Skip to content
AI Primer
release

xAI opens Grok Build CLI repo and resets usage limits

xAI released the Grok Build CLI repo and reset usage limits. It says zero data retention was respected, default retention was turned off July 12, and previously retained coding data is being deleted.

5 min read
xAI opens Grok Build CLI repo and resets usage limits
xAI opens Grok Build CLI repo and resets usage limits

TL;DR

The official post names context assembly, model parsing, tool-call dispatch, skills, plugins, hooks, MCP servers, and subagents as inspectable source. The docs show three operating modes: full-screen TUI, headless CLI, and ACP embedding. The wire-level report is the spicy read: a “do not read files” prompt still produced a recoverable git bundle containing the canary file.

Open-source harness

SpaceXAI said it open-sourced Grok Build so developers can inspect and support the harness. The official launch post describes the source as the reference for:

  • context assembly
  • model response parsing
  • tool-call dispatch
  • code reading, editing, searching, and command execution tools
  • TUI rendering, input handling, plan review, and inline diff viewing
  • skills, plugins, hooks, MCP servers, and subagents

The GitHub repo describes Grok Build as a terminal-based coding agent that edits files, runs shell commands, searches the web, manages long-running tasks, and runs interactively, headlessly, or inside editors through the Agent Client Protocol.

Privacy reset

SpaceXAI's July 15 privacy update made five claims:

  • ZDR has been respected since launch.
  • Users have had CLI controls to disable data upload.
  • Early beta retention was enabled by default for non-ZDR users.
  • Default retention was disabled for all Grok Build users on July 12.
  • Previously retained coding data is being deleted.

Earlier, SpaceXAI's /privacy post described the command as a way to disable data retention and delete previously synced data when ZDR is off. In a SpaceXAI reply, the company said changing that setting deletes all previously synced data.

Whole-repo upload finding

The Cereblab analysis is the context behind the open-source move. It tested Grok Build 0.2.93 and reported:

  • Whole tracked repositories, plus git history, were uploaded via POST /v1/storage.
  • Uploads happened independent of which files the agent read.
  • A never_read_canary.txt file was recovered from the uploaded bundle after a prompt told Grok Build not to read files.
  • A 12 GB repo produced about 5.10 GiB of upload data while visible agent output was about 192 KB.
  • The /privacy opt-out affected retention, according to the analysis, rather than blocking the repository from leaving the machine.

The Register story reported that after xAI set disable_codebase_upload to true, Cereblab confirmed whole-repo transfers had stopped. The same story said deletion of previously uploaded data had been promised publicly but could not be independently verified at publication.

Local-first mode

In SpaceXAI's privacy update, local-first appears as a privacy claim: Grok Build can run from open source with a user's own inference.

The Grok Build docs already describe the pieces needed for that workflow:

  • install with curl -fsSL https://x.ai/cli/install.sh | bash
  • start inside a project with grok
  • use an API key in non-browser environments
  • run headlessly with grok -p "Explain this codebase"
  • stream JSON output for scripts and bots
  • configure custom models in ~/.grok/config.toml

The settings docs put configs under ~/.grok/config.toml, project config under .grok/config.toml, and environment overrides under GROK_* variables.

Internal repo with public source

The CONTRIBUTING.md file says SpaceXAI develops Grok Build internally and does not accept external pull requests or unsolicited patches. It frames the public tree as source transparency and local builds under Apache License 2.0.

That makes the repo useful as a harness reference for creators wiring agents into editors, MCP servers, plugins, and local models, even without a normal community PR loop.

Usage limits and app updates

Usage limits were reset for all users in SpaceXAI's open-source announcement. One community thread from AmirMushich joked about switching to Grok Build because other tools were hitting credit pressure, then AmirMushich asked whether it was usable enough to build anything simple.

The quality question was still open in that thread: AmirMushich asked whether speed mattered if output quality was far behind.

The same launch window included mobile and desktop maintenance. steipete said iOS and Android apps were updated, Node was bumped, and users whose autoupdater failed could run the web installer. In a follow-up, steipete said one slipped issue got a regression test.

Security reports

SpaceXAI pointed users to engineers on X and to its bug bounty program through SpaceXAI's bug-bounty note. The repo's CONTRIBUTING.md also tells people to report security issues through SECURITY.md rather than opening public vulnerability issues.

Further reading

Discussion across the web

Where this story is being discussed, in original context.

On X· 4 threads
TL;DR1 post
Privacy reset2 posts
Whole-repo upload finding1 post
Usage limits and app updates4 posts
Share on X