Storing a record of your agent sessions solves the biggest friction point for developers: limited context. On the surface, this may look like a dormant log, but Entire transforms those records into procedural memory. By default, the Entire CLI stores your agent history right alongside your code. More specifically, it stores your checkpoints, snapshots of your prompts, agent transcripts, and the state of your work at each step, on a dedicated branch in the same repository called entire/checkpoints/v1.
But as valuable as that memory is, it raises a valid question: What if I don’t want anyone else to see the conversations I have with my agent?
We’ve heard a few consistent reasons why developers want to keep their agent history private:
- The conversations are, frankly, a little embarrassing. (I’ve yelled at my agents before. I am not proud of it, but when tokens are few, so is my patience).
- It can start to feel like surveillance from their employer.
- It's a privacy concern. Those conversations might include context their company doesn't want to share publicly or with external collaborators.
- They want to keep your main repo lean and focused on source code.
If any of those reasons resonate, you have two main paths to a more private workflow.
Push checkpoints to a separate private repo
This is the sweet spot if you’re working on a public or shared project but still want a history that you (and maybe your trusted teammates) can access.
1. Create a private repo for your checkpoints
On GitHub, create an empty private repo with any name you want. In this example, we’ll use myorg/checkpoints-private. This is where all your agent sessions will live. You don't need to add a README or initialize it. Entire will push the first checkpoint branch on its own.
2. Point Entire at the new repo.
From inside your project, run:
entire configure --checkpoint-remote github:myorg/checkpoints-private
The format is provider:owner/repo. Today, github is the supported provider. This writes the setting to .entire/settings.json under strategy_options.checkpoint_remote:
{
"strategy_options": {
"checkpoint_remote": {
"provider": "github",
"repo": "myorg/checkpoints-private"
}
}
}
Now, your code will be stored in your main repo, and your agent sessions will go to your new private repo. You can read more about this in the Checkpoint Remote docs.
Keep your agent sessions local
If you want the highest level of privacy, you can keep your agent sessions local and opt out of pushing them to remote using the following command:
entire configure --skip-push-sessions
This modifies .entire/settings.json with the following values:
{
"strategy_options": {
"push_sessions": false
}
}
This setting still allows you to store your sessions locally. For example, you can still rewind, look back at what happened, and use all the local features. However, because the checkpoints never get pushed to GitHub or any remote provider, you cannot retrieve them if you switch devices. Also, your teammates won’t have access to your checkpoints.
What if I accidentally paste a secret?
We know that mistakes happen, so we have guardrails in place. Whether you store your history alongside your code, in a private repo, or on your local machine, Entire runs every session through a redaction pipeline before it hits git.
We use Betterleaks to automatically scrub:
- Cloud credentials (AWS, GCP, Azure)
- Source control tokens (GitHub, GitLab, Bitbucket)
- Service keys (Stripe, Slack, Discord, Twilio)
- Private keys (RSA, SSH, PGP)
- Database connection strings with embedded passwords
- Bearer tokens, JWTs, and high-entropy strings that look secret-shaped even if they don't match a known pattern
TLDR; Which one should you pick?
| The Goal | The Command | Where data lives |
|---|---|---|
| Full Visibility | Default | Same repo as your code |
| Private Collaboration | --checkpoint-remote |
A separate private repo |
| Total Isolation | --skip-push-sessions |
Your local machine only |
Note: Redaction runs across all three. Whether your checkpoints live in your code repo, a private repo, or only on your laptop, secrets get scrubbed before they're written.
Conclusion
We recognize that your agent workflow is going to look different based on who you are, the codebase you're in, and your team's unique security needs. Entire is built to adapt to those needs.
Ready to dive deeper into configuring your setup? Check out our configuration documentation and Security & Privacy docs.
In the comments section, let me know: Do you even care if people see your agent history, or would you rather keep those transcripts private?
Top comments (0)