Grok Build is open source

5 hours ago (github.com)

There's some surprising stuff in this codebase. For example, https://github.com/xai-org/grok-build/blob/b189869b7755d2b48... is a "self-contained terminal renderer for Mermaid diagrams", which renders a subset of Mermaid chart types using Unicode box-drawing.

Just blogged about this here[0] but at least they're not doing the usual canned PR response surrounding this.

Folks are already building on top of it:

thedavidweng/gork-build[1] — rebrand grok→"gork", stripped vendor telemetry, opt-out-only data retention, blocks x.ai auto-update. A "VSCodium-style privacy fork."

DigiGoon/digi-grok-build[2] — "dgrok" multi-provider CLI, builds from source instead of x.ai CDN.

victor-software-house/open-grok[3] — "opened to every provider."

LukaMucko/grok-build[4] — extra_body support for provider-specific request fields.

RapidAI/grok-build-desktop[5] — Tauri desktop GUI client.

mazdak/grok-build[6] — theming (Catppuccin).

thomas9120/grok-build-archival[7] — Windows telemetry-disable script.

saqoah/grok-build[8] — Kotlin MemoryBackend.

[0] https://github.com/saqoah/grok-build

This is not the right thing, this is the tactical thing. If you have an LLM with less than 1% of the share to begin with, you suffer from bad rep and you got caught uploading user data, one of the very few remaining tactical moves to try to climb out of it is this.

  • Another tactical move is to just stop. You're allowed to exit the AI business. Nobody's forcing you to keep throwing money into the furnace. Just be a rocket company. All of the xAI founders left. Your product's brand name is mud. Just stop doing that and build spaceships.

    • You misunderstand Musk's motivation. This was never about money for him, but about control over a key technology. One of the main reasons he exited OpenAI was the fact that the other co-founders wanted to create a structure where no one, Musk included, would be able to seize full control of the company. That was the thing that prompted him to leave, which tells you a lot about what he really wanted in the first place.

      But he also falsely assumed that OAI would die without his money. Yet, they managed to pull through, and Musk is now on the outside looking in with very little influence in the AI space. xAI is his desperate attempt to get back into the game. That is why he won't give up.

      31 replies →

    • I don’t know, I wouldnt be suprised if he finds a way. All the tools around, he just have to make a jump in the quality. With GLM as example they should be able to het to opus level and cut the costs

    • It is my limited understanding that as much as many of us groan at the notion of Spacex becoming "an AI-first company", markets in general, and Musk investors in particular, are slurping it up. Musk is very very very good at promising the sky. I don't think he can backtrack, he always digs in further - and it has historically worked well for him. He will drop AI only when the next big hype thing comes along and he hitches a ride on that train.

    • Musk bought Twitter looking to build an “everything app,” the western WeChat. AI came along and promised an end to apps via an agentic OS that does what its user wants and vibes whatever it needs to accomplish that as it goes along. The agentic OS is basically the same thing as the “everything app,” and I doubt Musk will let go of that.

      1 reply →

    • As a social media site they need to understand content for recommendations and they allow people to ask questions about posts for free. Along with having a large amount of data that can be trained on xAI has good reason to continue developing AI.

      4 replies →

    • > Just be a rocket company.

      Ah, are you referring to the rockets that become autonomous 60 seconds prior to launch, like Falcon 9? The rockets that steer and diagnose themselves with a minimum of input/communication from ground stations? The crewed space capsules that deliver astronauts to the ISS and trans-lunar orbits, without the ordinary needs for manual piloting or astrogation? Those rockets?

      Sure bro, "exit the AI business" and keep on with the rocket science, I guess

      8 replies →

  • I don't know anyone who would trust Grok Build anymore. I'd be wary of Cursor in the next few months too.

    • ... it's open source.

      Presumably anyone who wants to trust it can audit it. You didn't have to trust it, you can see exactly what it does.

  • Yes, tactical is the right word because it might be a tactical win but it would be a strategic failure. Musks whole meme empire runs on vibes. The second there's a crack in the dam it all comes down. None of the valuations of anything he touches make sense and something like utterly failing to run with the AI big boys is enough to do that.

