Key Takeaways
– SpaceXAI published the entire Grok Build framework on GitHub under Apache 2.0 on July 15, 2026, about 72 hours after a researcher exposed that the CLI was silently uploading users’ Git repositories.
– The codebase is 844,530 lines of Rust, measured by Simon Willison using his SLOCCount tool, with only about 3% vendored third-party code. The rest is original SpaceXAI implementation.
– The upload function that caused the scandal still ships in the source tree, modified to reverse the default behavior but not removed.
– Grok 4.5 model weights remain closed and proprietary. You get the framework, not the brain.
– The repo pulled 12,100 GitHub stars in under 20 hours. Whether that translates to adoption is a different question entirely.
SpaceXAI dropped 844,530 lines of Rust on GitHub under Apache 2.0 on July 15, 2026. That is the entire Grok Build coding-agent runtime: the terminal UI, the agent loop, the tool implementations. And the extension system for plugins and subagents. Simon Willison ran the codebase through his SLOCCount tool and confirmed that number excludes whitespace and comments. Only about 3% of those lines are vendored third-party code, which means the vast majority is original SpaceXAI code.
That is not a toy release.
But it happened roughly 72 hours after an AI-safety researcher published wire-level evidence that Grok Build was silently uploading complete Git repositories to cloud servers SpaceXAI controls.
This was not on any open-source roadmap. Multiple analysts described the release as a trust-repair move. And SpaceXAI framed it that way themselves.
What Is Grok Build, Actually?
Grok Build is SpaceXAI’s terminal-based AI coding agent.
It runs as a full-screen text interface and can understand a codebase, edit files, execute shell commands, and manage long-running tasks. The open-source repository contains the agent loop, tool implementations, terminal UI. And an extension system for plugins or subagents, all written in Rust.
Here’s the thing: the code is real and readable. Multiple analysts confirmed that after spending time in the repository. But the repo is what one reporter called a squashed monorepo mirror. That means the full commit history is gone. You get one bot-pushed snapshot. You cannot trace how the upload feature evolved, when it was added, or who approved it during private development. The code is inspectable today. Its history is not.
And then there is the model question. The Grok 4.5 model weights, the actual intelligence behind the tool, remain closed and proprietary. SpaceXAI open-sourced the car but kept the engine.
You can inspect every line of the runtime, but you are not getting the model that makes it work.
Why Did SpaceXAI Really Open-Source It?
The short answer is that they got caught. On July 12, 2026, a researcher published wire-level proof that Grok Build was uploading entire directories, including full Git repositories, without clear consent.
The community backlash was immediate and intense.
SpaceXAI responded within days.
They disabled the automatic upload feature, killed default data retention for Grok Build. And then published the full source code as part of what they called a privacy and trust overhaul. SpaceXAI publicly stated: “We’ve open-sourced Grok Build and have reset usage limits for all users.” That framing tells you the motivation. This was damage control executed at a speed that suggests crisis management, not generosity.
But here is the detail that should make you pause. The upload code that caused the scandal still ships in the source tree. It has been altered to reverse the default behavior so uploads are no longer automatic. But the mechanism itself was not stripped out. You are trusting a configuration change, not a code removal. Open-sourcing 844,530 lines of Rust is a rare move for a commercial AI coding tool. And it does make the framework auditable.
But auditable code and trustworthy infrastructure are not the same thing.
Can You Actually Contribute to Grok Build?
No. GitHub issues are disabled. Pull requests from the community are rejected. External contributions are closed.
So what you have is not open source in the way most developers use that phrase. You can read the code. You can fork it under Apache 2.0 terms. You cannot participate in its development, file bugs, or submit fixes. It is source-available under a permissive license, which is meaningfully better than closed. But it is not community-governed. And the distinction matters when the tool in question was caught uploading repositories to cloud servers.
The repo hit 12,100 stars in under 20 hours. That is genuine developer curiosity. But stars are not adoption. The gap between bookmarking a repository and running it on real client work is where trust lives. And trust is exactly what this scandal burned through.
What Should Small Operators Do About It?
If you run a small agency or ship client work using AI coding tools, the Grok Build story is your warning about filesystem access.
A tool that reads your code can exfiltrate your code. The fact that SpaceXAI published the source does not retroactively undo the fact that the upload function existed, shipped. And ran silently on real developer machines before anyone noticed.
My recommendation is to sandbox every AI coding agent that touches your filesystem. Run them in containers. Use isolation tools like bubblewrap so the agent cannot reach outside its working directory. If you want open source that is actually community-governed, look at tools where the contribution model, issue tracker. And decision-making process are all open, not just the license file.
The Grok Build codebase is impressive engineering by any honest measure. 844,530 lines of clean Rust with only 3% vendored is genuinely rare in the AI tooling space. And the architecture, with its extension system and terminal UI, shows real engineering discipline. But impressive code from a company that just spent 72 hours scrambling to repair trust after silently uploading developer repositories deserves scrutiny, not celebration.
Check your git logs for unexpected uploads.
Audit every AI tool that has filesystem access to your client repositories. And if you are evaluating Grok Build for production use, read the source before you install the binary. That is exactly what the source is there for.
