xAI — now rebranded SpaceXAI — has published the source code for Grok Build, its terminal coding agent, under the Apache 2.0 license on GitHub. Two things matter before you get excited. First, what went open source is the agent harness and TUI code written in Rust — not the model. The model behind it, grok-build-0.1, is still a paid, closed API. Second, the release landed within days of researchers catching the same tool uploading entire git repositories to its cloud storage, and that upload code is still sitting in the tree that was just opened.
What SpaceXAI actually open-sourced
The xai-org/grok-build repository is a full-screen terminal coding agent — it reads a codebase, edits files, runs commands, searches the web, and manages tasks either interactively or headlessly. The GitHub page lists it as 99.6% Rust under the Apache 2.0 license; as of July 16, 2026 it shows 8.1k stars and 1.3k forks, and its history is a single squashed commit labeled "Publish harness and TUI open-source" — so you're reading the shipped client, not its development history.
What is not in the repo is the intelligence. Grok Build is powered by grok-build-0.1, and that model stays behind the company's paid API. This is the distinction that trips people up:
grok-1 (2024) was an open-*weights* release — you could download and run the model yourself.
grok-build (2026) is an open-*source client* — you can read and modify the tool, but it still calls a proprietary model over the network.

If your goal was a fully local, self-hosted Grok, this release doesn't get you there. If your goal was to audit and extend the tool that talks to your files, it does.
The privacy incident behind the timing
The open-sourcing didn't happen in a vacuum. According to The Hacker News, on July 14, 2026 a researcher publishing under the handle cereblab routed Grok Build through an intercepting network proxy and documented what the client sent.
The finding: the client packaged the entire tracked git repository — full commit history included — and uploaded it to a Google Cloud Storage bucket named grok-code-session-traces. In one test against a 12 GB repository, the report measured 5.10 GiB going up while actual model traffic was only around 192 KB. The upload swept in files the agent never opened (a canary file planted at src/_probe/never_read_canary.txt still made the trip) and sent .env contents unredacted, including test values labeled API_KEY and DB_PASSWORD.
The opt-out most people would reach for didn't cover this. The "Improve the model" toggle governs whether your data trains the model — it does not govern whether your code leaves the machine. Per the same report, the behavior was observed in version 0.2.93 and the upload code was still present in build 0.2.99.
The company's response, as documented in that reporting: on July 13 it disabled the uploads server-side rather than through a client update, communicated via social media rather than a formal security advisory, and added a /privacy command so users can turn off retention. Elon Musk stated that previously uploaded data would be "completely and utterly deleted." No CVE was assigned.
What the open code lets you check
This is the practical payoff of the release. Before it, the only way anyone confirmed what Grok Build sent was to sit a proxy between the client and the network and read the wire traffic. Now the client is public, so the packaging and upload logic can be read directly instead of inferred.
And reading it reveals something the server-side fix obscures: disabling the uploads is not the same as removing the code. The upload path still exists in the released tree — switched off from the company's end, not deleted from the client. A server-side flag can be flipped back; code that isn't there can't run at all. For sensitive work, "trust us, it's off" and "the capability is gone" are different guarantees, and open source is what lets you tell them apart.
The practical checklist when you vet any coding agent that talks to a cloud model:
What leaves the machine, and when — only files the agent reads, or the whole repo?
Does the privacy opt-out actually stop network egress, or only stop training?
Can you verify the answer yourself — proxy capture, source code, or just a policy page?
How are secrets handled — is anything scanning for and redacting
.env-style files before upload?
How to install and run Grok Build
The fastest path is the official installer, which pulls a prebuilt binary shipped as grok:
# macOS / Linux / Git Bash
curl -fsSL https://x.ai/cli/install.sh | bash
grok --version
# Windows PowerShell
irm https://x.ai/cli/install.ps1 | iexTo build the open-source client yourself from the repo, you need Rust (pinned in rust-toolchain.toml, so rustup handles the version) and protoc for proto codegen. Building is supported on macOS and Linux:
cargo run -p xai-grok-pager-bin # launch the TUI
cargo build -p xai-grok-pager-bin --release # release binary
cargo check -p xai-grok-pager-bin # validate the buildOn first launch, Grok Build authenticates through your browser rather than a pasted API key. The artifact is named xai-grok-pager internally and ships as grok in the official builds — useful to know when you're reading the crate layout.
What it costs to use
Open source makes the client free; running it is not, because the model is metered. On OpenRouter's listing, grok-build-0.1 is priced at $1 per million input tokens and $2 per million output tokens, with a 256K-token context window, support for text and image inputs, and a listed release date of May 21, 2026. Prompt caching can cut effective input cost by roughly 60–80% on repeated context, which matters a lot for a coding agent that re-sends the same files across a session.

Because grok-build-0.1 speaks a standard chat-completions API, it's reachable through model routers and API gateways as well as directly from SpaceXAI, which is convenient if you already run several providers behind one key. AIReiter is one such Anthropic-compatible gateway that can route to Grok among other models. Whichever path you take, confirm current per-token rates at the source before relying on a single figure, since gateway pricing can differ from the vendor's own.
Should you use Grok Build now?
A grounded verdict: Grok Build is worth trying, with conditions.
Reasons to use it. The client is fast (native Rust, full-screen TUI with mouse support), it's genuinely open under Apache 2.0 so you can read and fork it, and grok-build-0.1 is tuned specifically for agentic coding with a 256K context. For solo projects, throwaway repos, and public codebases, the recent incident carries little practical risk.
Reasons to be careful. The upload code remains in the released tree, disabled server-side rather than removed. The model is closed, so you're still trusting a network service with whatever the client sends. For private company repositories or anything under NDA, treat it the way you'd treat any tool that recently shipped a broad data-egress default.
How to verify before trusting it with real code. Because the client is now open, you can git clone the repo and search the source for the upload path and the grok-code-session-traces bucket name rather than taking the fix on faith. For a live check, point Grok Build at a throwaway repo while routing it through an intercepting proxy (or block the storage bucket's domain at your firewall) and watch whether anything beyond model traffic leaves the machine. Run /privacy to disable retention, and keep it off private repos until you've confirmed the behavior yourself.
If you compared coding CLIs earlier and wrote Grok Build off as closed, that's now out of date — the same way Codex and Claude Code differ in openness and workflow, Grok Build has moved from proprietary to open source, which changes how you can vet it even if the model behind it hasn't changed.
Frequently asked questions
Is there an open source Grok model?
Partly. The Grok Build *client* is open source (Apache 2.0) as of July 2026, and grok-1's *weights* were released back in 2024. But grok-build-0.1, the model that powers Grok Build today, is not open — it runs only through SpaceXAI's paid API.
Is Grok Build free?
The tool is free: you can install the binary or build the open-source client at no cost. Using it is not free, because it calls grok-build-0.1, which is billed per token. There's no local model included.
How much does grok-build-0.1 cost?
OpenRouter lists it at $1 per million input tokens and $2 per million output tokens, on a 256K context window. Reusing the same context across a session benefits from prompt caching, which the listing says can lower effective input cost substantially.
Can I use Grok to build an app?
Yes — that's the point of Grok Build. It's an agentic coding tool that reads your codebase, edits files, and runs commands from the terminal. If you'd rather build your own agent loop, you can also call grok-build-0.1 directly over its API.
Does open source mean my code stays private now?
No. Open source means you can *inspect* what the client does with your code; it doesn't automatically stop data from being sent. After the July 2026 incident, SpaceXAI disabled the full-repo upload server-side and added a /privacy command, but if you used Grok Build on a private repo before that, check your settings and retention options rather than assuming the release fixed it for you.
