Privacy guard
aiscope is a read-only, offline tool by design. Three guarantees:
1. Zero network
aiscope makes no network requests. Ever. No telemetry, no update checks,
no crash reporting. You can verify with strace, Wireshark, or by reading
the source — there are no reqwest, ureq, or hyper dependencies in the
[dependencies] block of Cargo.toml.
2. Zero writes (unless you pass --card)
aiscope opens every file as read-only. The only file it ever writes is
the PNG you ask for via --card path.png.
3. Scope respect
By default, aiscope only reads files inside your repo.
- It does not read
~/.claude/CLAUDE.mdunless you pass--user. - It never reads
~/.claude/projects/(your transcript history) — even with--user. That directory is on the explicit deny-list. - It does not follow symlinks out of the repo.
- It respects
.gitignore— files ignored by git are skipped.
What about secrets?
Memory files are markdown — they're meant to be committed and shared. aiscope
prints the content of those files as part of diagnostics. If you put
secrets in copilot-instructions.md, they'll appear in aiscope --diag
output. Don't do that.
Want even tighter sandboxing?
firejail --net=none --read-only=/ --read-only=/home/$USER aiscope check .
Or run inside a Docker container with --network=none.
See it for yourself
strace -e trace=network aiscope check .
# (no output — no network syscalls)