Cody Assistant is designed from the ground up as a local-first Windows application. Every security control described here is implemented in the current codebase — from Electron renderer sandboxing and IPC validation to atomic data writes and automatic daily backups. The only optional outbound network connection is the AI classification provider you configure; Outlook sync is 100% local via COM automation with no cloud credentials.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/miu-ll/Cody-assistant/llms.txt
Use this file to discover all available pages before exploring further.
Electron Renderer Hardening
Both Electron windows — the assistant panel and the pet window — are created with the strictest possible renderer settings:electron/main/index.ts
sandbox: true— Chromium sandbox is active; the renderer cannot access Node.js APIs directlycontextIsolation: true— the preload script and the page script run in separate V8 contexts, preventing prototype pollutionnodeIntegration: false— the renderer has no direct access to Node.js modules
electron/main/index.ts
IPC Security
Every IPC handler verifies that the call originates from a Cody-owned window before processing:electron/main/index.ts
false or null immediately without executing any logic. This prevents injected content or external pages from invoking Cody’s IPC surface.
Input Sanitization
Sensitive IPC inputs are normalized throughcleanText() before use:
electron/main/index.ts
| Input type | Max length constant | Value |
|---|---|---|
| Reminder title/body | MAX_REMINDER_TEXT | 240 characters |
| Notification title/body | MAX_NOTIFICATION_TEXT | 180 characters |
| Reminder ID | (inline) | 120 characters |
| External URL | (inline) | 2 048 characters |
safeFileName() to strip path-traversal characters (< > : " / \ | ? * and control chars) and limit length to 120 characters.
External URLs are only passed to shell.openExternal() if they start with https://. All other URL schemes are silently dropped.
Data Storage
All application data is stored exclusively on the user’s machine:No data is ever sent to Cody-operated servers. The only network connection Cody makes is the optional AI provider you configure in Settings.
Atomic writes
Data is never written directly tocody-data.json. Instead, Cody writes to a temporary file first and renames it atomically:
electron/main/index.ts
Automatic daily backup
Once per day, before any save, Cody copiescody-data.json to cody-data.backup.json. If the primary data file becomes corrupted or unreadable, Cody automatically falls back to the backup on the next load:
electron/main/index.ts
Size limits
| Limit | Constant | Value |
|---|---|---|
| Primary data file | MAX_DATA_BYTES | 5 MB |
| Export files | MAX_EXPORT_BYTES | 10 MB |
Network Isolation
Cody’s only outbound network connection is the AI classification provider — and only if you configure one. Outlook sync is entirely local via COM automation; no data leaves the machine during sync.
| Connection | Required | Description |
|---|---|---|
| Outlook Classic COM | Local only | PowerShell reads email/calendar on the local machine |
| Azure OpenAI | Optional | Only email subject + sender sent; body stays local |
| OpenAI | Optional | Only email subject + sender sent; body stays local |
| Cody servers | Never | No telemetry, analytics, or remote logging |
Sensitive Data — What Must Never Be Committed
The installer is configured withdeleteAppDataOnUninstall: false — uninstalling Cody does not delete user data. To fully remove all data, manually delete %APPDATA%/cody-desktop-assistant/.
Diagnostics Export
TheexportDiagnostics() function generates a report containing only metadata — no task content, no email subjects, no API keys:
Pre-Production Security Checklist
Before distributing to a wider audience or selling to enterprise customers:Code signing
Code signing
Sign the installer with a corporate code-signing certificate. Without signing, Windows SmartScreen shows an “unknown publisher” warning, and Windows 11 Smart App Control may block the installer entirely. Once signed with a trusted certificate, neither SmartScreen nor SAC interfere.
Dependency audit
Dependency audit
Run a Software Composition Analysis (SCA) scan on all npm dependencies using a tool approved by your IT security team. Review any high or critical CVEs before distributing.
Clean machine test
Clean machine test
Test the installer on a fresh Windows machine with no prior Cody installation. Verify that install, all core features, and uninstall all work correctly. Confirm that uninstall does not delete
%APPDATA%/cody-desktop-assistant/ without user consent.Azure OpenAI approval
Azure OpenAI approval
If enabling AI classification with Azure OpenAI, confirm with IT whether a formal data-processing agreement or approval is required before connecting to the corporate Azure tenant.
Incident reporting
Incident reporting
Define a process for reporting vulnerabilities. For internal pilots, direct reports to the project owner — do not open public GitHub issues with sensitive information.
Privacy Policy
Detailed breakdown of what data Cody stores and what leaves the machine
Enterprise Deployment
Pilot readiness, code signing, and Microsoft Store distribution