Agent Island reads local Claude Code and Codex artifacts to build status signals and local reports. There is no Agent Island account and no product telemetry pipeline receiving session content.

What the app reads
The status scanner examines recent local session records and the events required to distinguish activity from completion. Reporting features aggregate token and model fields from local records. Provider usage requests use the credentials already available on the machine.
What leaves the machine
Agent Island does not upload the underlying transcript to an Agent Island service. A report image is rendered locally. Copying it to the clipboard or opening the system share picker requires an explicit click.
Local-first does not make every screenshot safe. A user still controls what gets copied, shared, or attached to a bug report.
Report problems without leaking data
Terminal output, transcript excerpts, local paths, OAuth state, and provider tokens can contain sensitive information. Redact them before opening a public issue. Security issues should go through GitHub Security Advisories when that private route is available.
The security scope
Useful reports include unexpected transcript exposure, incorrect handling of local credentials, or release integrity failures introduced by Agent Island. Upstream vulnerabilities belong with the upstream project unless Agent Island adds a separate risk.
The latest 1.6.x release is the supported public line at the time of publication.
← All posts