Local-only processing
All parsing, analysis, and generation runs locally — in your CLI, your VS Code instance, or your self-hosted Web UI. Your RPG source code is never sent to a CoreStratos service or any third party.
How RPGTools Suite handles your code, and how to report a vulnerability.
RPGTools Suite analyzes source code that is, by nature, among the most sensitive assets an organization owns. CoreStratos designs the product so that your code stays under your control at all times.
All parsing, analysis, and generation runs locally — in your CLI, your VS Code instance, or your self-hosted Web UI. Your RPG source code is never sent to a CoreStratos service or any third party.
RPGTools Suite collects no usage telemetry. It does not phone home, and it transmits no information about your code, your environment, or your activity back to CoreStratos.
Connections to IBM i systems (SSH/SFTP, ODBC) are initiated by you, to endpoints you define, using credentials you manage. CoreStratos is never an intermediary in that exchange.
RPGTools is an analysis and generation toolchain, not a runtime layer. It introduces no agent, no daemon, and no persistent service into your production environment.
Responsible disclosure is welcome and appreciated.
If you believe you have found a security vulnerability in RPGTools Suite or on this website, please report it to us privately so we can address it before any public disclosure.
[SECURITY]Please allow a reasonable period for remediation before any public disclosure. We are a small team and treat every report seriously.