CoopAI

Security

How CoopAI protects your code, credentials, and inference data.

Enterprise benefits and business considerations? See Enterprise page →

No model training

Zero-retention routing

Keys on your server

BYOK ready

Security Overview

Last updated: June 27, 2026

Architecture

CoopAI is a code intelligence platform with three primary components: a VS Code extension, a Coop API server (graph, jobs, webhooks, OAuth, and LLM routing), and a background worker for indexing. All customer data is scoped to an organization — every indexed repo, integration credential, audit record, and API key belongs to exactly one org.

CoopAI uses Deep-Index / Lightning Mode on all plans. When an org admin connects a code host, CoopAI builds a Deep-Code Graph across accessible repositories — symbol metadata, full-text search indexes, and embedding chunks — on Coop infrastructure or your self-hosted deployment (free orgs: up to 3 repos org-wide; Pro: unlimited). Developers query this graph from VS Code without maintaining full repository clones on every laptop.

Index jobs use a transient shallow clone on the server to build indexes, then delete the clone when the job completes. Persistent storage holds search indexes and graph metadata, not long-lived git mirrors.

LLM inference is routed through a dedicated server-side Model Router. Provider API keys live in server configuration — not in the IDE, client settings, or source control.

What gets indexed vs. queried live

Indexed on the server (code repositories):

  • Symbol graph — file paths, symbols, references, and ownership signals (no full source file bodies in the symbol store)
  • Full-text search — searchable file content for Coop-Search across Deep-Indexed repos
  • Embeddings — vector chunks for files without symbol coverage (Pro and Enterprise, when enabled)
  • Graph metadata — commit summaries, PR and branch metadata, dependency edges, and webhook-derived change signals

Queried live at chat time (not background-indexed): Slack threads, Jira issues, Confluence pages, Notion docs, Google Docs, and Microsoft Teams messages. CoopAI fetches integration content on demand when a workflow or chat command needs it — so ticket and conversation data is not copied into a standing index.

Slack webhook processing may extract decision keywords and repository references for graph context. Full message bodies are not retained in the graph cache.

Multi-tenant isolation

  • Every org has a unique ID; repos, indexes, integrations, and audit logs are keyed by org_id
  • Org API keys are stored as SHA-256 hashes — raw keys are shown once at creation and never persisted in plaintext
  • Integration OAuth tokens are encrypted at rest using CREDENTIALS_ENCRYPTION_KEY
  • Enterprise plans support SAML 2.0 SSO with per-org configuration; session tokens are stored as hashes
  • Connecting integrations and syncing code-host catalogs requires org owner or admin role

Zero-retention LLM routing

Before any code context reaches an LLM provider, CoopAI applies a zero-retention configuration layer:

  • System instructions declaring CoopAI code context as enterprise-confidential
  • Request headers including x-data-retention-policy, x-use-case, x-enterprise-mode, x-no-training, and x-no-logging
  • Body annotations under retention_policy with store_conversation, use_for_training, use_for_fine_tuning, and allow_logging set to false
  • Payload sanitization via sanitizeLlmRequestPayload before transmission

Inline completions use a separate x-use-case: code-completion-only path — distinct from chat, with the same zero-retention posture.

No model training

CoopAI does not use your code, prompts, or completions to train models. Inference requests are sent to third-party LLM providers under their commercial API terms:

  • Anthropic: Commercial Claude API data is not used for training by default unless explicitly opted in
  • OpenAI: Standard inference API data is not used for training by default; abuse-monitoring retention may apply unless zero data retention is contracted
  • Google Gemini: Paid API or Vertex AI terms apply; web search, context caching, and session storage features are disabled for zero-retention workloads
  • DeepSeek: Blocked for enterprise-confidential routing unless legal approves a DPA with explicit no-training/no-retention terms

Bring Your Own Key (BYOK)

Enterprise customers may route inference through their own provider accounts (Anthropic, OpenAI, Gemini, and approved providers). In BYOK mode:

  • CoopAI stores only an API key hash and encrypted key material
  • Decrypted keys exist only for the duration of the outbound request
  • API keys are never written to logs, error reports, or audit payloads
  • BYOK audit events capture customer ID, provider, model, timestamp, request ID, and status — retained for 90 days
  • BYOK audit events explicitly exclude API keys, prompts, responses, and raw code context

Authentication

Human sign-in uses email and password (minimum 12 characters), optional Google OAuth, and Enterprise SAML 2.0 SSO. Session tokens are issued server-side and handed off to the admin portal over HTTPS — they are stored as hashes in the database, not as plaintext API keys in email.

Programmatic API access to the Coop server uses bearer token authentication (Authorization: Bearer <COOP_API_TOKEN>). Org API keys are created in the admin portal and stored as SHA-256 hashes. In production, COOP_REQUIRE_API_AUTH=true validates credentials against the database.

The VS Code extension stores the Coop API token using VS Code's SecretStorage API, which leverages the operating system keychain. In production mode, developers sign in with their org credentials — integration tokens are not pasted into the IDE.

Audit logging

CoopAI maintains an append-only audit_log scoped by organization. Typical events include chat completions, indexing enable/disable, workspace repo changes, integration connect/disconnect, SAML login, and admin actions.

Audit records capture who performed an action, what action occurred, and limited metadata (provider, model, repo ID) — not prompt content, response text, or assembled context bundles. Audit write failures are logged but do not block user actions.

Org admins can review audit history in the admin portal. Retention reports and signed attestation payloads are available for enterprise compliance reviews.

Data in transit and at rest

  • All API communication uses HTTPS/TLS
  • Inbound webhooks from GitHub, GitLab, and Slack are signature-verified before processing
  • Graph indexes, job queues, and org data persist in PostgreSQL for production deployments
  • Integration credentials and BYOK key material are encrypted at rest
  • Self-hosted Enterprise deployments keep repo indexes and inference on infrastructure you control

Integrations

CoopAI connects to GitHub, GitLab, and Bitbucket for repository webhooks and catalog sync; Slack, Jira, Confluence, Notion, Google Docs, and Microsoft Teams for organizational context. Each integration uses OAuth or host-specific authentication configured on the server — credentials are never stored in VS Code settings in production mode.

Logging and error handling

CoopAI is designed to exclude sensitive data from logs and crash reports:

  • Request bodies, response bodies, API keys, and prompt content are excluded from error logs
  • Provider compliance checks run on backend startup
  • Configuration changes for BYOK, provider enablement, and policy overrides are logged

Compliance attestation

CoopAI can generate retention reports and signed attestation payloads documenting:

  • Percentage of requests sent with zero-retention flags
  • Count of BYOK requests
  • Provider policy links and verification dates
  • Sanitization rules applied before transmission
  • Configuration changes in the last 90 days

A zero-retention DPA addendum template is available for enterprise customers undergoing legal review.

We provide architecture documentation, subprocessors lists, and retention attestation reports during enterprise evaluation. SOC 2 Type II certification is on our compliance roadmap — contact security@coop-ai.dev for current status and security questionnaire support.

We are happy to discuss your security requirements during an enterprise evaluation and provide architecture documentation for your review.

Responsible disclosure

If you discover a security vulnerability, please report it to security@coop-ai.dev. We aim to acknowledge reports within 48 hours.

coop — zsh

coop demo --repo yours

Questions about security?

Book a demo and we'll walk through architecture, deployment options, and compliance documentation.

code intelligence from your entire stack