I don't know anyone who uses Grok and I feel like the brand is tainted thanks to Musk.

  • I'm honestly not trying to spark a political conversation - but the target user base is far-right

  • I have friends who use it and rate it.

    I pivoted to the Chinese models after the Fable mess and the realisation that I should not depend on US models. But others just pivoted away from Claude.

    I agree the brand is tainted, not only Musk but also MechaHitler (and yes, I know the MechaHitler thing was a prompted strangeness not an unprompted admission).

I would recommend using https://pi.dev/ over Grok Build with your xAI subscription at this point

  • why pi over opencode? earnestly curious, trying to figure out what open solution people are consolidating on. (codex is also pseudo-open but contributions closed and nice)

    • pi is the neovim of agentic harnesses, its barebones and extremely configurable. if you're the sort of person who likes that sort of things its a forever product, nothing is going to displace it because you have full control.

      opencode builds a lot more in, which is better if you dont want to fiddle with config.

      1 reply →

    • Most of my harness experience is with Claude Code and Pi, a little bit of OpenCode.

      I like how quick and snappy Pi is, it feels like a minimal harness, just enough to manage the agent and get out of the way. Earlier models also seemed to have an easier time working with the tools, e.g. GPT-OSS-20B is about a year old and had no trouble in Pi.

    • Opencode gives you better defaults and a Mac/Windows app for free but pi is much more extensible and portable.

  • Pi is good in concept, but why couldn’t they choose a compiled language instead of TypeScript?

    • Why does it matter? Agent harnesses aren't doing anything that would make a compiled language more suitable than a scripting language.

    • since pi is built to modify itself, isn't it better to use a language like typescript where LLMs have a LOT of training data?

      a harness doesn't do any computations by itself so what benefit is using a compiled language?

      2 replies →

    • I imagine because they want to support plugins, and plugins in compiled language are a lot less natural than plugins in languages like TypeScript or Python.

    • For TUIs, Rust/Go vs Typescript doesn't really makes a huge performance difference and you lose the 50x bigger community advantage of Typescript.

    • I would imagine the extension system they built would be much more difficult to manage. They could have opted for Lua, though, I suppose.

  • I recommend using https://omnigent.ai over Grok Build or any other harness.

    • This is not how to push your own product - there's no value add to your comment, and you don't even have a disclaimer that you are involved with it

    • As a general rule I don't use new products whose websites don't resize properly on mobile.

      If you fuck that up, makes me wonder what other obvious stuff you fuck up.

      2 replies →

It's a shame that they exfiled private data. The model is actually good (better than opus 4.8 imo) and the harness itself is butter smooth with the potential of being the best out there.

They claim to have deleted or will be deleting all the data they exfiltrated.

There are independent agencies that will certify destruction of data. For example FTI Tech, Kroll, Epiq, HaystackID and others.

No such certificates have been presented.

Nothing less is trustworthy.

  • a certificate that data was destroyed is absolutely worthless no matter who it comes from.

    what kind of sorcery do they have to let them determine that no backups were taken before they arrived to "certify"?

  • How much can you really certify that data is destroyed?

    Customer data could live on the computer Elon pretends to play Diablo 4 on for all we know.

  • How is this case any different from how cloud hosted AI agents work ? The agent needs all of those files to complete the task you give it & is not running locally.

    So I don't think it can ever work without exhilarating the data - rather I am still surprised people don't understand the implications.

Interesting - seen some good experiencences in using grok by some devs, so maybe could be considered as an alternative to my beloved chinese models. Also, hard to give up on pi agent.

  • Grok Build seems faster to me than `omp` and Claude Code but I can't put my finger as to why. Anecdotally, after disabling code uploads the agent doesn't respond instantly anymore (it used to respond within milliseconds).

What a bunch of slop: 182 top-level external dependencies (so, without considering nested dependencies) and 1318853 lines of code in Rust.

Building efficient agents is doable (I did it myself, github.com/gi-dellav/zerostack), companies just want to tokenmaxx, and as a by-product, produce and publish slop.

