Security and privacy
AI Code Insights measures AI agent usage patterns across your engineering organization. No source code leaves the developer’s machine, transcripts are scrubbed for secrets and PII before transmission, and admins control whether transcripts are captured at all.
Data flow
- Local observation: The daemon uses Watchman (bundled with the installer) to monitor file change signals and Git operations in designated repositories. For agents with native integrations, hooks and plugins capture session metadata and transcripts directly.
- Local storage: Two SQLite databases on the developer’s machine store classification data. These are intentionally unencrypted so security teams and developers can inspect them at any time.
- Local classification: File change signals (insertion timing, edit patterns, clipboard activity) are used to classify code as human- or AI-authored. No source code content is analyzed.
- Transmission: Two triggers send data to the DX API over HTTPS:
- On push: Aggregate commit metrics are sent when the developer pushes a commit.
- On session end: Session metadata and transcripts (when enabled) are sent when an agent session ends. Transcripts are scrubbed for secrets and PII before leaving the machine.
- Ingestion: DX ingests the data into the organization’s data lake, powering reports, Agent Experience scoring, and custom analytics.
Unpushed commit data is stored locally and automatically cleaned up after 30 days.
Local databases are stored in ~/.aicodemetrics (macOS/Linux) or $env:LOCALAPPDATA\aicodemetrics (Windows):
- repositories.db: Repository metadata (name, Git remote URL, local filesystem path).
- content.db: Classification data: edit events, clipboard matching signals, typing cadence patterns, Git commit metadata, AI attribution metrics, and confidence scores. This data remains on the developer’s machine.
What is collected
Data transmitted to DX:
| Category | Data |
|---|---|
| Repository metadata | Repository name, ID, remote URL, local path |
| Commit metadata | Commit hash, message, timestamp, branch, Git author (username and email) |
| System metadata | System username, hostname, OS info |
| Aggregate metrics per commit | Total lines added/deleted with human vs. AI attribution, files changed count, AI retention rate |
| Per-file metrics | File paths, change types (modified/deleted/renamed), line-level AI attribution counts, similarity scores for edited AI-generated lines |
| Agent attribution | Agent name, version, and model used (for agents with native integrations) |
| Session metadata | Model used, timestamps, tokens per session (where available). Collected for agents with native integrations. |
| Session transcripts (when enabled) | Full message text from supported agents. Requires transcript capture to be enabled by your DX admin. |
Data that is NOT collected or transmitted:
| Category | Details |
|---|---|
| Source code | File contents are never read for the purpose of transmission. No code leaves the machine. |
| Clipboard contents | Clipboard activity is observed locally to classify code origin, but contents are never transmitted. Clipboard monitoring can be disabled. |
| Keystrokes | The daemon observes typing cadence patterns locally to aid classification. It does not log what you type. |
| Screenshots or screen content | Not captured. |
| Browsing or application activity | Not monitored. |
| Files outside monitored repos | The daemon only observes repositories whose Git remote origin matches a repository in the organization’s Data Cloud. All other directories are ignored. |
| Time tracking or productivity metrics | AI Code Insights measures code authorship attribution, not developer speed or hours worked. |
Transcript handling
For agents with native integrations, the daemon collects session-level metadata (model, timestamps, tokens) whenever hooks or plugins are installed. Full transcript capture is a separate, optional feature controlled by your DX admin.
When transcript capture is enabled, all session messages are scrubbed in two passes before storage:
- Client-side scrubbing: The daemon’s PII scrubber removes secrets (passwords, API keys, tokens, private keys) and PII (email addresses, Social Security numbers, credit card numbers) before the transcript leaves the developer’s machine. Matched values are replaced with
[FILTERED]. - Server-side scrubbing: DX’s ingestion pipeline applies the full gitleaks ruleset as a second pass, catching patterns that a daemon version may predate.
The original, unredacted text is not stored on DX’s servers.
When Agent Experience scoring is enabled, DX evaluates each transcript server-side using a separate model — not the model used during the session — to produce per-session quality scores. This evaluation happens after scrubbing.
Transcript visibility for individual contributors is controlled by your DX admin. See Configuration for details.
