Security

How RPGTools Suite handles your code, and how to report a vulnerability.

RPGTools Suite analyzes source code that is, by nature, among the most sensitive assets an organization owns. CoreStratos designs the product so that your code stays under your control at all times.

How RPGTools Handles Your Code

Local-only processing

All parsing, analysis, and generation runs locally — in your CLI, your VS Code instance, or your self-hosted Web UI. Your RPG source code is never sent to a CoreStratos service or any third party.

No telemetry

RPGTools Suite collects no usage telemetry. It does not phone home, and it transmits no information about your code, your environment, or your activity back to CoreStratos.

Connections you control

Connections to IBM i systems (SSH/SFTP, ODBC) are initiated by you, to endpoints you define, using credentials you manage. CoreStratos is never an intermediary in that exchange.

No runtime footprint

RPGTools is an analysis and generation toolchain, not a runtime layer. It introduces no agent, no daemon, and no persistent service into your production environment.

Reporting a Vulnerability

Responsible disclosure is welcome and appreciated.

If you believe you have found a security vulnerability in RPGTools Suite or on this website, please report it to us privately so we can address it before any public disclosure.

  • Contact: contact@corestratos.com
  • Subject line: please prefix with [SECURITY]
  • Useful details: affected component and version, reproduction steps, and potential impact.

Our commitment

  • We aim to acknowledge a valid report within 5 business days.
  • We will keep you informed as we investigate and remediate.
  • We will not pursue legal action against researchers acting in good faith, who respect user privacy, avoid service disruption, and do not access or modify data beyond what is necessary to demonstrate the issue.

Please allow a reasonable period for remediation before any public disclosure. We are a small team and treat every report seriously.