Skip to content

Security and Privacy

Jump to bottom
Spencer edited this page May 22, 2026 · 1 revision

Security And Privacy

Coder Studio is local-first: the server runs on your machine and opens your local project directories. That makes the security model different from a hosted cloud IDE.

What Runs Where

  • Coder Studio server runs on your machine.
  • The web UI is served from that local server.
  • Project files are read from local directories that you open as workspaces.
  • Claude Code and Codex run through their local CLIs when you start those sessions.
  • SQLite stores Coder Studio local state.

What Leaves Your Machine

Coder Studio itself is not a hosted cloud service. However, provider CLIs such as Claude Code or Codex may send prompts, code context, terminal output, or other task data according to their own behavior and configuration.

Review the provider CLI's documentation and account settings if you need strict data-handling guarantees.

Authentication

Before allowing access from another device, set a password:

coder-studio config --password <strong-password>
coder-studio serve --restart

Authentication is especially important when using:

  • LAN access from other devices
  • Tailscale Funnel
  • ngrok
  • Cloudflare Tunnel
  • Any public or semi-public network

Network Exposure

By default, local access is the safest mode. Remote access increases risk because anyone who reaches the service may be able to interact with files, terminals, sessions, and AI tools.

Recommended order:

  1. Local browser access on the same machine
  2. Tailscale for your own devices
  3. Cloudflare Tunnel with an identity layer
  4. ngrok for temporary demos
  5. Direct public port exposure only if you fully understand the risk

Do not expose Coder Studio without authentication.

Project Safety

Be cautious when opening:

  • Private company repositories
  • Repositories with secrets in files or environment variables
  • Production infrastructure scripts
  • Projects with destructive commands in common workflows

Coder Studio provides a workspace. The AI provider and shell commands can still make changes according to the permissions available on your machine.

Practical Checklist

  • Set a password before cross-device use.
  • Prefer Tailscale for personal remote access.
  • Keep provider CLIs updated.
  • Review Git diffs before committing AI-generated changes.
  • Stop tunnels when you no longer need them.
  • Avoid using public links for sensitive repositories.

Clone this wiki locally