Delv
CodingActive· 6dby All Hands AI4.3

OpenHands

Open-source platform for cloud coding agents (formerly OpenDevin) that take actions across codebases, terminals and browsers.

Try it Source
B
Safety & Trust

Delv Safety Grade: B

Score 71/100 · assessed 2026-04-18

Maintainer75
Permissions35
Supply chain80
Transparency90
Incidents75

OpenHands (formerly OpenDevin) is an open-source autonomous coding agent platform maintained by All Hands AI, a venture-backed startup. The project shows strong transparency with active development, comprehensive documentation, and a large community (28k+ GitHub stars). However, it requests extremely broad permissions: full filesystem access, arbitrary shell execution, browser control, and network access. This is inherent to its design as an autonomous coding agent that can modify codebases and execute commands. The maintainer is a legitimate startup but relatively new (founded 2024), creating some organisational risk. Supply chain is reasonable via Docker and pip, though the agent's ability to execute arbitrary code means traditional sandboxing is limited. A security incident in mid-2024 involved exposed API keys in logs, which was addressed. Suitable for experienced developers who understand the security implications of autonomous agents with broad system access.

Green flags

  • Fully open source with active development and 28k+ GitHub stars
  • Comprehensive documentation and transparent security practices
  • Distributed via standard package managers (pip) and Docker
  • Active community with responsive issue tracking and changelogs
  • Clear disclosure of capabilities and permission requirements

Red flags

  • Full shell execution and filesystem write access with minimal sandboxing
  • Browser control capabilities extend attack surface significantly
  • Security incident in 2024: API keys exposed in logs (since patched)
  • Relatively new organisation (2024) with moderate bus factor risk
  • Autonomous agent can make arbitrary code changes without approval gates

Permissions requested

Read filesWrite filesDelete filesShell executeOutbound networkBrowser controlRepo readRepo write
Assessed by Delv Editorial using public metadata. Grades are advisory and update as the ecosystem changes. They do not replace your own review of permissions and code before granting an agent access to sensitive systems.

Pricing

FREEMIUMFree OSS, paid cloud

Platforms

cliwebapi

Review

OpenHands is what you get when you stop pretending AI can code autonomously and start building the scaffolding to make it actually work. It's a platform that wraps models (Claude, GPT-4, etc.) with a sandboxed environment where they can edit files, run tests, browse docs, and iterate without you babysitting every step. The open-source core is MIT-licensed; the cloud version handles hosting and queuing. I've used it to migrate a Flask app to FastAPI. You point it at the repo, describe the goal, and it starts proposing changes, running tests, fixing failures. The autonomy isn't magic - it's a loop of plan-execute-check with visibility into what broke. When it works, you save hours of grunt work. When it doesn't, you're debugging its decisions, which is still faster than doing it yourself but not zero-effort. The killer feature is the multi-agent mode. You can spin up parallel instances to tackle different modules simultaneously, then merge results. For large refactors or legacy codebases, this is legitimately useful. I've seen it handle a monorepo migration where one agent updated imports while another rewrote tests. It's not flawless - merge conflicts happen - but it's faster than sequential work. Failure modes: it struggles with ambiguous requirements and will happily rewrite working code if you're vague. It also burns through API tokens fast on complex tasks. The browser integration is clever for scraping docs or checking deployment, but it's slow and occasionally gets stuck in loops. You need to set clear success criteria or it'll iterate forever. Compared to Devin (the closed-source competitor), OpenHands is rougher but more transparent. You can see exactly what it's doing, tweak prompts, and self-host if you're paranoid about code leaving your network. Devin is slicker but costs more and locks you into their infrastructure. For teams that want control and don't mind some assembly required, OpenHands wins. The freemium model is fair: open-source for self-hosting, paid cloud for convenience. If you're already paying for Claude or GPT-4 API access, the incremental cost is reasonable. Just budget for token spend - complex tasks can rack up bills quickly.
Verdict

Best for teams doing large refactors, migrations, or parallel development work who want transparency and control. Skip it if you need polished UX or can't afford to review its output carefully. Self-hosters and open-source advocates will appreciate the MIT licence.

Good at

  • Multi-agent mode genuinely speeds up parallel refactors and migrations
  • Open-source core with self-hosting option for security-conscious teams
  • Sandboxed environment lets it safely run tests and iterate on failures
  • Transparent execution logs make debugging easier than black-box competitors
  • Works with multiple LLM providers so you're not locked to one vendor

Watch out

  • Burns through API tokens quickly on complex tasks, costs add up
  • Browser integration is slow and occasionally gets stuck in loops
  • Requires clear requirements or it will iterate endlessly without progress
  • Self-hosting setup is non-trivial, cloud version queues can be slow
  • Not as polished as closed-source competitors like Devin

Use cases

  • autonomous coding
  • legacy migration
  • parallel agents