Safety

TasteCode:

  • ✅ Reads only tastecode.md and its fallbacks. Never .env, .git, or node_modules.
  • ✅ Refuses to send the taste file to a model if it looks like it contains secrets (API keys, tokens, passwords).
  • ✅ Does not modify source files itself — the wrapped agent does, under its own permissions.
  • ✅ Does not contact any service. Network calls come from the provider CLI, not from TasteCode.