sleepy
51123212c4
Harnesses under analysis: - opencode (Go-based coding agent) - pi (minimal terminal coding harness by Mario Zechner) - hermes (Nous Research agent) - forgecode (AI pair programmer with sub-agents) Each harness folder contains: - repo/: Source code from respective repositories - feedback/localllm/: Community feedback for local/smaller models - feedback/frontier/: Community feedback for frontier models Research focus: Tool handling, skills systems, prompt engineering, context management, and best practices for smaller/local models.
3.3 KiB
ForgeCode Privacy & Security Concerns - Feedback Report
Topic: Data collection, telemetry, privacy
Source References: GitHub Issue #1318, Discussion #2545, DEV Community, Reddit
Date Compiled: April 9, 2026
Overview
Despite ForgeCode's claim that "Your code never leaves your computer," there are significant community concerns about telemetry and data collection practices.
Documented Privacy Issues
GitHub Issue #1318
Status: Referenced as "red flag" by community members
Reported Concerns:
- Default telemetry collects:
- Git user emails
- SSH directory scans
- Conversation data sent externally
GitHub Discussion #2545
Title: "Clarity about data collected that involves code"
Key Points:
- Privacy policy mentions collecting commands
- Data can be stored and transferred in many ways
- ForgeCode Services (optional) may process data differently than local CLI mode
Distinction:
- Local CLI mode: Claims to run entirely on local machine
- ForgeCode Services: Optional features that provide additional capabilities, may process data externally
Mitigation
Disable Tracking
FORGE_TRACKER=false # Disables all tracking
ForgeCode Services Clarification
From Discussion #2545:
"ForgeCode Services are optional features that provide additional capabilities beyond the purely local CLI experience. If a user chooses to enable those services, some data relevant to those features may be processed by the service."
Community Sentiment
Reddit r/ClaudeCode
"Specifically for Forgecodedev, I haven't used it yet since they are not transparent about user data which is a red flag to me."
DEV Community (Liran Baba)
- Mentions telemetry concerns in comparison article
- Notes the FORGE_TRACKER=false mitigation
Benchmark Controversy Connection
Some users connect privacy concerns to benchmark results:
"I am concerned about their proprietary layer, which I believe is a big part of what moved their bench scores from ~25% to ~81%. Currently it is free to use but may change in the future."
Note: ForgeCode Services (proprietary layer) was used for benchmark evaluations, which differs from purely local CLI mode.
Transparency Issues
- Telemetry defaults: Enabled by default, must explicitly disable
- Data scope: SSH directory scanning not clearly documented upfront
- ForgeCode Services: Connection between services and benchmark results not immediately obvious
- Proprietary layer: Some components not open source
Recommendations for Privacy-Conscious Users
- Set FORGE_TRACKER=false before using
- Avoid ForgeCode Services if local-only operation is required
- Audit code: Harness is open source (Apache 2.0), can be inspected
- Use own API keys: Don't rely on any bundled/free tier that might require data sharing
Source References
- GitHub Discussion: https://github.com/antinomyhq/forgecode/discussions/2545
- GitHub Issue #1318: Referenced in multiple community discussions
- DEV Community: https://dev.to/liran_baba/forgecode-vs-claude-code-which-ai-coding-agent-actually-wins-36c
- Reddit r/ClaudeCode: https://www.reddit.com/r/ClaudeCode/comments/1royhni/someone_is_using_forgecodedev/