Edgebase runs locally and indexes source code from the repository where it is installed.
- It does not call a cloud API.
- It does not require API keys.
- It does not upload source code.
- It does not execute repository code during indexing.
- It does not install Docker containers or external services.
Edgebase may write:
.edgebase/index.sqlite3- agent MCP config files
- a marker-bounded
AGENTS.mdblock .git/hooks/post-commit- Claude Code and Codex hook entries
- project skills under
.claude/skills/or.agents/skills/
Use python3 -m edgebase disable --scope both to remove or disable generated integrations.
Please report security issues privately to the repository owner rather than opening a public issue with exploit details.
Include:
- Edgebase version or commit
- operating system
- command run
- affected config file
- whether untrusted repository content was involved