Your code stays where you put it.
Three of Skene's four surfaces never see your code leave your infrastructure. The fourth, the cloud API, is opt-in. Here is what runs where.
Local MCP server
Runs on the developer's machine. Your source code never leaves the laptop. The MCP server talks to the coding agent locally over stdio. No outbound network calls, no telemetry by default.
GitHub Action
Runs inside your own GitHub Actions runner, on your own infrastructure. Skene's binary is pulled from a verified release; the run itself stays inside your repo's CI environment. The PR comment is posted via the GitHub API the action is already authorized for.
Cloud validation API
Opt-in. Source code transits over TLS to a workspace tied to your repository. The indexed manifest lives in an isolated workspace; manifests are not pooled, not used to train models, not shared across customers. Customer code is deleted after each indexing run.
One-time repo audit
Runs locally via the CLI. The audit produces a manifest file you can inspect, commit, or throw away. No cloud round-trip unless you opt in.
Three things worth being explicit about
Open-source core
Parser, indexer, and comparator are on GitHub. Read the source. Run it offline. Vendor it if you need to.
No analytics on Skene's analytics tool
Skene does not collect telemetry on the analytics calls it validates. We do not see your event names, your customer property values, or your funnel shapes.
Workspace isolation on cloud
Each repository indexed via the cloud API has its own workspace. Cross-workspace access is not configurable.
See what your last 10 PRs quietly broke.
Install in a minute. The first repo audit runs in about as long as your CI does.
