Trust & safety

Does my code stay private?

Yes. CatWrangler is hosted, with one isolated server per customer — nothing is shared with anyone else, and there's nothing to install or self-host. Your credentials stay structurally out of your agents' reach, and you can take your repo back out in one shot.

Privacy here isn't a setting you have to get right — it's the shape of the thing. Each customer gets their own isolated server, and the keys live somewhere agents can't touch.

How your code stays yours

  • One isolated server per customer. Your code and your agents' work never share space with another customer.
  • Hosted, so there's nothing to install or self-host — and no infrastructure of your own to harden.
  • Credentials and the write path are structurally out of agents' reach. An agent can't slip past the gates because it never holds the keys.
  • Real team access control: login, SSO, and per-org membership decide who gets in.
  • No lock-in. A repo can be brought in or taken back out in a single shot, whenever you want.

Why "out of reach" matters more than a promise

An agent that doesn't hold the credentials can't bypass the write path, can't push around the gates, and can't reach another customer's work. That's not a rule we ask it to follow — it's simply not wired to. The same boundary that keeps your code private is what keeps the gates honest.

Related questions

Can I get my code back out if I leave?

Yes. There's no lock-in. Real version control runs underneath, and your repo can be taken back out in one shot, exactly as it can be brought in.

Do my agents ever hold the credentials to the server?

No. Credentials and the write path sit structurally out of agents' reach. An agent works through CatWrangler's gates because it never holds the keys to go around them.

Keep reading

Vibe-Engineering

Many agents. One codebase. Zero collisions.

Point your agents at CatWrangler and build — the discipline runs underneath.

Start free →private beta — come early