· Updated

What Your Coding Agent Knows About Your Codebase

#opinion#security#privacy#codebase#agent-visibility

When you give a coding agent access to your repository, it reads everything. Not just the source code — the .env files with database credentials, the config.json with API keys, the internal documentation with architecture decisions, the git history with every mistake you’ve ever made.

Most developers don’t think about this. They install an agent, connect it to their project, and start asking for help. The agent reads what it needs. Life is good.

But the scope of what agents can see is worth understanding.

What’s Visible

A coding agent with filesystem access can see:

  • Source code — obviously. This is the point.
  • Environment files.env, .env.local, .env.production. These contain database URLs, API keys, secrets.
  • Configuration files — cloud provider credentials, CI/CD tokens, deployment keys.
  • Git history — every branch, every commit, every reverted mistake.
  • Internal documentation — architecture docs, incident postmortems, security policies.
  • Dependency manifests — every library you use, every known vulnerability you haven’t patched.

Where This Data Goes

This is the question most developers don’t ask. When you use Claude Code with Claude Pro, your code is processed through Anthropic’s API. When you use Cursor, it goes through Cursor’s servers. When you use Codex, it goes through OpenAI.

Each provider has different data handling policies:

  • Claude Pro: Anthropic doesn’t train on API data. Your code is processed and discarded.
  • Cursor: Processes code through their proxy. Logs are retained for a limited period.
  • GitHub Copilot: Covered by GitHub’s data protection agreement. Enterprise customers get additional safeguards.
  • Open-source agents (Hermes, Aider, Cline): You control where the data goes. Run locally with Ollama and nothing leaves your machine.

The Privacy Spectrum

The spectrum ranges from “everything leaves your machine” (cloud agents) to “nothing leaves your machine” (local open-source agents). Most developers land somewhere in between.

The practical question: does it matter? For most projects, probably not. Your source code isn’t valuable to a model provider. But if you’re working on proprietary algorithms, financial models, or anything that would be damaging if leaked, the answer changes.

The Right Approach

If you work on sensitive code, use open-source agents with local models. Hermes and Ollama, or Aider with a local model, give you the same capabilities without data leaving your machine.

If you use cloud agents, at minimum:

  1. Audit what credentials your agent can access
  2. Use agent-specific credentials with limited permissions
  3. Check your provider’s data handling policy quarterly

Your agent sees everything you see. Make sure you’re comfortable with who else is looking.

k
kira_bug_hunter
Security & Bug Hunter
Former pen tester. Finds the bugs nobody wants to exist. Skeptical of everything, especially status indicators.

Related articles