CoopAI

Security architecture

Zero-clone indexing, credential storage, and data handling.

Last updated: 2026-07-15

CoopAI is built for teams that cannot send full repo clones to third-party AI services.

Zero-clone architecture

Repository metadata, ownership graphs, and dependency signals are built from webhooks and background index jobs — not full monorepo copies on every developer laptop.

Your source code stays on your infrastructure (GitHub, GitLab, self-hosted git).

What Coop stores

DataStored wherePurpose
Repo metadata & graphCoop server (or your self-hosted instance)Quick actions, search, completions
Integration tokensEncrypted on Coop serverOAuth for Slack, Jira, etc.
API keysHashed in databaseAutomation API access (optional)
User sessionsServer-side / tokenExtension and admin portal sign-in
Chat prompts/responsesSession/stream onlyNot used for model training

See the full Security page for evaluators.

Credential encryption

Integration OAuth tokens are encrypted at rest with CREDENTIALS_ENCRYPTION_KEY on the API server. LLM provider keys stay server-side — never in the VS Code extension in production mode.

Authentication

  • Email + password — default sign-in for extension, admin portal, and website; verification link sent on signup (soft verify — login is not blocked until verified)
  • Google OAuth — same account as signup; requires Google's email_verified flag (email_not_verified if unverified)
  • SSO (SAML) — Enterprise orgs; configured in admin portal (Single Sign On (SSO))
  • Automation API keys — optional Bearer tokens for CI/scripts and direct API calls; not the primary sign-in method
  • Integration OAuth — per-integration browser consent flows (Slack, GitHub, etc.)

Require SSO: when enabled, password and Google sign-in are blocked at login and on /v1/auth/refresh. Coop immediately revokes existing password and Google sessions and refresh tokens for the org; SAML sessions remain valid. Org API keys still bypass requireSso.

Auth rate limiting: login, register, forgot-password, and reset-password — ~20 attempts per 15 minutes per IP+email.

Post-login redirects: session tokens in redirect URLs only go to Coop surfaces (admin portal, marketing site, vscode: / vscode-insiders:) — not arbitrary https:// hosts.

SAML SSO sessions

Enterprise SAML sign-in issues a Coop session token with these properties:

PropertyBehavior
TTLDefault 12 hours (COOP_SSO_SESSION_TTL_MS; falls back to user session default)
RefreshNone — when the session expires, users re-authenticate through their IdP
StorageSession token hashed server-side; raw token only returned once at sign-in
Provider tagSessions created via SAML are tagged authProvider: saml for audit

Shared service provider

Coop runs a single SAML service provider for all Enterprise tenants:

  • One Entity ID and ACS URL per Coop deployment (hosted or self-hosted)
  • Tenant org is resolved from RelayState on callback (base64url JSON with orgId)
  • Each customer IdP application points at the same SP values — org isolation is enforced after assertion validation, not via per-tenant SP URLs

Self-hosted operators set COOP_PUBLIC_BASE_URL (and optionally COOP_SSO_SP_ENTITY_ID) on the API server.

SAML audit events

ActionWhen
auth.saml.loginSuccessful SAML assertion → session issued (includes idpProvider, email)
auth.user.deactivatePOST /v1/auth/saml/offboard by userId or idpSubject
auth.user.reconcile_offboardingOffboard with activeSubjects (SCIM-style sync)

View audit history in the admin portal Audit log (org admins).

SAML known limits

LimitImpact
No assertion replay cacheInResponseTo replay protection is disabled on multi-instance backends without a shared cache. Signature, audience, and timestamp checks still apply.
API key bypass under requireSsorequireSso blocks password and Google interactive sign-in and refresh only. Valid org API keys still authenticate /v1/chat and other automation endpoints — revoke keys for offboarded users.
Require SSO session revocationEnabling Require SSO (or disabling password/Google) immediately revokes non-SAML sessions and refresh tokens; existing SAML sessions stay valid.
JIT provisioningFirst SAML login creates a member user; admins must promote roles manually or pre-provision accounts.
No SCIMNo IdP-driven user provisioning sync — offboard via admin Users or POST /v1/auth/saml/offboard
SP-initiated onlyLogin must start from Coop (/v1/auth/saml/start or admin Test connection) so RelayState carries the org id.
IdP cert storageX.509 signing certificates are stored in plaintext in org_sso_config (unlike encrypted OAuth integration tokens)

Troubleshooting: SAML SSO troubleshooting.

Network boundaries

  • Extension → Coop API (https://api.coop-ai.dev or self-hosted)
  • Coop API → LLM providers (with zero-retention headers where configured)
  • Coop API → GitHub/Slack/Jira/etc. (OAuth-scoped)

Compliance

Enterprise plans include:

  • Data Processing Agreement (DPA)
  • Zero-retention attestation for confidential code paths
  • Audit logs for admin actions
  • BYOK option to route inference through your provider accounts

No model training

Your code and prompts are never used to train foundation models. Coop routes requests to provider APIs with appropriate retention flags.

Next steps