Skip to main content

How we make sure your code never leaves your machine

An allowlist limits every payload to counts and metadata, and a built-in privacy test proves your code, prompts, and AI responses never leave your machine.

Written by Alex C

How we make sure your code never leaves your machine

ATTRIBUT never transmits your source code, file contents, diffs, prompts, or AI responses. This isn't just a policy — it's enforced by two things built into the local collector that runs on your machine: an allowlist that limits every outbound payload to counts and metadata, and a privacy test that proves nothing sensitive can leak.

What the collector is allowed to send

The collector runs locally on your machine and only ever reads an allowlist of numeric and metadata fields. Every payload is validated against a frozen schema before it's sent, so a field that isn't on the allowlist has no path to leave your machine. In practice, this means a session report only ever contains things like:

  • Token counts

  • Tool-usage counts

  • Line-change counts

  • Timing

  • Model name

  • Branch

  • Commit SHA

  • Repo path

  • Session title

Everything else — your source code, file contents, diffs, prompts, and the AI's responses — is read only long enough to count it, and is never stored or transmitted.

Proven, not promised: the privacy test

Because the collector's source is public, this isn't something you have to take on trust. A built-in privacy test plants secret marker strings into every sensitive field — prompts, responses, file contents, and tool inputs — and then checks the exact payload the collector would send. The test passes only if none of those markers show up anywhere in it. That turns "we don't collect your code" from a claim into something that's checked automatically, every time the collector changes.

You can run this same kind of check yourself, on your own sessions, using the CLI's built-in audit command. See "Verify it yourself with attribut audit" for the full walkthrough of running the audit and reading its output.

Why this matters

ATTRIBUT's whole job is to measure how AI-assisted work happens — token counts, timings, which tool was used, which commit it touched — not to read or store the work itself. Keeping code, prompts, and responses off the wire entirely means there's nothing sensitive in transit or at rest to protect, audit, or ever accidentally expose.

Did this answer your question?