Executive Summary
Severity: P0 — Complete binary crash on macOS 26.3.1 (Tollman / Sequoia)
Impact: opencode cannot launch; all sessions appear inaccessible (data is safe — the binary is the problem)
Root Cause: Binary ships with adhoc,linker-signed codesignature — no TeamIdentifier, no hardened runtime flags. macOS 26.x kills it with SIGKILL.
Workaround: 1-line fix, no Apple account required (below)
Upstream issue: anomalyco#18503
Environment
| Field |
Value |
| macOS Version |
26.3.1 (Tollman) / Sequoia |
| Architecture |
arm64 (Apple Silicon) |
| Binary |
~/.opencode/bin/opencode |
| Shell |
zsh |
Symptom
$ opencode -s <session-id>
zsh: killed opencode
No stack trace. No error message. No logs. Process silently killed by the OS.
Root Cause
macOS 26.x (Sequoia / Tollman) enforces stricter Gatekeeper + System Integrity Protection rules. Binaries accessing protected user directories (~/.local/share/, SQLite databases) must carry a valid TeamIdentifier in their codesignature.
codesign -dv ~/.opencode/bin/opencode
# Format=Mach-O thin (arm64)
# Signature=adhoc
# TeamIdentifier=not set ← root cause
The binary has flags=0x2(adhoc) — no hardened runtime (0x10000), no TeamIdentifier. macOS issues SIGKILL with zero opportunity for the process to log or recover.
Reference: Apple TN3127 — Inside Code Signing Requirements
Immediate Workaround (Verified)
codesign --force --deep --sign - ~/.opencode/bin/opencode
Verify:
opencode --version # launches without being killed
Recommended Permanent Fixes
Option A — Apple Developer Certificate (Production-grade)
codesign \
--force --deep \
--sign "Developer ID Application: <Team> (<TeamID>)" \
--options runtime \
--entitlements entitlements.plist \
./opencode
Option B — Post-install hook (no Apple account)
codesign --force --deep --sign - "$(which opencode)"
Option C — Self-healing launcher shim
#!/bin/bash
BINARY="$HOME/.opencode/bin/opencode"
if ! codesign -v "$BINARY" 2>/dev/null; then
codesign --force --deep --sign - "$BINARY"
fi
exec "$BINARY" "$@"
Risk Assessment
| Risk |
Level |
Notes |
| Data loss |
None |
SQLite sessions intact |
| User impact |
Critical |
Entire tool unusable without workaround |
| Upgrade risk |
High |
Silent regression on macOS 26.x |
| Fix complexity |
Low |
One-line CI change or post-install hook |
Notes
- macOS upgrade to Tollman is a silent breaking change — users get zero explanation for the crash.
- All 1183 sessions verified safe after fix.
Executive Summary
Severity: P0 — Complete binary crash on macOS 26.3.1 (Tollman / Sequoia)
Impact: opencode cannot launch; all sessions appear inaccessible (data is safe — the binary is the problem)
Root Cause: Binary ships with
adhoc,linker-signedcodesignature — noTeamIdentifier, no hardened runtime flags. macOS 26.x kills it with SIGKILL.Workaround: 1-line fix, no Apple account required (below)
Upstream issue: anomalyco#18503
Environment
~/.opencode/bin/opencodeSymptom
No stack trace. No error message. No logs. Process silently killed by the OS.
Root Cause
macOS 26.x (Sequoia / Tollman) enforces stricter Gatekeeper + System Integrity Protection rules. Binaries accessing protected user directories (
~/.local/share/, SQLite databases) must carry a validTeamIdentifierin their codesignature.The binary has
flags=0x2(adhoc)— no hardened runtime (0x10000), noTeamIdentifier. macOS issues SIGKILL with zero opportunity for the process to log or recover.Reference: Apple TN3127 — Inside Code Signing Requirements
Immediate Workaround (Verified)
codesign --force --deep --sign - ~/.opencode/bin/opencodeVerify:
opencode --version # launches without being killedRecommended Permanent Fixes
Option A — Apple Developer Certificate (Production-grade)
codesign \ --force --deep \ --sign "Developer ID Application: <Team> (<TeamID>)" \ --options runtime \ --entitlements entitlements.plist \ ./opencodeOption B — Post-install hook (no Apple account)
codesign --force --deep --sign - "$(which opencode)"Option C — Self-healing launcher shim
Risk Assessment
Notes