Security
Effective date: June 20, 2026
Codey is designed from the ground up with security as a core architectural principle — not an afterthought. Because Codey runs locally on your machine and connects to AI providers you control, the attack surface is fundamentally smaller than cloud-based alternatives.
Local-First Architecture
Unlike cloud-based AI coding tools, Codey does not send your code to our servers. Your source code, project files, and git history never leave your machine unless you explicitly send them to a third-party AI provider through a direct API connection.
- Your code executes locally in your terminal, desktop, or IDE.
- No code uploads to Codey infrastructure at any point.
- No server-side code storage or processing.
- Offline-capable: works without internet when using local models.
Bring Your Own Key (BYOK)
Codey uses your own API keys to communicate directly with AI providers. This means:
- No proxy layer. Your requests go directly from your machine to the provider. Codey never sits in the middle.
- Local key storage. API keys are stored on your device using platform-native secure storage. They are never transmitted to Codey servers.
- Provider freedom. Switch between 70+ providers, use local models via Ollama, or run air-gapped with zero external connections.
Permission System
Codey operates a strict, configurable permission system that prevents unauthorized actions:
- allow —The tool runs automatically without prompting.
- ask — Codey asks for your explicit confirmation before executing.
- deny — The tool is disabled entirely.
Permissions can be configured globally and per-project. Bash commands are analyzed for dangerous patterns before execution, and denial rules prevent agents from executing them even through shell scripts.
Filesystem Isolation
Codey enforces strict filesystem boundaries. Subagents and AI sessions are sandboxed to your active project worktree. They cannot access files outside your working directory unless you explicitly grant broader permissions.
Subagent Security
Codey's multi-agent architecture is designed with security isolation in mind:
- Each subagent operates within defined tool scopes.
- Read-only agents cannot modify files.
- Subagent context is isolated — one agent cannot read another's conversation.
- All subagent actions are logged and visible in the terminal UI.
MCP Server Security
Model Context Protocol (MCP) servers extend Codey's capabilities. Security considerations:
- Local MCP servers run as subprocesses with explicit configuration.
- Remote MCP servers support OAuth PKCE authentication flow.
- OAuth tokens are stored locally in your machine's secure storage.
- You control which MCP servers are active — nothing connects without your configuration.
Data in Transit
When Codey communicates with external services, all connections use TLS encryption. Your Codey account sync also uses encrypted channels.
Account Security
For Codey Pro subscribers, account authentication uses secure token-based flows:
- Secure authentication through Supabase with email verification.
- Session tokens with automatic expiration.
- Subscription sync between CLI and Desktop uses authenticated, encrypted channels.
Reporting Vulnerabilities
If you discover a security vulnerability in Codey, please report it responsibly. We take all security reports seriously and will acknowledge receipt within 48 hours.
If you have questions, contact us at team@codeyai.space.