Runs on your machines. Nothing goes to our servers except license checks.
DevIntern is a tool you run, not a cloud that runs your code. Your source, your tracker credentials, and your model keys stay on your network, and each credential is sent only to the vendor it belongs to. This page lists exactly where every secret lives and where it goes.
The full inventory
Every credential, where it lives, where it goes
All credentials live in a project-local .devintern-code/.env
file on your machine. devintern init
adds it to your .gitignore automatically.
Jira credentials
JIRA_EMAIL, JIRA_API_TOKEN
Atlassian's API only
Fetch tasks, move statuses, post summaries
Linear API key
LINEAR_API_KEY
Linear's API only
Fetch and update issues
Trello credentials
TRELLO_API_KEY, TRELLO_API_TOKEN
Trello's API only
Fetch and update cards
Asana / Azure DevOps tokens
provider-specific
Their own APIs only
Fetch and update tasks
GitHub / Bitbucket tokens
GITHUB_TOKEN, BITBUCKET_TOKEN
Your repo host only
Open pull requests, read review comments
AI provider keys
e.g. ANTHROPIC_API_KEY
Your AI provider only
Your coding agent runs on your own contract
Git push credentials
your existing SSH key or credential helper
Your repo host only
Push branches, exactly as you do by hand
DevIntern license key
LICENSE_KEY
DevIntern's license API
The single credential that ever reaches us: an entitlement check
The license key is the only secret that ever flows to DevIntern, and it authorizes nothing outside DevIntern's own services.
By design
What DevIntern's servers never hold
There is no server-side copy of your work to secure, subpoena, or leak, because the architecture never sends it to us in the first place. Security review gets a short answer: the tools run where your code already lives.
- Your source code, diffs, or repository contents
- Your tracker credentials (Jira, Linear, Trello, Asana, Azure DevOps)
- Your GitHub or Bitbucket tokens
- Your AI provider keys
- Ticket bodies, review comments, or pull request contents
Filesystem hygiene is built in: credentials are confined to the project-local env file, which is git-ignored on creation.
FAQ
Security questions, answered plainly
What data does DevIntern send to its own servers?
A license check: your license key and enough context to validate the entitlement. That is the complete list. Task content, code, prompts, and credentials never leave your environment.
Where do my credentials physically live?
In a .devintern-code/.env file inside your project directory, on your machine or server. devintern init creates it and adds it to .gitignore automatically so it cannot be committed by accident.
Which model sees my code?
Only the one you configure. DevIntern drives the coding agent you choose, with your own keys, so your code goes to your AI provider under your existing contract and nowhere else.
Does anything run in DevIntern's cloud?
No. All execution, including scheduled runs and the review webhook server, happens on hardware you control: a laptop, a devbox, a VM, or your CI.
Bring it to your security review
Questions this page does not answer? Ask, and we will answer them in writing.