Skip to main content
Cody CLI Docs

Security

Cody CLI runs with access to your local filesystem and can execute shell commands. Understanding the security model helps you use it safely.

Trust Model

Cody distinguishes between trusted and untrusted content:

  • Trusted — Files you explicitly open or reference, your own CODY.md.
  • Untrusted — External includes, web content, third-party files.

Cody will prompt before including untrusted content in its context.

Permission Prompts

By default, Cody asks for confirmation before:

  • Running bash commands
  • Writing or modifying files
  • Accessing files outside the current project
  • Making network requests

You can grant permanent permissions per-path or per-tool in settings.

API Key Security

  • Never commit API keys to version control.
  • Use environment variables: ANTHROPIC_API_KEY
  • AINative keys use the sk_ prefix — never share them.
  • Rotate keys at ainative.studio/dashboard/api-keys

Data & Privacy

  • Conversation content is sent to the AINative gateway for LLM processing.
  • File contents are only sent when you explicitly reference them.
  • Session transcripts are not stored by default.
  • You can opt out of analytics in settings: "sendCrashReports": false

Reporting Issues

Report security issues to security@ainative.studio.