Initial commit: coding harness feedback analysis

Harnesses under analysis:
- opencode (Go-based coding agent)
- pi (minimal terminal coding harness by Mario Zechner)
- hermes (Nous Research agent)
- forgecode (AI pair programmer with sub-agents)

Each harness folder contains:
- repo/: Source code from respective repositories
- feedback/localllm/: Community feedback for local/smaller models
- feedback/frontier/: Community feedback for frontier models

Research focus: Tool handling, skills systems, prompt engineering,
context management, and best practices for smaller/local models.

forgecode/feedback/frontier/privacy-security-concerns.md

@@ -0,0 +1,97 @@
+# ForgeCode Privacy & Security Concerns - Feedback Report
+
+**Topic:** Data collection, telemetry, privacy  
+**Source References:** GitHub Issue #1318, Discussion #2545, DEV Community, Reddit  
+**Date Compiled:** April 9, 2026
+
+---
+
+## Overview
+
+Despite ForgeCode's claim that "Your code never leaves your computer," there are significant community concerns about telemetry and data collection practices.
+
+---
+
+## Documented Privacy Issues
+
+### GitHub Issue #1318
+**Status:** Referenced as "red flag" by community members
+
+**Reported Concerns:**
+- Default telemetry collects:
+  - Git user emails
+  - SSH directory scans
+  - Conversation data sent externally
+
+### GitHub Discussion #2545
+**Title:** "Clarity about data collected that involves code"
+
+**Key Points:**
+- Privacy policy mentions collecting commands
+- Data can be stored and transferred in many ways
+- ForgeCode Services (optional) may process data differently than local CLI mode
+
+**Distinction:**
+- **Local CLI mode:** Claims to run entirely on local machine
+- **ForgeCode Services:** Optional features that provide additional capabilities, may process data externally
+
+---
+
+## Mitigation
+
+### Disable Tracking
+```bash
+FORGE_TRACKER=false  # Disables all tracking
+```
+
+### ForgeCode Services Clarification
+From Discussion #2545:
+> "ForgeCode Services are optional features that provide additional capabilities beyond the purely local CLI experience. If a user chooses to enable those services, some data relevant to those features may be processed by the service."
+
+---
+
+## Community Sentiment
+
+### Reddit r/ClaudeCode
+> "Specifically for Forgecodedev, I haven't used it yet since they are not transparent about user data which is a red flag to me."
+
+### DEV Community (Liran Baba)
+- Mentions telemetry concerns in comparison article
+- Notes the FORGE_TRACKER=false mitigation
+
+---
+
+## Benchmark Controversy Connection
+
+Some users connect privacy concerns to benchmark results:
+
+> "I am concerned about their proprietary layer, which I believe is a big part of what moved their bench scores from ~25% to ~81%. Currently it is free to use but may change in the future."
+
+**Note:** ForgeCode Services (proprietary layer) was used for benchmark evaluations, which differs from purely local CLI mode.
+
+---
+
+## Transparency Issues
+
+1. **Telemetry defaults:** Enabled by default, must explicitly disable
+2. **Data scope:** SSH directory scanning not clearly documented upfront
+3. **ForgeCode Services:** Connection between services and benchmark results not immediately obvious
+4. **Proprietary layer:** Some components not open source
+
+---
+
+## Recommendations for Privacy-Conscious Users
+
+1. **Set FORGE_TRACKER=false** before using
+2. **Avoid ForgeCode Services** if local-only operation is required
+3. **Audit code:** Harness is open source (Apache 2.0), can be inspected
+4. **Use own API keys:** Don't rely on any bundled/free tier that might require data sharing
+
+---
+
+## Source References
+
+1. **GitHub Discussion:** https://github.com/antinomyhq/forgecode/discussions/2545
+2. **GitHub Issue #1318:** Referenced in multiple community discussions
+3. **DEV Community:** https://dev.to/liran_baba/forgecode-vs-claude-code-which-ai-coding-agent-actually-wins-36c
+4. **Reddit r/ClaudeCode:** https://www.reddit.com/r/ClaudeCode/comments/1royhni/someone_is_using_forgecodedev/