安全

设计即隐私。

你的密钥。你的基础设施。你的代码永远属于你。Codna 为无法将源码泄露到不受控上下文窗口的团队而生。

安全

01

自托管

在你的本地机器、VPC 或企业版气隔部署中运行 Codna。

02

BYOK

使用你自己的模型提供商密钥,并强制执行你的模型网关策略。

03

出口强制关闭

私有模式阻止网络出口,除非明确允许。无静默回退。

04

不参与训练

Codna 的设计不对客户代码、prompt、补丁或代码库地图进行训练。

Data flow

What actually leaves your network.

Most AI coding tools stream your repository into an uncontrolled context window. Codna does the opposite. Almost all of the work happens locally, and only a small, inspectable bundle ever reaches a model. Here is the exact path your code takes.

01

The map runs locally, for zero tokens

Codna's deterministic engine reads and maps your repositories on your own hardware. It mapped 130 repos in 9.2 seconds for 0 LLM tokens. No code is sent anywhere to understand your codebase.

02

A ~600-token evidence bundle is built

For each fix, the engine assembles a focused evidence bundle of roughly 600 tokens rather than shipping the whole tree. That is 162x less context than the repository it came from, so almost nothing about your code needs to leave at all.

03

The agent calls your model, through your key

Codna sends that bundle to your model using your own key. With bring-your-own-key the request goes to your provider directly, so the data agreement is between you and them, not us. BYOK runs on an Anthropic (Claude) key today, with more providers coming.

04

Fail-closed egress blocks the rest

Any outbound connection that is not on your allowlist is refused, not quietly rerouted. A tiny bundle plus audited egress means a small blast radius. If something did leak, it would be ~600 tokens, not your source tree.

Boundaries

What Codna never does.

Good security is as much about what a tool refuses to do as what it offers. These are hard guarantees, not default settings you have to remember to turn on. So when someone asks whether the AI trains on your code, the answer is no.

  • Train on your code, prompts, patches, or repository maps
  • Stream your whole repository into an uncontrolled context window
  • Route model calls through our keys instead of yours
  • Fall back to an open network path when egress is blocked
  • Share your key, your maps, or your runs across tenants

Deployment

Private by deployment.

Data residency is a property of where the software runs, not a promise on a marketing page. Codna is a self-hosted AI coding assistant, so you decide where the engine, the agent, and the audit logs live. Pick the boundary that fits your compliance program.

On your machine

Run the full engine and agent locally. Your code is mapped and fixed on the same hardware it already lives on, so nothing crosses a network you do not control.

In your VPC

Deploy inside your own cloud account with per-tenant key isolation, SSO, roles, and full audit logging of every map, agent run, model call, and PR — the controls a SOC 2 or ISO 27001 program asks for, inside your perimeter.

Air-gapped

Run on-premise with no internet path at all. Paired with your own model gateway, code never leaves your network by construction rather than by policy. This is on-premise, air-gapped AI coding.

运行时控制

强制执行,而非空口承诺。

租户级密钥隔离、敏感信息脱敏、可审计的出口控制和部署级控制,让隐私成为默认运行模式。

Frequently asked

No. Codna never uses your code for training. You bring your own API key, and your data stays entirely within your infrastructure.

Yes. Codna is designed for self-hosting. You control the environment, the keys, and the egress — nothing leaves without your explicit configuration.

If an outbound connection cannot be established within your defined policy, Codna blocks the request entirely rather than falling back to an open path. No silent data leaks.

You supply your own LLM API key. Codna routes requests through it directly, so the provider relationship — and any billing or data agreements — is solely between you and your chosen provider.

No. Codna uses per-tenant key isolation. Your key is scoped to your instance and never shared with or visible to other tenants.

Very little. The deterministic engine builds a focused ~600-token evidence bundle for each fix — measured at 162x less context than reading the whole repository. Less context means a smaller blast radius for any data leaving your environment.

Your code. Your keys. Your network.