security
Security & data handling
The shortest possible answer: your code stays on your laptop, your Anthropic key stays in your shell, and we never see either. This page is the long version of that answer — every boundary, every retention window, every claim a security review will ask about.
Your code never leaves your machine
The pipemason runner is a local binary. It clones nothing, uploads nothing, mirrors nothing. When the runner needs an AI agent to act on your code, it sends a prompt to your Anthropic account (using a key you export in your shell) and receives a response. The pipemason cloud is not part of that loop.
When the runner pushes a branch and opens a PR, it does so using your GitHub credentials via the standard git and gh CLIs already on your machine. Code goes from your laptop directly to GitHub. The pipemason cloud is not in that path either.
What we do see
The pipemason control plane stores a small amount of run metadata so the dashboard, notifications, and team views work. Specifically:
| Data | Why we have it | Retention |
|---|---|---|
| Your email + Clerk user id | Sign-in and account ownership | Life of account |
| Run/program ids + status (pending/running/complete/failed/cancelled) | Live dashboard, list views | Life of account |
| Run/program metadata: ticket name, branch name, base branch, current phase, started/ended timestamps | Live dashboard, audit views | Life of account |
| Aggregate counters: iterations, tokens in/out, cost estimate (USD) | Cost dashboards, billing reconciliation | Life of account |
| Repo id + name (only repos you explicitly connect) | Routing dashboard views to the right repo | Until you disconnect |
| Notification rows (system messages, run.complete events) | In-app notifications tab | 90 days |
| Pairing tokens (short-lived, per-runner) | Authenticating the local runner against your account | Single-use, 5-min TTL |
What we don't see
- Your source code. No file contents touch our servers.
- Your prompts to Anthropic. Agent prompts and completions go directly between your runner and your Anthropic account.
- Your Anthropic API key. Read from
$ANTHROPIC_API_KEYby the local runner. Never transmitted to us. - Your tokens or completions. We see aggregate counters (how many tokens, what it cost) for billing reconciliation. We don't see the content.
- Your environment variables or secrets. The runner reads from local shell env; nothing is exfiltrated.
- The contents of your
.pipeline/directory. Everything frozen there (spec.md, contracts, iterations.log) lives on your laptop and in your git repo. Not on our servers.
What WebSockets carry
When you watch a run live, your browser opens a WebSocket to the pipemason cloud. That connection carries state events only — phase transitions, status changes, counter updates — not code, not prompts, not completions. The events are authenticated with a short-lived JWT (60-second TTL) per request, over TLS 1.3.
BYO Anthropic, on purpose
We deliberately don't broker your AI inference. Two reasons:
- Your key, your bill, your audit trail. Token spend lands on your Anthropic invoice, not ours. You can see every call on your Anthropic console and audit anything you suspect.
- One less party in the loop. If pipemason never holds the key, there's no way for a pipemason breach to expose your AI usage. The blast radius of compromising our servers is run metadata — not your code, not your model traffic.
Account, deletion, export
- You can disconnect any repo on /dashboard/settings; we drop the repo id immediately.
- You can export your run metadata as JSON via
/api/account/export(linked from settings). - You can delete your account from the same page. We hard-delete account-level data within 7 days; aggregate billing records are retained for tax purposes per applicable law.
Transport & authentication
- All API + WebSocket traffic is TLS 1.3.
- Identity is Clerk (the same provider behind major SaaS auth).
- The runner authenticates via a per-machine pairing token bound to your account.
- Every API call carries a short-lived JWT (60-second TTL); cached tokens cannot be replayed past their expiry.
Code & binary integrity
- The runner ships as a signed single-file binary. The
curl ... | bashinstaller self-verifies the signature against an embedded public key before extracting. - Homebrew installs from the official
crashbytes/taptap; the formula points at SHA-pinned release artifacts. - Each release is published with provenance metadata that ties it to the source commit and build workflow.
Compliance posture
Pipemason is an early-stage product. We don't yet hold SOC 2, ISO 27001, or HIPAA attestations. The architectural choices above (BYO Anthropic, code never leaves your machine, minimal metadata footprint, encryption in transit, short-lived JWTs) are deliberately the ones a SOC 2 audit would ask for; we'll pursue formal attestation when customer demand justifies the engineering investment.
If you need a specific compliance commitment for a procurement review, reach out via the feedback channel and we'll talk about what's realistic.
Note