/docs/telemetry
Telemetry & privacy.
Everything is off by default. Rugproof sends nothing off your machine unless you explicitly opt in. Your contract source, file paths, and findings are never transmitted.
What can be enabled
| Flag | Default | If enabled, sends |
|---|---|---|
telemetry.enabled | false | plugin version + command name + success/fail outcome. Nothing else. |
telemetry.crash_reports | false | anonymized stack traces (no source, no paths). |
telemetry.endpoint | blank | nothing — a blank endpoint disables network send entirely. |
update_check.enabled | true | a single request to the GitHub releases API to compare versions. |
The exact payload shape lives in scripts/src/telemetry.ts — read it; it is intentionally tiny.
Hard privacy switches
privacy_mode: true # never send anything; cache in tmpfs only offline: true # no external API calls at all (also: RUGPROOF_OFFLINE=1)
With offline: true (or RUGPROOF_OFFLINE=1) every network path — telemetry, update check, block explorers, GitHub history — is disabled. Local analysis, local forks (anvil), and the LLM still work.
Opting out of update notifications
update_check: enabled: false notify_on_run: false
Principles
- Opt-in, never opt-out.
- No source code, file paths, addresses, or findings ever leave your machine.
- A blank endpoint means no send, even if a flag is on.
- The full payload is open-source and inspectable.