DocPro for IT & Security Teams

Deployment

Two components. Both user-space.

DocPro consists of a VS Code extension and an MCP (Model Context Protocol) server. Neither installs system services, modifies kernel drivers, or requires permanent elevated rights.

VS Code Extension

Installs from the VS Code Marketplace. No admin rights required. Signed and distributed by Microsoft's extension infrastructure.

MCP Server

A Node.js process registered in ~/.claude/ (user profile only). No system-wide paths modified. Launched by Claude Code on demand.

Marketplace path: Install the VS Code extension from the Marketplace without running any external script. This is the lowest-friction, least-privileged path.
Admin installer path: irm https://docpro.cloud/api/ide/download/installer | iex installs Node.js dependencies and registers the MCP server. You can download and inspect the script before executing: irm https://docpro.cloud/api/ide/download/installer -OutFile docpro-install.ps1
Windows only today: The automated installer is Windows-only. macOS is under development.

AppLocker / ThreatLocker / Intune

The VS Code extension is distributed via the VS Code Marketplace, which is allowlisted by many enterprise security policies by default. The MCP server runs as a user-space Node process — it is not a signed Windows service. For policy-constrained environments, contact the team to discuss deployment options.

Access Control

Per-user keys. Server-side revocation.

Access is controlled by API keys scoped to individual accounts. Keys start with dp_ and are generated in the DocPro settings panel. Administrators can revoke access by disabling a user's account.

JWT authentication: 8-hour expiry, server-side token version revocation. A revoked session cannot reconnect even if the JWT has not yet expired.
Account lockout: Repeated failed login attempts trigger lockout stored in the database (not in-memory, enforced across all server workers).
MFA on sensitive operations: Account deletion and phone number changes require multi-factor authentication.
No shared credentials: API keys are per-account. There is no shared service account or team-wide key.

Data Isolation

Per-account isolation enforced at every query.

Every database query that returns user data filters by user_id. Attempting to access another user's data returns 404, not 403 — this prevents account enumeration.

No cross-account reads: Team memory, project context, and session data are scoped to the authenticated account. There is no admin query surface that exposes one user's data to another user.
Credential encryption: API keys, OAuth tokens, and SSH keys stored by DocPro are encrypted at rest with Fernet symmetric encryption. The encryption key is an environment variable on the server, not stored in the database.
Passwords: Hashed with bcrypt. Never stored in plaintext.

Honest limit

Conversation content and memory text are not field-encrypted at rest. Only credential/secret data (API keys, OAuth tokens, SSH keys) receives Fernet encryption. Conversation sessions, team memory, and project context are stored as plaintext in the database. If field-level encryption of conversation content is a requirement, DocPro does not currently meet it.

Data Flow

What leaves a developer’s machine.

Developers interact with DocPro through the VS Code sidebar and Claude Code. Here is what transmits to DocPro's servers during a session:

Session content: The text of what a developer types or pastes into a DocPro session — described tasks, questions, context they provide. This is stored as session history.
Project context: Descriptions of the project a developer is working on, saved by the team across sessions. Not automatic file scanning — only what a developer explicitly shares.
Team memory: Team observations across sessions — preferences, architecture decisions, corrections noted by the AI team. Developer-controlled and deletable.
API key (for setup): The DocPro API key (dp_ prefix), entered once during install and stored in the local MCP configuration.
Source code files are not automatically transmitted. DocPro does not scan or upload your codebase. Code reaches DocPro only if a developer explicitly pastes or shares it in a session.
No telemetry or analytics agents: The VS Code extension and MCP server do not send usage telemetry, keystroke logging, or file access data to DocPro.

Deletion

Granular deletion down to full erasure.

Developers can delete specific memories, entire projects, or their full account. Account deletion cascades across 25+ tables and requires MFA confirmation.

Delete individual team memories: Each team member's memory can be deleted item by item, or cleared entirely per team member.
Delete individual projects: Remove a project and its associated context.
Full account erasure: Deletes the account and cascades across all associated data — sessions, memories, projects, credentials, voice settings, meeting history, provisioned infrastructure. Requires MFA.

Honest limits

No data export: There is currently no endpoint to export a user's data before deletion. A developer can read their own data through the DocPro interface, but bulk export is not available yet.

No automatic retention or expiry policy: Data does not auto-expire on a schedule. Deletion is user-initiated.

No customer-facing audit log: Provisioning events and settings changes are logged server-side, but there is no per-user action log exposed to the account holder or an IT administrator.

Infrastructure

Where DocPro runs today.

DocPro is hosted on AWS Lightsail in the us-east-1 region. The backend is a Python/FastAPI application behind nginx. Infrastructure is managed by DocPro; developers do not have access to the underlying servers.

Hosting

AWS Lightsail, us-east-1. DocPro-managed account today. BYO cloud option arrives July 2026.

Transport

HTTPS everywhere. TLS termination at nginx. No unencrypted endpoints.

AI provider

Anthropic Claude API. DocPro is an independent platform built on Claude; it is not affiliated with Anthropic.

IP logging

nginx logs client IP addresses at the infrastructure level. This is standard web server behavior and is disclosed here.

Coming

What’s on the roadmap for IT.

BYO cloud (July 2026): Bring your own AWS account. DocPro provisions and manages the infrastructure under your account, not ours. Your data stays in your AWS environment.
Data export: A mechanism for users to export their data before deletion. Planned but not yet available.
Retention policies: Automatic expiry or archival of session data on a configurable schedule. Planned.
Customer-facing audit log: A per-user action history (sessions, settings changes, deletions) exposed through the DocPro interface. Planned.

Next Steps

Questions that aren’t answered here.

The Security page covers the developer-facing view: what's encrypted, how deletion works, and memory boundaries. This page covers the IT-facing view. If neither answers your question, reach the team directly.

Contact the team Security & privacy Get started

Last reviewed: June 2026. Claims on this page are grounded in a code-level audit of the DocPro backend; see Security for the methodology.