Skip to main content
Security First

Built for Security & Privacy

Your code stays on your machine. Your credentials never leave your device. We're just a secure relay.

End-to-End Encryption

All communication between your browser and local agent uses AES-256-GCM authenticated encryption with per-session keys derived via X25519 + HKDF. Our relay servers can only see encrypted ciphertext — we can't read your code or conversations.

Browser ⟷ [Encrypted Relay] ⟷ Local Agent

Zero Trust Architecture

We never trust, we always verify. Every request is authenticated, every action requires explicit approval, and default-deny policies protect your sensitive operations.

  • Explicit approval for file writes
  • Explicit approval for bash commands
  • Explicit approval for git commits

Local Execution Only

All code runs on your local machine—not in the cloud. Your repository, your credentials, your files: they all stay local. We're a secure relay, not a code hosting service.

What we DON'T have:
• Your source code
• Your API keys
• Your git credentials
• Your file contents

Credential Custody

Your Claude API keys and tokens are stored in your OS keychain and never transmitted to our servers. The local agent holds all credentials securely on your machine.

Secure storage:
• macOS: Keychain
• Windows: Credential Manager
• Linux: Secret Service API

Encryption Details

Authenticated Handshake

When you start a remote session, your browser and local agent perform an authenticated key exchange:

  1. 1 Agent generates identity: Long-term Ed25519 keypair registered to your account
  2. 2 Session keys: Browser and agent each generate ephemeral X25519 keypairs
  3. 3 Authentication: Agent signs session data with Ed25519 identity key
  4. 4 Key derivation: HKDF-SHA256 derives encryption keys from shared secret
  5. 5 Transport: AES-256-GCM AEAD with deterministic direction-specific nonces

Security Properties

  • Forward secrecy: Compromise of long-term keys doesn't reveal past sessions
  • Relay blindness: Server cannot decrypt any message content
  • Replay protection: Session nonces and transcript hashes prevent replay attacks
  • Downgrade protection: Fixed cipher suites prevent negotiation attacks

Compliance & Auditing

SOC 2 Type II

Annual third-party audit of our security, availability, and confidentiality controls. (Coming Q2 2026)

GDPR Compliant

Full GDPR compliance with data minimization, right to erasure, and data portability.

Audit Logs

Metadata-only audit trails for compliance teams. No content logging by default (Enterprise: custom retention).

Penetration Testing

Quarterly penetration tests by independent security researchers to validate our threat model.

Responsible Disclosure

Found a security vulnerability? We want to hear from you.

Bug Bounty Program

We offer rewards for security vulnerabilities disclosed responsibly. Report issues to security@commands.com with:

  • Detailed description of the vulnerability
  • Steps to reproduce the issue
  • Potential impact and severity assessment

We commit to responding within 48 hours and fixing critical issues within 7 days.