xai-org/grok-build, now open source · Simon Willison's Weblog
Science, Technology & Innovation · Jul 15, 2026
Recent open-source repositories (Grok Build ≈844,530 lines of Rust; OpenAI codex ≈950,933 lines) show terminal coding agents are far larger and more operationally complex than simple LLM front ends—containing prompt templates, custom renderers, multiple tools, runtime/shell logic and more—so building them requires platform-level engineering with higher development cost, larger attack surface, greater audit burden, and different defensibility considerations.
xai-org/grok-build, now open source · Simon Willison's Weblog
Science, Technology & Innovation · Jul 15, 2026
The codebase functions as a tool-aggregation layer that ports commands from other coding agents (e.g., Codex/OpenCode), suggesting competition will center on interoperability, orchestration, routing/UX/trust/deployment rather than novel primitives—so compatibility lowers switching costs for builders but compresses surface-level differentiation.
xai-org/grok-build, now open source · Simon Willison's Weblog
Science, Technology & Innovation · Jul 15, 2026
xAI open-sourced the full Grok Build codebase under Apache 2.0 after an upload controversy to restore trust and shift the product from an opaque hosted model toward inspectable, local-first deployment by deleting retained data, turning retention defaults off, and providing an open-source harness for local inference and verification.
xai-org/grok-build, now open source · Simon Willison's Weblog
Science, Technology & Innovation · Jul 15, 2026
The repo provides partial forensic evidence that the controversial upload pathway was real code but xAI has hard-disabled session-state uploads—upload logic remains in gcs.rs and upload/trace.rs (upload_session_state() returns session_state_upload_unavailable)—so remediation is an inspectable disable rather than full removal, enabling auditors to verify mitigation.
xai-org/grok-build, now open source · Simon Willison's Weblog
Science, Technology & Innovation · Jul 15, 2026
xAI’s Grok Build CLI could upload entire working directories (including credentials and personal files) to xAI-controlled cloud storage, prompting the company to disable uploads and promise deletion—underscoring that terminal-based coding tools can leak broad sensitive data and that upload scope, retention, and consent are now core product-trust issues.