Privacy model
AgentCollision is designed so the coordinator — the only part that sees multiple machines — can never learn what you're working on. Not what files you edit, not what directories you have, not what your code looks like. Just hashes and encrypted blobs.
What never leaves your machine
- File contents
- Repository names
- Directory structure
- Git history
- Commit messages
- Your username, hostname, or any identifying system info
What the coordinator sees
Exactly three categories of data:
1. Hashed resource identifiers
Every file path is HMAC-SHA256 hashed on your machine using a team-specific secret key. The coordinator receives file:h:a3f9b2c1d4e5:h:492a72f30298, not file:/Users/alice/code:src/auth/login.ts.
Two teammates hashing the same path produce the same hash (so coordination works), but the coordinator can't reverse the hash to learn the path. The key is 32 random bytes, generated at team creation, stored only on teammates' machines.
2. Encrypted display hints (optional)
The daemon optionally pushes an AES-256-GCM encrypted blob alongside each lease. This is what lets the hosted dashboard show real file names instead of hashes. The coordinator stores the ciphertext; only browsers with the team's HMAC key can decrypt.
If you disable display hints in the daemon (coming soon), the coordinator literally has no way to learn your file paths, even if its D1 database is stolen.
3. Coordination metadata
- Which machine (
laptop_abc123) holds which lease - When leases acquired/expired
- Which agent tool (claude-code, cursor, etc.) — first path segment only
- Audit events (member joined, role changed, invite created)
All of these are necessary for the coordinator to do its job. None of them reveal code content.
What the hosted dashboard sees
The dashboard runs in your browser. It makes authenticated API calls to the coordinator and renders the response. If you enable decryption (paste your HMAC key), it decrypts display hints locally and shows real file names — but the key never leaves your browser, never goes back to the coordinator.
Close the tab and the key is forgotten. Open a new tab and you'll see hashes again until you re-enable decryption.
What Anthropic / OpenAI / your AI tool sees
Nothing from AgentCollision. The daemon talks to your AI tools through local hooks only. We don't ship anything to third-party AI providers.
Self-hosted option (Enterprise)
Enterprise customers can run their own coordinator under a commercial license, pointing their team's daemons at it via coordinator_url in ~/.agentcollision/team.toml. Contact us to discuss.
Data retention
- Lease state: garbage-collected 30 seconds after a machine stops pushing. Effectively ephemeral.
- Audit log: retained until the team is deleted. Append-only.
- Member tokens: retained until the member is removed or the team is deleted.
- Invite codes: 30 days, or until revoked.
Deleting your data
- Leave a team:
agc team leaveremoves local team config. Ask the admin to remove your entry from the team members list. - Delete a team: admin runs Danger zone → Delete Team on the dashboard. Removes all team state immediately.
- Delete your account: Settings → Danger Zone on the hosted dashboard. Removes your account and all team associations.
Security details
- Transport: HTTPS everywhere. Coordinator only listens on TLS.
- Auth: bearer tokens, SHA-256 hashed at rest. Raw tokens never stored.
- HMAC key: 32 random bytes (
crypto/rand), base64-encoded, mode 0600 on disk. - Encryption: AES-256-GCM with 96-bit random nonces. Additional auth data = none.
Dependencies audited regularly. Security questions: hello@agentcollision.com.