Security & Privacy

How Agent Nine handles your data and protects your code.

How Data Flows

Chat Mode (Cloud)

You → Agent Nine → AI API → Agent Nine → You

• Your messages are sent to the AI API for processing
• Code runs in an isolated cloud sandbox
• No access to your local files
• Session history is stored on our servers (configurable retention)

Code Mode (Local)

You → Agent Nine (on your machine) → AI API → Agent Nine → You

• Agent Nine reads files locally on your machine
• Only relevant file context is sent to the AI API
• Commands run directly on your machine
• Your full filesystem is never sent — only files you reference or that Agent Nine needs

What Is Sent to the AI API

• Your messages
• File contents that Agent Nine needs to answer your request
• Tool results (command output, search results)

What Is NOT Sent

• Your entire filesystem or project
• Files you haven't referenced
• Git history (unless you specifically ask about it)
• Passwords, API keys, or credentials (detected and blocked automatically)
• Your settings or profile data

Command Security

Agent Nine blocks dangerous commands before they run:

Blocked automatically

• rm -rf /, rm -rf ~, rm -rf *
• git reset --hard, git clean -fdx
• DROP TABLE, DROP DATABASE
• mkfs, dd if=/dev/zero
• Format/delete disk commands

Requires explicit approval

• git push --force
• npm publish
• Commands that modify system configuration
• Commands that send data to external URLs

Always auto-approved

• Read-only commands: ls, cat, grep, git status, git log
• Build commands: npm install, npm run build, npm test

Injection detection

Agent Nine detects and blocks command injection attempts:

• Encoded payloads (base64, hex, unicode escaping)
• Nested command substitution
• Pipe chains ending in destructive operations
• Script downloads via curl/wget piped to shell

Credential Protection

Agent Nine automatically detects and avoids sending sensitive data:

• .env files
• Private keys and certificates
• API keys and tokens
• credentials.json, secrets.yaml, and similar files

If a file appears to contain credentials, Agent Nine will warn you before including it.

Data Retention

Data	Retention
Session messages	Stored until you delete them
AI API	Anthropic zero-retention policy — inputs/outputs are not stored or used for training
Local files	Never leave your machine (Code mode)
Account data	Deleted when you delete your account

No Training

Your data is never used to train AI models. Anthropic's API has a zero-retention policy — your inputs and outputs are not stored on their servers.

Tips for Sensitive Projects

• Use Code mode to keep files local
• Review commands before approving them
• Put sensitive files in .gitignore — Agent Nine respects it
• Use the Default permission mode for maximum control
• Set up a agentnine.md with rules like "never read files in secrets/"