> ## Documentation Index
> Fetch the complete documentation index at: https://docs.drdroid.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Source Code Security

> This document highlights how DrDroid handles source code securely.

Giving access to source code obviously raises questions about security. DrDroid handles source code with utmost care and security.

### How Droid Agent handles your code?

Ephemeral machines:

* When the agent wants to analyse the code, it spawns a Micro VM using an industry standard tool - [E2B](https://e2b.dev/).
* The code is cloned into the VM and is analysed using our coding agent (built on Claude Code). The VM is destroyed after the analysis is complete.
* Each session is unique and has no context transfer from previous sessions or to Claude for any training.
* The code is not stored on our cloud and its copy is destoyed along with the VM.
* This process is repeated from scratch each time the agent decides to analyse the code with no caching or backup.

Permission Controls:

* The PR is generated by pushing into a branch cut from your main/default branch. Agent does not have access to make changes to the default branch.
* Any rules you have created on your repositories to prevent direct push into main branch without a PR strictly apply here also.
* Pushing the new branch to Github and creating the PR are done outside of the coding agent's scope by the platform, hence ensuring agent does no.