Mainframe credentials are encrypted via the OS keychain, tap data stays in your user data folder, and the AI agent only sees your active prompt, recent chat context, and tool results.Documentation Index
Fetch the complete documentation index at: https://docs.hypercubic.ai/llms.txt
Use this file to discover all available pages before exploring further.
Where data lives
On your laptop
| Data | Where | Protection |
|---|---|---|
| Mainframe credentials | Encrypted secure store; key managed by the OS keychain (macOS Keychain, Windows DPAPI, Linux libsecret) | OS-managed encryption at rest |
| Anthropic API key | Same encrypted secure store | Same |
| Tap data (data snapshots) | Local file in your user data folder | Plain. See “Production data” below. |
| Logs | Local file in your user data folder | Plain. See “Logs” below. |
~/Library/Application Support/Hopper/, Windows: %APPDATA%\Hopper\, Linux: ~/.config/Hopper/).
On the mainframe
Hopper installs nothing on the mainframe. It connects over standard TN3270, plus FTP if you’ve added credentials. When you create a data tap (a VSAM snapshot), Hopper allocates a temporary sequential dataset under your HLQ to stage the data. Ask the agent to drop the tap when you’re done. If you don’t, it persists, but only within your HLQ permissions.In Anthropic’s systems
When you use the agent, the API call sends your prompt and recent chat context toapi.anthropic.com. Anthropic’s data policy governs what they do with that data. Their default does not train on API customer data, but check their current policy.
What gets sent:
- Your active prompt
- Recent chat context (with hidden-field placeholders, no real values)
- Tool call results the agent needs to interpret
- A small system prompt with general mainframe context
- Mainframe credentials
- Hidden-field content from the terminal
- Anthropic API key (the auth header carries it, not the message body)
- Logs, tap data, or anything outside the active conversation
On Hypercubic-controlled servers
Nothing during normal operation. Hopper does not call back to a Hypercubic-controlled service except for update checks.Credential handling
Mainframe credentials
Stored in the OS keychain. Hopper retrieves them when needed. They never enter the chat agent’s context. For actions that need credentials (e.g., a CICS signon), the agent calls a tool likecics_signon with no credentials in the call. Hopper’s sidecar process loads the credentials directly from the secure store and applies them. The model never sees the values.
Anthropic API key
Stored in the OS keychain. Used only to callapi.anthropic.com. Never sent to anyone else, never logged.
Other secrets
If you have additional credentials (DB2 users, third-party API keys), Hopper does not know about them. They live wherever your mainframe applications expect them. Hopper does not intercept or store them.Redaction
Hidden terminal fields
z/OS terminals expose hidden fields (typed input that’s not displayed, like passwords). Hopper masks the typed characters with bullets (•), one bullet per character, before they reach any boundary:
- Chat agent input: bullets only
- Logs: same
Pasted secrets
If you paste secrets into chat, Hopper does not redact them. It cannot tell what’s secret. Treat the chat input the way you’d treat a Slack message. If you’ve pasted something sensitive by accident, click the trash icon at the top of the chat panel to clear the conversation.Production data
Tap snapshots
A data tap extracts production records into a local file on your laptop. The file is not encrypted at rest beyond your filesystem’s normal protections. For regulated data (PII, PCI, PHI):- Drop taps when you’re done.
- Use full-disk encryption (FileVault, BitLocker, LUKS).
- Don’t sync the tap file to cloud storage.
- Treat exported reports as having the same sensitivity.
Reads
Reading a member or copybook does not persist a copy. The content lives in the agent’s chat context for that turn only. Logs may record the dataset name but not its content.Logs
Hopper writes logs to your user data folder. They contain:- Application events (startup, connection state, agent turn boundaries)
- Errors and stack traces
- Chat transcripts: your prompts, the agent’s responses, and tool calls. Tool inputs are truncated to 500 characters and tool results are capped at 30 lines, so full file content doesn’t land in logs — but dataset names, job IDs, and prompt summaries do.
- Credentials
- Hidden-field content
- Full datasets or file content
~/Library/Application Support/Hopper/logs/ (macOS), %APPDATA%\Hopper\logs\ (Windows), or ~/.config/Hopper/logs/ (Linux). If you send logs to debug an issue, review them first — chat transcripts can include prompts and dataset names you’d rather not share.
Network
Hopper makes outbound connections to:| Destination | Why |
|---|---|
| Your mainframe (FTP + TN3270) | The actual work |
api.anthropic.com | Agent API calls (only when a key is configured) |
| Update server | Update checks (release manifest only) |
Telemetry
Hopper does not ship telemetry. Nothing about your usage, prompts, or mainframe activity is sent to Hypercubic.Compliance
Hopper is not currently SOC 2, ISO 27001, or HIPAA certified. Hopper does not transmit your data to our servers, so the audit surface for Hopper itself is small. The relevant audit usually concerns your laptop, your network, and Anthropic’s API endpoint. For specific compliance questions, email team@hypercubic.ai.Reporting a security issue
Email team@hypercubic.ai. We respond within two business days. We especially want to hear about:- Anything that exposes credentials beyond the OS keychain.
- Anything that bypasses the approval gate for mutating actions.
- Network behavior beyond what this page describes.
Where to read next
The AI agent
What the agent does and doesn’t see.
Tools
The approval flow that gates every mutating action.