No hosted code index by default.
Repository content is indexed locally and stored in a local SQLite database unless a customer explicitly agrees to a different enterprise deployment.
Security center
Local code context with a narrow billing boundary.
AiIndexer is designed so the product value lives on the developer machine, while Stripe handles payment state.
Secrets and noisy paths are avoided.
Default filters skip dependencies, build outputs, caches, archives, binary assets, environment files, and common secret-bearing paths.
Stripe stays out of source context.
Stripe receives customer, subscription, and plan metadata. It does not need repository content to issue an entitlement.
Offline entitlement can be sold separately.
Enterprise customers can request offline licensing, procurement support, and a security review package.
Launch posture
Production controls already mapped.
- Signed license tokens gate paid local features.
- Webhook signature verification protects Stripe events.
- Static site headers restrict scripts, frames, and content sources.
- Commercial license separates evaluation, Pro, Team, and Enterprise use.
- Production binaries verify licenses with the compiled Ed25519 public key; the private key stays in billing.
Supply chain
Dependency inventory is published with releases.
SBOM
The public software bill of materials lists Cargo and npm components used to build and operate AiIndexer.
Release evidence
Release provenance, checksums, signatures, and SBOM are served with the latest release manifest.