Why client-side tools are the future (and how to verify ours)
Most "AI tools" upload your code to a server. We don't. Here's why client-side architecture matters for developer trust — and how you can verify our claims with your browser's DevTools.
Mehar Ali
Creator of Repo2Txt
Every week, a new "AI coding assistant" launches with a slick landing page and a promise to "supercharge your workflow." What they don't tell you is that most of them upload your source code to their servers to process it.
That's a problem. Your source code is your intellectual property. It contains business logic, proprietary algorithms, API keys (if you're not careful), and competitive secrets. Uploading it to a third-party server — even one that promises not to look at it — is a risk.
The client-side alternative
Repo2Txt takes a different approach: everything runs in your browser. The server only serves static HTML, CSS, and JavaScript files. Once the page loads, your code never touches a network request.
This isn't just a privacy feature — it's a fundamentally different architecture. It means:
- No latency from uploading files to a server.
- No server costs to pass on to users (the tool is free forever).
- No data breaches — there's nothing to breach.
- No compliance overhead — GDPR, CCPA, HIPAA don't apply because we don't hold any data.
- Works offline — once loaded, the tool needs no internet connection.
Don't take our word for it — verify it
"Client-side" is an easy claim to make and a hard one to fake. Here's how to verify Repo2Txt's claims yourself:
Step 1: Open DevTools
Press F12 (or Cmd+Option+I on Mac) to open your browser's Developer Tools.
Step 2: Go to the Network tab
Click the "Network" tab. This shows every network request your browser makes.
Step 3: Pick a folder
Now use Repo2Txt to pick a folder with some files in it. Watch the Network tab as the conversion runs.
You'll see:
- Zero POST requests with file contents.
- Zero requests to any API endpoint.
- Zero connections to any analytics or tracking service.
The only network activity is the initial page load (HTML, CSS, JS, fonts) — and once that's done, the tab goes silent.
What about the AI model calls?
Repo2Txt doesn't call AI models directly. It generates a text file that you copy and paste into Claude, Gemini, or ChatGPT yourself. The model call happens on their servers, under their privacy policy — which you should read.
This separation is intentional. We don't want to be a middleman between you and your AI provider. We just want to give you a clean, well-formatted input.
The Content Security Policy
Beyond architecture, we enforce a strict Content Security Policy that your browser enforces. Even if someone managed to inject malicious JavaScript into our page, the CSP would block it from:
- Sending data to any domain other than
repo2txt.app. - Being embedded in an iframe (clickjacking protection).
- Loading plugins like Flash or Java.
You can verify the CSP by checking the response headers in DevTools → Network → click the main document request → Headers tab.
Conclusion
Client-side tools aren't always possible — some tasks genuinely require server-side processing. But when they are possible, they offer a level of privacy, speed, and trust that server-side tools can't match.
Repo2Txt is our small contribution to a future where developers don't have to choose between powerful tools and privacy. Try it, verify it, and if you like the approach, tell your friends.
Ready to try it?
Convert your repo into LLM-ready text in under 5 seconds. No signup, no upload, no limits.
Try Repo2Txt free