LocalPilotVS Code local AI assistant

Privacy and security

Local-first defaults with explicit edit control

LocalPilot is designed to avoid cloud AI APIs and telemetry while still giving useful editor assistance.

No cloud AI APIs

Code context is prepared inside VS Code and sent only to the configured Ollama REST API host. The default is http://localhost:11434.

No telemetry

LocalPilot does not collect usage, prompts, completions, files, errors, or workspace metadata.

Host is user-controlled

If localpilot.ollamaHost is changed, requests go to that configured host. Users are responsible for their Ollama server and installed models.

Clipboard is intentional

LocalPilot writes to the clipboard only when the user chooses a copy action.

Safety filters

Files LocalPilot avoids reading

The context builder blocks sensitive or noisy paths before prompt construction and skips oversized files based on configuration.

  • .env files and .env variants
  • Private key names such as id_rsa and id_ed25519
  • .pem and .key files
  • Lock files such as package-lock.json, yarn.lock, and pnpm-lock.yaml
  • Generated and dependency folders such as node_modules, dist, build, and coverage
  • Minified or bundled files
  • Files larger than localpilot.maxFileSizeKb

Secret redaction

Prompt text is scrubbed before Ollama calls

Secret-like strings are replaced with a redaction marker before they are sent to the configured model.

  • Private key blocks
  • AWS-style access keys
  • API key, secret, token, and password assignments
  • JWT-like values
  • Very long token-like strings