Privacy policy

Last updated: 2026-05-31. Applies to release 2.0.4 and later.

This document tells you exactly what BrassCoders reads, what it writes, and what (if anything) leaves your machine. If anything in this document is incorrect or out of date, that is a bug — please file an issue.

What BrassCoders reads

BrassCoders scans files inside the directory you point it at (the project root). For each file under that root, BrassCoders:

  • Skips it if any path component is in the exclusion list (.git, __pycache__, node_modules, .venv, venv, build, dist, .brass, .next, .nuxt, .svelte-kit, prisma/generated, etc.).
  • Skips it if the resolved path falls outside the project root, even via a symlink.
  • Skips files larger than 1 MiB.
  • Reads the file content into memory.
  • Runs the relevant scanner suites (security, privacy, code quality, performance, secrets, content moderation).

BrassCoders does not read files outside your project root.

What BrassCoders writes

BrassCoders creates a .brass/ directory inside the project root and writes:

  • ai_instructions.yaml — top-level summary
  • detailed_analysis.yaml — every finding, grouped by type
  • file_intelligence.yaml — findings collated per file
  • security_report.yaml — security-only view
  • statistics.yaml — aggregate metrics
  • privacy_analysis.yaml — present only when PII findings exist
  • brass.log — diagnostic log

The .brass/ directory is created with permissions 0700; YAML files are written with 0600 (POSIX). On Windows, BrassCoders relies on filesystem ACLs.

Redaction in output

The privacy scanner exists to detect sensitive data; it would defeat the purpose to write the raw matched data into .brass/. BrassCoders enforces this in two places:

  1. At the source. The privacy scanner replaces the raw matched value with a masked version (e.g. 4111****1111), drops the surrounding context line, and clears the top-level code_snippet field for any privacy finding.
  2. At the boundary. The YAML writer strips a known set of privacy-sensitive metadata keys (matched_text, code_snippet, context_line, raw_match, context) from any finding whose type is PRIVACY or whose detector is in the secret-leak allowlist (auth_pattern_analyzer, bandit) before serialization.

The hardcoded-credential detection path replaces literal values inside string quotes with <REDACTED> before persisting the line. The secret scanner records only the secret type and a short hash for de-duplication. The secret value itself is never written to disk by BrassCoders.

What leaves your machine

The OSS core makes no outbound network calls by default. With an active Paid Plan license, the additional flows described below apply.

Paid Plan: enrichment gateway

When you scan with an active Paid Plan license, BrassCoders calls our hosted enrichment gateway. Two payloads are transmitted:

  • Scanner findings, already-redacted at the scanner. Sensitive matched values (secrets, PII) are masked before they leave the scanner; code_snippet and other context fields are stripped at the YAML boundary for any PRIVACY-typed finding. The gateway receives finding titles, descriptions, severity, file paths, and line numbers — not raw source.
  • Project signature, a short string (≤7500 characters) derived from your project's README, manifest (pyproject.toml, package.json, etc.), entrypoint, and top-level filenames. Used to rank findings by relevance to your codebase.

Raw source code is never transmitted. The gateway forwards these payloads to a hosted embedding model for semantic deduplication and reranking. Neither we nor the embedding provider retain the data after the request completes.

Passing --offline on any scan bypasses the gateway entirely — the scan falls back to heuristic-only enrichment without making outbound network calls, regardless of license state.

License management

BrassCoders makes outbound HTTPS calls to LemonSqueezy to activate, validate, and deactivate license keys. These calls transmit your license key, machine identifier, and customer email; they do not transmit scanner findings, project signature, or source code. Validation happens at most once per week per machine after initial activation.

Optional: package-hallucination check

The package-hallucination check is the one OSS-core network path. When enabled, BrassCoders takes each imported package name from your code and issues HTTPS GETs to the relevant registry to confirm it exists:

  • Python: https://pypi.org/pypi/<name>/json
  • JavaScript: https://registry.npmjs.org/<name>
  • Go: https://pkg.go.dev/<name>

This check is off by default and must be opted into per scan via --check-package-hallucination. Passing --offline overrides the opt-in back to off; that flag is the canonical way to assert "do not let anything leave my machine."

You should not enable the package-hallucination check on a project that imports private internal package names. Doing so would leak those names to the public registry.

There is no telemetry, error reporting, or auto-update check active by default in BrassCoders. The optional telemetry framework, when enabled via brasscoders telemetry on, sends only anonymized usage counts (event type, finding-type distribution, CLI version, OS) and never includes source code, file paths, emails, or stack traces.

What BrassCoders refuses to do

  • BrassCoders refuses to follow symlinks pointing outside the project root, even if the symlink itself is inside the project. This prevents a hostile repo from steering a scan into ~/.aws/credentials or ~/.ssh/id_rsa.
  • BrassCoders refuses to inherit user/system git config when invoking git, to prevent CVE-2022-24765-class repos from achieving code execution during the scan-time git health check.
  • BrassCoders synthetic performance scripts (brasscoders scan --performance-full) run via python3 -I in a minimal env, and the script bodies are static templates — no metadata interpolation is permitted.

Reporting a privacy or security issue

Email brass@coppersuncreative.com with a description and reproduction steps. We treat unauthorized data egress, raw-PII serialization, and silent network calls as launch-blocking bugs.