Security Overview
Last updated: June 27, 2026
Architecture
CoopAI is a code intelligence platform with three primary components: a VS Code extension, a Coop API server (graph, jobs, webhooks, OAuth, and LLM routing), and a background worker for indexing. All customer data is scoped to an organization — every indexed repo, integration credential, audit record, and API key belongs to exactly one org.
CoopAI uses Deep-Index / Lightning Mode on all plans. When an org admin connects a code host, CoopAI builds a Deep-Code Graph across accessible repositories — symbol metadata, full-text search indexes, and embedding chunks — on Coop infrastructure or your self-hosted deployment (free orgs: up to 3 repos org-wide; Pro: unlimited). Developers query this graph from VS Code without maintaining full repository clones on every laptop.
Index jobs use a transient shallow clone on the server to build indexes, then delete the clone when the job completes. Persistent storage holds search indexes and graph metadata, not long-lived git mirrors.
LLM inference is routed through a dedicated server-side Model Router. Provider API keys live in server configuration — not in the IDE, client settings, or source control.
What gets indexed vs. queried live
Indexed on the server (code repositories):
- Symbol graph — file paths, symbols, references, and ownership signals (no full source file bodies in the symbol store)
- Full-text search — searchable file content for Coop-Search across Deep-Indexed repos
- Embeddings — vector chunks for files without symbol coverage (Pro and Enterprise, when enabled)
- Graph metadata — commit summaries, PR and branch metadata, dependency edges, and webhook-derived change signals
Queried live at chat time (not background-indexed): Slack threads, Jira issues, Confluence pages, Notion docs, Google Docs, and Microsoft Teams messages. CoopAI fetches integration content on demand when a workflow or chat command needs it — so ticket and conversation data is not copied into a standing index.
Slack webhook processing may extract decision keywords and repository references for graph context. Full message bodies are not retained in the graph cache.
Multi-tenant isolation
- Every org has a unique ID; repos, indexes, integrations, and audit logs are keyed by
org_id - Org API keys are stored as SHA-256 hashes — raw keys are shown once at creation and never persisted in plaintext
- Integration OAuth tokens are encrypted at rest using
CREDENTIALS_ENCRYPTION_KEY - Enterprise plans support SAML 2.0 SSO with per-org configuration; session tokens are stored as hashes
- Connecting integrations and syncing code-host catalogs requires org owner or admin role
Zero-retention LLM routing
Before any code context reaches an LLM provider, CoopAI applies a zero-retention configuration layer:
- System instructions declaring CoopAI code context as enterprise-confidential
- Request headers including
x-data-retention-policy,x-use-case,x-enterprise-mode,x-no-training, andx-no-logging - Body annotations under
retention_policywithstore_conversation,use_for_training,use_for_fine_tuning, andallow_loggingset tofalse - Payload sanitization via
sanitizeLlmRequestPayloadbefore transmission
Inline completions use a separate x-use-case: code-completion-only path — distinct from chat, with the same zero-retention posture.
No model training
CoopAI does not use your code, prompts, or completions to train models. Inference requests are sent to third-party LLM providers under their commercial API terms:
- Anthropic: Commercial Claude API data is not used for training by default unless explicitly opted in
- OpenAI: Standard inference API data is not used for training by default; abuse-monitoring retention may apply unless zero data retention is contracted
- Google Gemini: Paid API or Vertex AI terms apply; web search, context caching, and session storage features are disabled for zero-retention workloads
- DeepSeek: Blocked for enterprise-confidential routing unless legal approves a DPA with explicit no-training/no-retention terms
Bring Your Own Key (BYOK)
Enterprise customers may route inference through their own provider accounts (Anthropic, OpenAI, Gemini, and approved providers). In BYOK mode:
- CoopAI stores only an API key hash and encrypted key material
- Decrypted keys exist only for the duration of the outbound request
- API keys are never written to logs, error reports, or audit payloads
- BYOK audit events capture customer ID, provider, model, timestamp, request ID, and status — retained for 90 days
- BYOK audit events explicitly exclude API keys, prompts, responses, and raw code context
Authentication
Human sign-in uses email and password (minimum 12 characters), optional Google OAuth, and Enterprise SAML 2.0 SSO. Session tokens are issued server-side and handed off to the admin portal over HTTPS — they are stored as hashes in the database, not as plaintext API keys in email.
Programmatic API access to the Coop server uses bearer token authentication (Authorization: Bearer <COOP_API_TOKEN>). Org API keys are created in the admin portal and stored as SHA-256 hashes. In production, COOP_REQUIRE_API_AUTH=true validates credentials against the database.
The VS Code extension stores the Coop API token using VS Code's SecretStorage API, which leverages the operating system keychain. In production mode, developers sign in with their org credentials — integration tokens are not pasted into the IDE.
Audit logging
CoopAI maintains an append-only audit_log scoped by organization. Typical events include chat completions, indexing enable/disable, workspace repo changes, integration connect/disconnect, SAML login, and admin actions.
Audit records capture who performed an action, what action occurred, and limited metadata (provider, model, repo ID) — not prompt content, response text, or assembled context bundles. Audit write failures are logged but do not block user actions.
Org admins can review audit history in the admin portal. Retention reports and signed attestation payloads are available for enterprise compliance reviews.
Data in transit and at rest
- All API communication uses HTTPS/TLS
- Inbound webhooks from GitHub, GitLab, and Slack are signature-verified before processing
- Graph indexes, job queues, and org data persist in PostgreSQL for production deployments
- Integration credentials and BYOK key material are encrypted at rest
- Self-hosted Enterprise deployments keep repo indexes and inference on infrastructure you control
Integrations
CoopAI connects to GitHub, GitLab, and Bitbucket for repository webhooks and catalog sync; Slack, Jira, Confluence, Notion, Google Docs, and Microsoft Teams for organizational context. Each integration uses OAuth or host-specific authentication configured on the server — credentials are never stored in VS Code settings in production mode.
Logging and error handling
CoopAI is designed to exclude sensitive data from logs and crash reports:
- Request bodies, response bodies, API keys, and prompt content are excluded from error logs
- Provider compliance checks run on backend startup
- Configuration changes for BYOK, provider enablement, and policy overrides are logged
Compliance attestation
CoopAI can generate retention reports and signed attestation payloads documenting:
- Percentage of requests sent with zero-retention flags
- Count of BYOK requests
- Provider policy links and verification dates
- Sanitization rules applied before transmission
- Configuration changes in the last 90 days
A zero-retention DPA addendum template is available for enterprise customers undergoing legal review.
We provide architecture documentation, subprocessors lists, and retention attestation reports during enterprise evaluation. SOC 2 Type II certification is on our compliance roadmap — contact security@coop-ai.dev for current status and security questionnaire support.
We are happy to discuss your security requirements during an enterprise evaluation and provide architecture documentation for your review.
Responsible disclosure
If you discover a security vulnerability, please report it to security@coop-ai.dev. We aim to acknowledge reports within 48 hours.