  • It looks like some of that high LoC is because they are vendoring some deps. There readme gives the reason to vendor some but not others as:

    > These crates sit on the path that renders untrusted model output (diagram source → SVG). Vendoring gives a full audit surface, pins exact source, and avoids crates.io yanks. Local patches and upgrade checklists live in each crate’s Cargo.toml header comments — treat those as the source of truth when re-vendoring.

    Which honestly feels like a misunderstanding of how cargo and yanks work. Each upstream package is locked to an exact version in your lockfile along with a cryptographic hash. The upstream can't change the source without you noticing. Unless you update your lockfile you will always pin to the exact version and source. When a package is yanked, it is still available for download if it is already in a lockfile. It just prevents new packages from resolving it. Crates.io will sometimes completely delete a package, but I've only seen that happen in cases of malware. It's fairly rare and seems out of line with the supply chain concerns here.

    There are good arguments for relying on upstream package managers and there are good arguments for vendoring all packages. I've never seen a project mix before.

    • Sounds like they did the ol “grok please make this secure” and it slopped out this plausible-if-you-squint nonsense.

      Rendering untrusted model output, ooh scary! Of course we want full audit surface!

  • That is an insane amount of code for something like this!

    • to be fair, coding agent harnesses have been becoming more and more complex.

      it's not an llm in a loop with tools anymore (as claude code was rumoured to be on HN).

      1 reply →

I wonder if releasing this may have been on the roadmap, but been prioritized as a bit of whiplash following the "you forfeit the entirety of your working directory as a condition of working with this tool" upset from a few days ago.

  • Most likely, SpaceX killed the code uploading yesterday so they are definitely concerned about the backlash

    > The researcher who exposed Grok Build uploading users' entire repositories to cloud storage says the transfers have stopped after a server-side change. Elon Musk has separately promised that all previously uploaded user data will be deleted.

    https://www.theregister.com/ai-and-ml/2026/07/14/musk-promis...

i think xai is now in pure damage control mode, after they caught exfiltrating data from users.

- There is a huge difference between logging user queries (which would include only the portion the model is reading) and exfiltrating user data (including env files, entire source code etc) which is what grok-build did here (https://github.com/xai-org/grok-build/blob/main/crates/codeg...). I would stay away from this open-source malware with a 10ft pole.

- if you like grok-4.5 model (it is a good model), i suggest use the model directly via API, or use Grok's oauth tokens if you are using supergrok+heavy subscriptions and connect it to your own agent.

  • And for generating an absolutely gargantuan amount of CSAM and non-consensual sexualized images, but yeah, exfiltrating data too.

    • If I use a shovel to kill a man, the shovel maker did not engage in intentionally crafting a weapon of war.

      How tools are used are a reflection of the people who use them, and I definitely sympathise that tools should have guardrails to not enable this, or at least detect it.

      But if a pedophile uses Whatsapp to groom a child; I don't go after Whatsapp for being a neutral service... I go after the pedophile.

      10 replies →

  • How can an AI agent, that is usually running on some machine in the cloud, even run without actually pulling in the data into the cloud to work with it ?

    Is there an idea some sort of fixed localy running code does filtering on the data before it is sent to cloud?

    Still seems like it would not work very well if it actually did any safe filtering - as the model can't "think" without seeing the data and it won't see the data unless the data is loaded to cloud.

  • [flagged]

    • > Regardless of what they were doing before, it seems they are doing the right thing now.

      Regardless of the fact that they were stealing and uploading user secrets, they changed their behavior after they got caught, so let’s ignore what they did in the past.

      6 replies →

  • > exfiltrating user data (including env files, entire source code etc) which is what grok-build did here

    I think env files are filtered out [1]. Anyway, the most suspicious code would be `upload_session_state` which is currently a stub function, though it is hard to say if it was only planned (badly) or has been removed as a damage control.

    [1] https://github.com/xai-org/grok-build/blob/c1b5909ec707c069f...

Grok is super stingy to people who pay them.

Using Grok Imagine I was getting a generous number of AI-generated videos with a paid X account (which translated to a "premium" xAI account). Hundreds of videos per day if I wanted. Then I signed up to get SuperGrok for higher resolution, and the number of videos reduced. Reduced. Even while not using the higher resolution. Paying more money, getting less. To around 50 a day low resolution, with high resolution available if I would settle for around 30 a day. It was hard to figure out the exact numbers but it was a brutal reduction.

