Skip to content

Security: FiSSel72/ai-codekeep

Security

SECURITY.md

Security & privacy

  • No telemetry, no network calls, no accounts. Everything ai-codekeep does is a local git invocation and a local JSON file write. What leaves the machine is what git pushes: your commits (which carry the trailers) and .ai-codekeep/config.json. The derived caches (ledger.json, state.json) are auto-gitignored and never leave your machine.
  • .ai-codekeep/ledger.json is a plain-text file. Change-Reason trailers and ledger history[].reason entries are free text supplied by a human or inferred from an issue/PR title. Treat them like any other commit message: don't put secrets, tokens, or credentials in a change reason. If your team has compliance requirements around commit message content, those requirements apply here too — this skill introduces no new leakage path beyond ordinary git usage, but also no redaction of its own.
  • Reading git-ai / whogitit notes is read-only. bin/ledger.mjs never writes to refs/notes/ai or refs/notes/whogitit; it only reads them if present, so it can't corrupt data those tools own.
  • Opt-in by design. A repo with no .ai-codekeep/config.json is treated as off — no files are created, no commit trailers are added, until someone explicitly runs ai-codekeep mode <level>.
  • Not an individual performance signal — by policy, not by cryptography. The ledger tracks files, not people: history[].author is always "ai" or "human", never an identity, and there is no per-engineer aggregation anywhere in the tool. Be clear-eyed about what that does and doesn't protect: trailers are attached to ordinary git commits, which carry author names, so plain git log can correlate AI share with individuals regardless of what this tool does. ai-codekeep's contribution is refusing to build or normalize that view — it wasn't designed or validated for performance evaluation, and using commit data that way is the exact misuse the SPACE framework warns against. If that boundary matters in your org, enforce it as a working agreement.

Found a security issue? Open an issue on the repo rather than a PR with the details, so it can be triaged privately first.

There aren't any published security advisories