
Reasons:
  • Session was unshared
  • Share ID is incorrect (typo in URL)
  • Server maintenance (rare, check status page)
Fix: Re-share the session to generate a new URL.
Workarounds:
  1. Try via API: 
    curl -X DELETE http://localhost:4096/session/<id>/share
  2. Contact support if data must be removed urgently: support@opencode.ai
Immediate steps:
  1. Unshare the session immediately: 
    /unshare
  2. Delete the session locally: 
    # In TUI: Open sessions (Ctrl+P → Sessions) → Delete
  3. If secrets were exposed:
    • Rotate API keys immediately
    • Revoke OAuth tokens
    • Change passwords
  4. Contact support for expedited deletion: security@opencode.ai

Best Practices

1

Review before sharing

Skim the session for sensitive data:
  • API keys or tokens
  • Internal URLs or hostnames
  • Customer data or PII
  • Proprietary algorithms
2

Use descriptive titles

# Good titles
"Fix authentication bug in /api/login"
"Refactor database migrations"

# Bad titles
"Debug"
"Session 1"
Recipients understand context immediately.
3

Share early in collaboration

Share at the start of debugging/pairing sessions, not after. Collaborators see your thought process in real-time.
4

Unshare when done

Add a reminder:
# ~/.bashrc or ~/.zshrc
alias opencode='echo "Remember to /unshare when done!" && command opencode'
5

Document in PRs

Include share links in pull request descriptions:
## Changes
- Added user authentication

## Context
See development session: https://opncd.ai/s/s_abc123

Next Steps

Server API

Use the /session/:id/share API programmatically.

Configuration

Configure sharing modes in opencode.json.

Enterprise

Self-hosted sharing and SSO integration.

Privacy Policy

Review how shared data is handled.