Now they have further reduced the quota, with no clear documentation, to be weekly, and I can't tell the number because all usage is mixed together in one pool, maybe to keep it less transparent, but it seems even more stingy.

Unlike Anthropic which is very generous, although admittedly I do pay Anthropic more, but Grok is just, I would say: run away, do not give them your money, they will just clamp down more and more and give you less and less until you are willing to pay them a money stream each month.

I think Grok Code, if it ever comes, will be an absolute nightmare of restricted quota given my experience.

Do. Not. Subscribe. To. Grok. Code.

And I say all this as a huge Elon-pilled fan of Tesla and SpaceX in general. With this one, Elon's stinginess is going to hurt anyone who gives him money. Stay away. It might be generous on day one, but a month or two later you are faced with an "upgrade" prompt and games that hide how much they are clenching, so to speak, the quota tighter and tighter.

  • The overly generous image/video generation was a product of their excess compute. No point in letting it sit idle while you build up your infrastructure. But you were getting far more than what you paid for. Now your quota more accurately reflects the cost to create it (even still its generous compared to api costs) but everyone has their expectations set based on the subsidized access. Perhaps giving away too much is counter productive because users will revolt once the quotas are changed to better reflect reality.

Neat, trying to reverse engineer some specifics of how it does stuff has been a pain in the ass, and this will make it easier.

  • To some degree at least. This is a hulking monster of a codebase for what it does, it's definitely LLM-built and almost definitely requires an LLM to tackle at all.

It's awesome to see openness in these coding agents from the labs making the agents: Codex, Kimi Code, and now Grok Build.

Has anyone tried building from source?

The commit message says "initial sync from the monorepo." Is this even compilable without the rest of the source code?

Grok has had far too many instances where its clear that the team building it cannot be trusted and does not care to build trustworthy products. I highly caution anyone from using any tools from xAi, as they have clearly shown themselves to be bad actors within the space.

Sigh, why has the industry converged on TUI? Branding and aesthetics over functionality?

TUI is just much worse for me. I tried Codex CLI vs Codex UI and Codex UI beats it at every level.

  • TUI is a lot better for me, and I have preferred it since the 00s, before LLM products were even a thing.

    For all the reasons there can be, one big reason is that it works on anything you can get a terminal on, you can use it over SSH, and the UI will be the same no matter where you use it.

    I also like that they are very very fast and they don't have the incessant animations that are put into most desktop environments nowadays. If you're on MacOS, the terminal is the only only part of your computer without roadblocks everywhere.

  • It is a fashion thing. I am not saying that agentic TUIs are bad or anything but it is certain fashionable to use one in 2026.

  • And why are you assuming the industry converged to it when your following statement dismantles your assumption?

    Spacex bought cursor, so it now has it’s agent ui which is just as good as codex + it’s multi-modal

    Anthropic also has it’s own ui

    Zai also launched theirs last month.

    Everyone is converging back to UI.

    The terminal was just a prototype, everyone knew that.

[flagged]

  • Please don't just post the most obvious snarky comment about a given topic. The guidelines make it clear we're trying for something better here. https://news.ycombinator.com/newsguidelines.html

    • Sorta amazes me how people in various levels of power will not say the obvious thing or actively discourage saying the obvious thing because it might offend Elon.

      Recently all the big bank CEOs involved with the SpaceX IPO - a lot of money in that for them - but a company trading at 100x sales is clearly crazy.

      6 replies →

  • Honestly a great question. I mean if it’s open source someone will check (I don’t use xAI but believe me I would be checking first if I did).

Misanthropic should learn from this and open source their claude code. Even ClosedAI have codex cli opensourced.

Wow… lots of folks betting against Elon once again lol.

I’ll take those bets.

  • It's less of a bet against him. It's more of a bet for the future of humanity. And contrary to what Elon believes about himself, his work has been toxic for humanity for the last 5 years and is getting worse.

This is 100% smoke and mirrors. Prove the bucket is empty and nothing was transferred out and I'll believe they deleted it.