Security & Privacy
Command Code is designed with security and privacy as core principles. Your code stays yours — we never train on it, and you control exactly what Command Code can access.
| What | Stored? | Where | Used for training? |
|---|---|---|---|
| Source code | Never stored | Your machine only | No |
| Taste profile | Local + optional cloud sync | .commandcode/taste/ and commandcode.ai | No |
| Conversation history | Local only | ~/.commandcode/projects/ | No |
| Authentication tokens | Local only | ~/.commandcode/auth.json | No |
| AGENTS.md | Local only | Project root | No |
Command Code uses a permission system that puts you in control of every action. By default, any action that modifies your system requires explicit approval.
Permission Modes
| Mode | File reads | File writes | Shell commands | When to use |
|---|---|---|---|---|
| Default | Allowed | Requires approval | Requires approval | Day-to-day work |
| Plan | Allowed | Blocked | Blocked | Exploring and designing |
| Auto-Accept | Allowed | Allowed | Allowed | Trusted iteration |
Switch modes with shift+tab inside a session, or start with a specific mode:
cmd --plan # Start in plan mode
cmd --auto-accept # Start in auto-accept mode
cmd --permission-mode auto-accept # Start in auto-accept mode (long form)
Project Trust
The first time you run cmd in a project, Command Code asks whether to trust that directory. This prevents accidental execution in untrusted locations.
cmd --trust # Skip the trust prompt
When running in headless mode (cmd -p), all write operations are blocked by default. This keeps CI/CD pipelines and scripts safe.
To enable writes in headless mode, you must explicitly pass:
cmd -p "fix lint errors" --yolo
--dangerously-skip-permissionsis also accepted as an alias.
Command Code connects to the internet for:
- API requests to the AI provider (Command Code or Anthropic)
- Authentication via OAuth (during
cmd login) - Taste sync when you push/pull taste profiles
- MCP servers you explicitly configure
Command Code does not make any network requests for telemetry or tracking without your knowledge. See Telemetry for details on what optional telemetry is collected and how to opt out.
Command Code only accesses files within:
- Your current project directory (where you ran
cmd) - Additional directories you explicitly add with
--add-diror/add-dir - Command Code config in
~/.commandcode/
It does not read files outside these boundaries.
Authentication credentials are stored locally at ~/.commandcode/auth.json. They are never sent to any third party.
If you use BYOK (Bring Your Own Key) with Anthropic, your API key is stored in your environment variables — Command Code does not persist it.
When connecting MCP servers, be aware that:
- MCP tools can access external services (databases, APIs, etc.)
- Each MCP server connection requires explicit setup via
cmd mcp add - OAuth tokens for MCP servers are stored locally
- You can review connected servers anytime with
cmd mcp listor/mcp
Only connect MCP servers you trust.
Command Code creates checkpoints before every file modification. If anything goes wrong, you can instantly rewind to a previous state.
- Press
Esctwice to open the checkpoint selector - Restore files, conversation, or both
- Checkpoints are stored locally and per-session
For organizations with stricter requirements, Command Code Enterprise offers:
- Self-hosted deployment options
- Your code never leaves your infrastructure
- Custom security policies
Contact support@commandcode.ai for details.
- Telemetry for opt-out details
- Pricing & Limits for plan details
- Headless Mode for CI/CD security
- Join our Discord community for support