π©Ί Vitals
- π’ Last active: 2026-07-07
- π¦ Latest release: cloud-1.41.0 (2026-07-06)
- π Open issues: 351
- π Stars: 79.7k
What do these metrics mean?
- Last active: when code was last pushed, as of our last check. The dot is green when that was recent, grey otherwise. A long gap can mean a tool is finished and stable, not only unmaintained.
- Latest release: the most recent tagged, packaged version the maintainers published. Not every healthy project tags releases.
- Open issues: unresolved reports and requests. A high number is normal for a popular project and is not a warning on its own.
- Stars: how many people bookmarked the project on its forge. A rough popularity signal, not a measure of quality.
ποΈ Profile
- Official: openhands.dev
- Source: github.com/OpenHands/OpenHands
- License: MIT (Core) / Polyform Free Trial (Enterprise)
- Deployment: Docker | Kubernetes
- Data Model: Local File Mounts / Docker Volumes
- Jurisdiction: United States πΊπΈ (All Hands AI, Inc., VC-backed)
- Compliance (SaaS): N/A
- Compliance (Self-Hosted): Self-Hosted (User Managed)
- Complexity: High (4/5) - Sandboxed Docker/K8s runtime for untrusted code
- Maintenance: Medium (3/5) - Container image and model config upkeep
- Enterprise Ready: Medium (3/5) - SSO, RBAC & audit logs gated behind commercial tier
1. The Executive Summary
What is it? OpenHands is an autonomous AI software-development agent: hand it a task or a GitHub issue and it plans, writes, runs, and debugs code inside a sandboxed Docker runtime, iterating until tests pass. It is model-agnostic β bring your own LLM key, including local models β and because it operates on local file mounts, the source code it generates never leaves your machine. It leads the open field on SWE-bench-style task-resolution benchmarks. The catch is the licensing seam: the core is genuinely MIT, but the controls an organization needs to run it at scale are not.
The Strategic Verdict:
- π΄ For teams needing governed multi-seat rollout out of the box: Caution. SSO, RBAC, audit logs, LLM budgeting, and prompt-injection guardrails are gated behind the commercial Polyform-licensed enterprise tier. The MIT core is built around the individual developer.
- π’ For sovereignty-focused engineering teams running their own models: Strong Buy. Code execution and source stay inside your perimeter, the model choice is yours, and there is no per-task metering like the proprietary incumbents charge.
2. The "Hidden" Costs (TCO Analysis)
| Cost Component | Devin (SaaS) | OpenHands (Self-Hosted) |
|---|---|---|
| Agent Access | Monthly subscription plus metered per-task compute (ACU) consumption | Free MIT core; you pay only your own LLM API tokens or local model compute |
| Code & Data Residency | Source and execution run in the vendor's cloud | Sandboxed runtime on your own Docker / Kubernetes; code stays on local mounts |
| Enterprise Controls | Bundled into enterprise plans | SSO, RBAC, audit logs, and budgeting gated behind the commercial OpenHands enterprise tier |
3. The "Day 2" Reality Check
π Deployment & Operations
- Installation: Docker is the core dependency β the agent spins up a sandboxed container to execute LLM-generated code, run from the CLI, headless, or a web UI. Point it at your own LLM API key or a local model. The enterprise tier adds a Kubernetes-native runtime for concurrent, isolated agent sandboxes.
- Scalability: Single-developer use runs locally on one machine; org-scale concurrency depends on the enterprise Kubernetes runtime to schedule and isolate agent sandboxes safely.
π‘οΈ Security & Governance (Risk Assessment)
- Jurisdiction & the CLOUD Act: All Hands AI, Inc. is US-domiciled, so any managed or SaaS use carries CLOUD Act exposure. Self-hosting the MIT core removes vendor-held data from scope entirely β there is nothing in the vendor's hands to subpoena.
- The Compliance Shift & Untrusted Code Execution: OpenHands executes LLM-generated code, so the security burden is unusually concrete. You own the Docker / Kubernetes sandbox hardening, container isolation, data persistence, and RBAC. A misconfigured sandbox is a direct remote-code-execution risk, not merely a compliance checkbox.
- The Open-Core Trap: The core is genuinely MIT, but the controls an enterprise actually needs β SSO, RBAC, audit logs, LLM budgeting, prompt-injection guardrails β sit under a commercial Polyform Free Trial license. Sovereignty is real for an individual developer; at organizational scale you either build those controls yourself or pay the enterprise tax.
4. Market Landscape
π’ Proprietary Incumbents
- Devin: The benchmark-setting autonomous software engineer, but fully cloud-hosted with subscription plus per-task metering and no self-hosting path β source and execution live in the vendor's cloud.
- Cursor: An AI-native IDE with an agent mode. Faster for in-editor, human-in-the-loop edits, but code and context flow through its cloud rather than a sandbox you control.
π€ Open Source Ecosystem
- Cline: IDE-embedded agentic coder (bring-your-own-key). More interactive and human-in-the-loop than OpenHands' fully autonomous, sandboxed task resolution.
- Goose: Block's local, model-agnostic agent for engineering tasks. Shares the sovereignty stance but is less specialized around sandboxed, full-issue resolution.