Enterprise

Autonomous fixes for serious codebases.

Run Codna entirely inside your own infrastructure. Self-hosted or air-gapped, bring your own model key, and every fix verified by your own test suite before it opens a PR. Zero code leaves your network.

Enterprise

Private deployment

Managed, VPC, on-prem, or fully air-gapped. Bring your own model key — Codna calls your provider directly, so code and credentials stay in your network.

Identity

SSO, roles, seats, workspaces, and organization-level policies.

Audit

Every repo map, agent run, PR, and model call is logged — so security can see exactly who triggered a fix and what the agent touched.

Success

A named contact for deployment, rollout planning, and incremental adoption across CLI, MCP, and the GitHub App.

Deployment options

Choose how much stays inside your network.

Codna is a self-hosted AI coding assistant that runs wherever your code lives. Every tier is bring-your-own-key, so the agent calls your model provider directly and your code and credentials stay under your control. Pick the point on the privacy-versus-convenience curve that fits your risk model.

Managed cloud

Fastest to start. Codna runs in our cloud and calls your model provider with your own key. It never trains on your code, prompts, patches, or repo maps. Best when you want autonomous fixes without standing up infrastructure.

Private VPC

Codna runs inside your own VPC, so repo maps and fix context stay in your cloud account. You keep data residency and network controls while we operate the software.

Self-hosted

Run the full stack on your own infrastructure, on-premise or in your VPC. Your team owns the hosts, the keys, and the egress rules. Nothing routes through us.

Fully air-gapped

On-premise, air-gapped AI coding with no internet dependency. Codna maps repos and verifies fixes entirely inside an isolated network, with fail-closed egress that blocks any outbound connection you have not explicitly allowed.

AI code governance

Adopt autonomous fixes in stages.

You do not have to hand the agent the keys on day one. Codna is built for staged, policy-driven adoption, so security and engineering can widen the blast radius only as trust is earned. Every fix is verified by your own test suite before a pull request is opened.

1

Read-only triage

Start with the agent in observe mode. Codna maps your repos and surfaces what it would fix, with full audit logging on every repo map and model call. No code is changed.

2

Supervised fix PRs

Let the agent open pull requests, each backed by a small evidence bundle and a passing test. Your engineers review and merge, so a human stays in the loop on every change.

3

Automate low-risk classes with policy

Once a class of fix has a track record, set policy to let Codna handle it automatically within defined limits. Roles, workspaces, and audit trails keep the scope visible and reversible.

Control and compliance

The controls your security review will ask for.

Codna is not a certification, it is a set of technical controls. Self-hosting, audit logs, access control, no-training, and bring-your-own-key are built to support your existing SOC 2, ISO 27001, and GDPR program, not to replace it. Here is what is real today.

Data residency

Self-host in your VPC, on-premise, or fully air-gapped so code, dependency graphs, and fix context never leave your network. You decide where data lives and which egress is allowed, backed by fail-closed controls.

Audit trail

Every repo map, agent run, pull request, and model call is logged. Security can reconstruct exactly who triggered a fix and what the agent touched, with secret redaction applied to sensitive values.

Access control and SSO

SSO, roles, seats, workspaces, and organization-level policies. Per-tenant key isolation keeps each workspace's credentials separate from the next.

No training and BYOK

Does AI train on my code? Not here. Codna never trains on your code, prompts, patches, or repo maps. Bring your own key and Codna calls your provider directly, today on an Anthropic Claude key with more providers coming.

Roll out autonomous fixes without losing control.

Start with read-only triage. Add supervised fix PRs. Then automate low-risk classes with governance.

Plan rollout

Frequently asked

Yes. Codna is designed for self-hosting inside your own VPC or air-gapped environment. No code, no dependency graphs, and no fix context ever leave your network.

You bring your own key. Codna calls your chosen model provider directly, so credentials and generated output stay under your control.

Codna uses fail-closed egress controls. If an outbound connection is not explicitly permitted, it is blocked — not logged, blocked.

No. Codna does not use your code for training, full stop.

Codna supports SSO, audit logging, and governance controls so security and compliance teams can see exactly who triggered a fix and what the agent touched.

Codna ships as a CLI, an MCP server for Cursor and Claude, and a native GitHub App, so teams can adopt incrementally. Every fix is verified by your own test suite before a pull request is opened.

Bring the agent inside your network.