Security & data handling

CodeLoop is designed so the smallest possible amount of data ever leaves your machine. This page documents exactly what does, what doesn't, and the controls available to you. If you have a compliance question that isn't answered here, write to security@codeloop.tech.

Summary

• Source code never leaves your machine.Verify, diagnose, gate-check, screenshots, recordings — all run locally.
• No LLM tokens consumed by CodeLoop. The agent reasoning is done by your existing AI agent (Cursor, Claude Code). CodeLoop adds zero AI compute cost and never proxies prompts.
• Only metered usage events leave the machine.Counts (verify runs, screenshots captured, video minutes) and timing — never source files, screenshots, or logs.
• Self-host is supported. One docker compose up and the API, dashboard, and storage all live on your infrastructure. See Self-host runbook.

What stays local

What gets transmitted

Two endpoints on api.codeloop.tech:

1. Auth + key validation

• On first install and once per process restart, the MCP server posts your CODELOOP_API_KEY to POST /v1/keys/validate. The response is the resolved plan and remaining quota.
• The response is cached in memory; no key is sent again until the process restarts or the cache expires (1 hour).
• Keys are stored at rest as Argon2id hashes. The plaintext is shown to you exactly once at creation time and never logged.

2. Usage metering

• On every verify, screenshot, recording, and gate run, the MCP server batches a counter event with these fields and nothing else: { kind, count, project_hash, ts }.
• project_hashis the SHA-256 of the project directory path — deterministic per machine, but not reversible to a human-readable name.
• Events are flushed every 30 s or on process exit, whichever comes first. Set CODELOOP_OFFLINE=true to skip transmission entirely; usage is queued locally and flushed the next time the process runs online.

We do not transmit:

• File names, file contents, log lines, error messages.
• Screenshot pixels, video bytes, baseline images, design references.
• Repo URLs, branch names, commit hashes (unless you explicitly opt into the GitHub Action's badge feature, which posts only the gate score and run id).
• Stack traces or any telemetry beyond the counters above.

API keys

See API Keys for the full management workflow. Security-relevant points:

• Keys are formatted cl_live_* (production) or cl_test_* (self-hosted dev). The prefix is intentionally short and stable so tooling like git secrets and TruffleHog can detect leaked keys in commits.
• GitHub's push protection has a regex registered for cl_live_ keys; pushing one to a public repo is blocked at the server before it ever lands on disk.
• Rotate from the dashboard or with npx codeloop auth --rotate. The old key is revoked immediately.
• We send a one-time leaked-key alert email to the account owner when a key shows up in a public source (we monitor commits via the GitHub secret-scanning partner program).

Cursor extension

The Cursor extension is local-only. It writes the global User Rule and the MCP config to files in ~/.cursor/ and never makes outbound network requests of its own. Telemetry would arrive at the server only through the MCP server (subject to the same usage metering limits above).

Dashboard

npx codeloop dashboard starts a Next server on localhost:3737 bound to the loopback interface. There is no auth and no telemetry; everything it shows is read from artifacts/runs/ on the same host. --share spawns a temporary cloudflared tunnel; the tunnel terminates when you stop the dashboard, and Cloudflare logs only the tunnel metadata (not the dashboard contents).

GitHub Action

The CodeLoop Verify Action runs the same MCP / CLI surface inside your GitHub-hosted runner. Two extras to be aware of:

• Sticky PR comment— posts to your repo via the built-in GITHUB_TOKEN. The body includes the gate score, the failing gates, and a link to the run page on codeloop.tech/showcase (only public if you opt in).
• Verified by CodeLoop badge — publish-badge: true uploads only the gate score, run id, and a SHA-256 of the project directory. No file contents are transmitted. Set publish-badge: false to keep the score local.

Visual review & design compare

Both run locally. Pixel diffs, motion checks, and baseline comparisons are computed on your machine. The Figma path of design compare uses your FIGMA_API_TOKEN to fetch frames directly from api.figma.com— CodeLoop never proxies the request. See Design compare.

Self-host (zero data exfiltration)

For air-gapped, regulated, or very-large environments, run the entire stack on your own infrastructure with one Docker Compose file. In local mode the API skips the public auth + billing endpoints entirely; any cl_test_* key is accepted, and no metering events ever leave your network. See the full Self-host runbook.

Compliance posture

• SOC 2 Type II— in progress; expected report early 2027. Email security@codeloop.tech for the Vanta trust report URL.
• GDPR— we are the data controller for account data only (email, billing, key hashes). All run data stays on your machine. EU customers can request export / deletion at any time from the dashboard.
• HIPAA / FedRAMP— run with self-host inside your existing compliance boundary. CodeLoop has no business associate agreement requirements because it never receives PHI.
• EU data residency— the public API runs in AWS eu-west-1 for EU-region accounts. Choose region when creating your account.

Reporting a vulnerability

Email security@codeloop.tech. We acknowledge within 24 hours and aim to ship a fix within 7 days for high-severity findings. Coordinated disclosure encouraged.

Related

• API keys
• Self-host runbook
• Billing & usage
• /security.txt— canonical security contact file (RFC 9116).