Two years ago, AI in the editor meant autocomplete: it guessed the next line and you pressed Tab. In 2026 it means something categorically different — an agent that reads your repo, edits files across it, runs your tests, reads the errors, and tries again, all from a single instruction. The tool stopped suggesting and started doing.
Three names dominate that shift: Claude Code, Codex, and opencode. They look similar in a demo and are marketed as rivals, but they make genuinely different bets on lock-in, control, and openness. This is a vendor-neutral guide to what they actually are, how the thing under all of them works, and how to choose — and run — one without handing over the keys to your codebase.
First, What a Coding Agent Actually Is
The word “agent” gets thrown around loosely, so pin it down. A coding agent is not one clever prompt — it’s a loop.

You give a goal — “add JWT auth to the API.” Then:
- The model plans the next concrete step.
- It acts — calls tools to read files, edit code, run a command, grep the repo.
- It observes the result — test output, a stack trace, the new file contents.
- It loops — feeds that back in and plans again, until the task is actually done.
- It stops and shows you a diff to review and approve.
That loop is the whole idea, and it’s why an agent is powerful and risky at the same time: between your prompt and the result, it takes actions on its own. Autocomplete could only ever suggest; an agent edits your files and runs your shell. Every tool below is a different wrapper around this same loop.
The Three That Matter
Claude Code — Anthropic’s agent. It began as a terminal tool and now runs across the terminal, IDE, desktop app, and the browser — including managed cloud sessions that chew through long tasks in parallel while your machine is off. It’s tied to Claude models, closed-source, MCP-native, and asks permission before edits and commands. If you already trust Claude for code, it’s the most polished way to let it act.
Codex — OpenAI’s coding agent, and the one that pushes the loop the furthest. It runs in two modes: a cloud agent that grinds through long tasks in an isolated, managed sandbox — so you can fire off several jobs at once and walk away — and a local CLI for hands-on work at the keyboard. It’s tied to OpenAI’s frontier models, which are still some of the strongest at real code, and its cloud agent is a mature, isolated place to hand off long work. The CLI is open; the models and the managed service are proprietary. The trade is clear: you accept the OpenAI ecosystem, and in return you get one of the strongest model-plus-cloud combinations on the market.
opencode — the open-source outlier. A terminal agent that is model-agnostic: you point it at whichever provider you want — Anthropic, OpenAI, Google, or a local model — and the agent itself is open-source, so you can read it, extend it, and self-host it. Its bet is no lock-in and full auditability.
Where Each One Sits
Strip away the branding and the three separate on two axes: how open they are (closed vs open-source) and how locked to one model vendor they are. Notice what is not an axis anymore: where it runs. Both Claude Code and Codex now run locally and offer a managed cloud, so that stopped being the dividing line.

Here is the same decision as a table:
| Claude Code | Codex | opencode | |
|---|---|---|---|
| Vendor | Anthropic | OpenAI | Open-source (community) |
| Models | Claude only | OpenAI only | Any — bring your own |
| Where it runs | Local + managed cloud | Local CLI + managed cloud | Local / self-hosted |
| Openness | Closed | CLI open, service/model closed | Fully open-source |
| MCP support | Native | Yes | Yes |
| Auditability | Trust the vendor | Trust the vendor | Read the source |
| Best for | Deep Claude users, polished all-surface | Delegating & parallelizing long tasks, hands-off cloud runs | Avoiding lock-in, local-only, self-hosting |
The pattern is clear: the two proprietary agents cluster together — polished, model-locked, vendor-trusted — and opencode is the deliberate counterweight for teams that refuse model lock-in or need to audit what the agent does.
How to Actually Choose
Ignore the demos; they all look magical for ten minutes. Choose on three real constraints:
- Model lock-in. Do you want to be tied to one model family? Claude Code binds you to Claude, Codex to OpenAI. opencode lets you swap models — including running a local one for sensitive code — without changing your workflow.
- Where it runs. This used to split them, but no longer: both Claude Code and Codex run locally and offer a managed cloud that chews through long, parallel tasks while you do something else. opencode is the local / self-hosted one — no vendor cloud at all, which is the whole point if you need everything on your own infrastructure. So don’t choose on “local vs cloud”; choose on whose cloud you’re willing to send code to, if any.
- Openness and auditability. In a regulated or security-sensitive shop, “we can read exactly what the agent does” is not a nice-to-have. That’s opencode’s home turf; the proprietary tools ask you to trust the vendor instead.
In practice the switching cost is low — the loop is the same everywhere — so trying two is cheap and often clarifying. Pick the default that matches your constraints, not the one with the best launch video.
Letting It Act Without Letting It Loose
Here’s the part the demos skip. A coding agent is, mechanically, a program that edits your source and runs shell commands on your behalf. That is enormous leverage and a genuine attack surface. The failure mode isn’t the model being dumb — it’s the model being capable and unsupervised.

Treat every agent like a new junior developer who somehow has root. Four guardrails make that safe:
- Permission prompts. Approve edits and shell commands before they run, not after. All three support this — leave it on, especially for anything that touches the network or the filesystem outside the repo.
- Sandboxed execution. Run the agent in a container or a microVM, never directly on your host or anything near production. If it runs
rm -rfor a poisoned dependency’s postinstall, the blast radius should be a throwaway sandbox. For the isolation trade-offs, see MicroVMs in 2026: Firecracker vs gVisor for Secure Workloads. - Scoped tool access. An agent’s power comes from the tools it can call. Allow-list them — and if it reaches external tools over MCP, control which servers and which tools it can touch, deny-by-default. This is exactly the per-tool permission problem covered in User-Level Permission Controls for MCP Tool Access.
- Human reviews the diff. The agent proposes; you decide. Read the change before it commits. The moment you let an agent merge unattended, you’ve replaced code review with faith.
None of this is exotic — it’s least-privilege, applied to a very capable new kind of process. The agent that can rewrite your codebase in a minute can also break it in a minute; the guardrails are what turn that speed into leverage instead of a liability.
The Field Rule
The three agents are more alike than their marketing suggests: the same plan-act-observe loop, wrapped differently — and the two proprietary ones, Claude Code and Codex, are near-twins that both now run locally and in a managed cloud. So choose on what actually differs — openness and model lock-in — and run whichever you pick like a powerful junior: sandboxed, permission-gated, tool-scoped, and never merging without a human on the button. Claude Code if you live in Claude and want the most polished experience; Codex if you want OpenAI’s frontier models with a mature cloud agent to hand long, parallel work to; opencode if you refuse lock-in and want open source you control. If you just want a strong set-and-forget default and don’t mind the OpenAI ecosystem, Codex is the easiest one to bet on. Get the guardrails right first, and any of the three becomes leverage instead of a gamble.




From the community
Discussion on the Fediverse
Replies from Mastodon and Bluesky — straight from the open web, no tracking.
Loading replies …
No replies yet. Start the conversation:
Replies could not be loaded right now.