Guides
EN ES
Back to Fragua
Documentation
Transparency

What we store

What stays on your machine, what we keep, and what we never touch.

Fragua is the opposite of a black box. Your host, your keys, your repo — the orchestration is ours, but the code and the credentials stay yours. Here's the honest inventory of what lives where.

The short version: the web app is a control plane that watches and directs; your own machine does the work. Your source code never leaves your machine, and we keep the record of what the agents did so you and your team can see it later.

Stays on your machine
  • Your source code — the repository is cloned and worked on in a directory on your host. It's never copied into our database — we keep only the repository URL and branch.
  • Your AI key — the agent runs on your provider key, read from your host's environment. Fragua never receives or stores it.
  • Your GitHub access — pushes and pull requests use the git and gh credentials already on your machine. There's no GitHub app and no stored token.
Kept in Fragua's database
  • Repository URL & branch — the address of your repo and which branch to build from — text only, no credentials.
  • Your requests — the words you write to start a brief, spec, or issue, verbatim.
  • Generated documents — the briefs, plans, guides, specs, and diagnoses the agents write.
  • The run transcript — the full turn-by-turn record of each run, including what the tools returned.
  • Your uploaded files — Knowledge Base documents and the files you attach to a spec or issue.
  • Cost & usage — tokens, dollars, and the model used, per turn.
  • Build references — the branch name, working-copy path, and pull-request link for each build.
Worth being clear about

Because the transcript records everything an agent did, it can contain parts of your code — file paths, snippets, diffs, and the contents of files the agent read or changed. That's how the log stays a faithful record. It lives in Fragua's database alongside the rest of the run, visible to your team in the account; it's never shared across accounts.

Never stored

Some things we go out of our way to never hold.

Your AI provider key — it lives in your host's environment, never our database. There's no secret store for us to lose.

GitHub tokens & repo credentials — the host's existing access is used directly; we mint and keep nothing.

Your app's master key — when Fragua scaffolds a new app it shows the key once, then redacts it from the run log shortly after — it's never kept.

Your data, your call

Everything tied to a spec, an issue, or a workspace is removed when you delete it, and your team's data is always scoped to your account — cross-account leakage is the failure mode we treat most seriously. The token an agent uses to read workspace context is a Fragua-internal credential, stored hashed, scoped to one user, and revocable any time; it carries none of your code or keys.

See it in action

Watch the work, the cost, and the behavior of a run.

Read Watching your agents