Security and privacy

Local bridge does not mean zero data leaves your machine.

CodeSeeX is local software, but model requests, web search, Vision endpoints, and community tools each have distinct trust boundaries.

Local /v1 DeepSeek upstream Vision endpoints Web Search Community tools
Model requests

Prompts and context are forwarded to the configured DeepSeek-compatible upstream.

Use your own credentials, review upstream terms, and keep generated config local.
Vision

Image pixels can be sent to the configured Vision endpoint.

Configure only endpoints you trust and treat Vision keys as local secrets.
Web Search

Search providers and opened evidence pages can receive network requests.

CodeSeeX blocks local/private targets and keeps result replay bounded.
Community tools

Enabled tools run local commands declared by their manifests.

They are disabled by default; enable only manifests you trust.
Logs

Default logs are compact and redacted; dev diagnostics can expose more request shape.

Use diagnostic mode only for debugging and clear diagnostic logs when done.
CodeSeeX Vision example in Codex
Read the state boundary docs

Read the state boundary docs

The state contract explains what CodeSeeX stores, what Codex owns, and why the runtime should not become a second transcript database.