Enterprise & Teams

QCoder Enterprise provides security and compliance features required by large organizations:

Authentication & Access: - SSO/SAML -- Integrate with your identity provider (Okta, Azure AD, OneLogin, etc.) for single sign-on. - SCIM Provisioning -- Automatically sync user accounts and groups from your identity provider. - Role-Based Access Control -- Define who can access which features and settings.

Audit & Compliance: - Audit Logging -- Every action (file access, tool execution, API call) is logged with timestamps, user identity, and details. - Custom Policies -- Define organizational policies that restrict certain operations (e.g., no executing shell commands, no writing to certain directories). - Data Retention -- Configure how long conversation history and logs are retained.

QCoder can be deployed entirely on your own infrastructure:

• On-premises server -- Run the QCoder backend on your own servers. No data leaves your network.
• Private cloud -- Deploy to AWS, Azure, GCP, or any Kubernetes cluster.
• Custom AI endpoints -- Point QCoder at your own model hosting (vLLM, TGI, Ollama, etc.) instead of cloud APIs.

The self-hosted deployment includes: - Admin dashboard for user management - Centralized configuration management - License server for seat management - Update server for controlled rollouts

For classified or highly regulated environments, QCoder supports fully air-gapped deployment with no internet connectivity required.

Key features: - Ed25519 cryptographic validation -- All updates and plugins are verified using Ed25519 digital signatures, ensuring authenticity without network access. - Offline license activation -- Activate licenses using an offline challenge/response flow. No phone-home required. - Bundled models -- Ship QCoder with pre-loaded local models (via Ollama or LM Studio) for AI functionality without cloud APIs. - Offline plugin installation -- Install plugins from local packages instead of the marketplace.

Air-gapped deployments are validated for IL5/IL6 environments.

QCoder's Docker sandbox mode provides an additional security layer for command execution:

• When enabled, all execute_command tool calls run inside an isolated Docker container.
• The container has limited filesystem access (only the workspace directory is mounted).
• Network access can be restricted or fully disabled.
• If Docker is unavailable, QCoder falls back to direct terminal execution (configurable).

Enable sandbox mode in Settings > Security or by setting qcoder.sandbox.enabled to true.

This is especially useful in enterprise environments where untrusted AI-generated commands should not have direct access to the host system.