Privacy & data
Agent Karma is local-first by design. Seven promises, hardcoded into how it works:
Local-first. No source code captured. No terminal output captured.No cloud upload. No telemetry. No login. No surveillance.What it records — metadata only
Section titled “What it records — metadata only”- File-change events — file names only (including edits made by AI agents
or the CLI, gated by
agentKarma.captureExternalFileChanges). Never file contents. - Validation command types — that you ran a Test / Build / Lint / Type Check. The raw command string is classified, then discarded.
- A git diff summary — file and line counts, never the diff content.
- The short SHA of commits — never the message, diff, author, or files.
- Your typed intent text — recorded locally by default (so your cards and
dashboard read back meaningfully). Turn it off with
agentKarma.capturePromptText; either way it never leaves your machine, and the prompt-clarity score never reveals it.
What it never captures
Section titled “What it never captures”- Your source code.
- Your terminal output.
- Your keystrokes.
Where your data lives
Section titled “Where your data lives”Local JSON under VS Code’s per-extension storage, on your machine. No backend, no account, nothing leaves your computer. The extension makes no network calls — a Prime Directive enforced in CI.
Your controls
Section titled “Your controls”- Export the current session as JSON or Markdown (metadata only).
- Reset Karma History — clears sessions and the trend, keeps your settings.
- Delete All Local Data — wipes everything, one command.
- Per-setting granularity over what’s captured at all.
Uninstalling removes the tool; for a privacy-first coach, your local data going with it is the point.