Network and infrastructure
API endpoints
The daemon communicates with a single DX API host over HTTPS. The API token is scoped to the following endpoints and cannot access other DX APIs or data:
| Endpoint | Method | Purpose |
|---|---|---|
/api/aiCode.repos.list |
GET | Fetch the list of repositories to monitor (sourced from Data Cloud) |
/api/aiCode.commits.push |
POST | Send commit analysis metrics on Git push |
/api/aiCode.settings |
GET | Fetch remote daemon settings (auto-generated file patterns, feature flags) |
/api/aiCode.sessions.upsert |
POST | Send session metadata and transcripts (transcripts require admin opt-in) |
/api/aiCode.daemonInstallation.upsert |
POST | Report daemon version, OS, and configuration to DX |
If your network uses a firewall or proxy, ensure outbound HTTPS access to your organization’s DX API URL — found under Admin → AI Code Insights.
Code signing
All daemon binaries (.pkg for macOS, .msi for Windows, .tar.gz for Linux) are code-signed. DX recommends verifying the signature before deployment to ensure the binary has not been tampered with.
Tamper resistance
The daemon does not include built-in self-protection against users stopping the process or modifying configuration. Organizations that need to prevent developer interference should use MDM-level controls — managed preferences for configuration and MDM policies for service persistence. If a user deletes the local SQLite databases, the daemon recreates them on its next run. No permanent data is lost, since committed metrics have already been sent to DX.
Endpoint considerations
EDR and endpoint security
The daemon’s behavior — a background process that watches file system changes, hooks into developer tools, stores data locally, and makes outbound HTTPS calls — can trigger behavioral alerts in EDR solutions (Palo Alto, CrowdStrike, Microsoft Defender, etc.). This is expected. Pre-configure exclusions before rolling out to developer machines.
Processes to whitelist:
| Platform | Process | Path |
|---|---|---|
| macOS | aicodemetricsd |
/usr/local/bin/aicodemetricsd |
| macOS | watchman |
/usr/local/bin/watchman |
| Windows | aicodemetricsd.exe |
%ProgramFiles%\AICodeMetrics\aicodemetricsd.exe |
| Windows | watchman.exe |
%ProgramFiles%\AICodeMetrics\watchman\bin\watchman.exe |
| Linux | aicodemetricsd |
/usr/local/bin/aicodemetricsd |
Paths to exclude from scanning:
| Platform | Path | Contents |
|---|---|---|
| macOS | ~/.aicodemetrics/ |
Config, SQLite databases, temporary files |
| macOS | ~/Library/Logs/AI Code Metrics/ |
Daemon logs |
| Windows | %LOCALAPPDATA%\aicodemetrics\ |
Config, SQLite databases, logs, temporary files |
| Linux | ~/.aicodemetrics/ |
Config, SQLite databases, logs, temporary files |
The daemon writes frequently to its local SQLite databases. EDR agents that scan newly created or modified files may lock these files temporarily, causing errors or degraded performance. Excluding these paths from real-time scanning prevents this.
OS permissions
| Permission | Purpose |
|---|---|
| File system read access to designated repositories | Observing file changes and Git operations for classification |
| Watchman (file system monitoring service) | Efficiently detecting file changes without polling. Watchman is an open-source tool from Meta, bundled with the macOS and Windows installers. |
| LaunchAgent (macOS) / systemd (Linux) / Task Scheduler (Windows) | Running the daemon as a background process that starts automatically |
| Outbound HTTPS | Communicating with the DX API |
On macOS, if repositories are located in protected directories (Desktop, Downloads, Documents), Full Disk Access must be granted to /usr/local/bin/aicodemetricsd. See the Installation guide for details.
Resource usage
| Resource | Typical usage |
|---|---|
| Memory | ~100 MB (varies with the number of monitored repositories) |
| Disk | Up to a few GB for local SQLite databases |
| CPU | Minimal — event-driven via Watchman, not polling |
| Network | Small payloads sent only on Git push |
Source code access
DX offers source code review of the AI Code Insights daemon for qualifying enterprise customers. Contact your DX account team or reach out via Slack to request access.
Compliance
DX maintains SOC 2 Type II compliance. For data processing agreements, data residency details, and additional compliance documentation, contact your DX account team.
In jurisdictions that require works council consultation before deploying workplace monitoring tools, the data collection scope described on this page provides the basis for that review. AI Code Insights monitors code authorship patterns in designated repositories — it does not monitor developer behavior, communications, browsing, or non-development activity. Consult your legal team to determine whether works council notification or consultation is required in your jurisdiction.