What AI Switcher reads and writes
AI Switcher reads and writes the same credential files and keyring entries that Claude Code, Codex CLI, and Gemini CLI already use. Adding a profile copies the credentials currently active for a tool into a named slot; switching a profile writes those credentials back to the location the tool expects. AI Switcher does not generate new credentials and does not modify how the underlying tool authenticates.
Where profiles are stored
Profile metadata lives under ~/.aisw/ (or the directory named by the AISW_HOME environment variable), separate from the credential material itself. Configuration files are written with owner-only 0600 permissions.
Operating-system keyrings
Where a coding agent stores credentials in a system keyring, AI Switcher uses the platform-native backend to read and write them: Keychain on macOS, Credential Manager on Windows, and Secret Service on Linux. Credentials never pass through a third-party service to reach the keyring.
Restricted local files
For tools that store credentials as files rather than in a keyring, AI Switcher writes those files with owner-only 0600 permissions, matching the restriction it applies to its own configuration and backup files.
OAuth behavior
Signing in through a provider uses that provider's own OAuth flow in the terminal or browser. AI Switcher captures the resulting credentials once the flow completes; it does not intercept, proxy, or modify the authentication exchange itself.
Transactional switching and rollback
Before applying a profile or context switch, AI Switcher snapshots the current state. If a switch fails partway through, it rolls back to the previous state rather than leaving credentials in a partially-applied condition.
Backups
Switch operations that modify credential files create a local restore point first. Backups are stored on disk with the same owner-only permissions as other AI Switcher data and are never uploaded anywhere.
What AI Switcher does not do
AI Switcher does not operate a cloud account or backend service, does not sync credentials between machines, does not collect telemetry, does not inspect prompts or model output, and does not proxy API or CLI traffic between a coding agent and its provider.
Desktop security boundary
AI Switcher Desktop is a local application built on Tauri. It reads and writes the same on-disk profile data and system keyrings as the CLI, communicates with its Rust backend over Tauri's local command layer, and makes no network calls beyond the OAuth flows the underlying coding agents already perform.
How to report a vulnerability
Do not open a public GitHub issue for a suspected vulnerability, for either the CLI or the desktop app. Contact the maintainer directly, either by opening a private security advisory on the aisw repository or through burakdede.com.
Source-code links
The aisw CLI is open source. Read the aisw CLI source on GitHub. AI Switcher Desktop shares the same profile format, security model, and maintainer; its repository is not yet public.