Securely Indexing Large Codebases
Source: https://cursor.com/blog/secure-codebase-indexing Author: Jeremy Stribling Date: 2026-01-28
Summary
Cursor’s engineering post on how they handle codebase indexing for semantic search while maintaining security and privacy. The core tension: agents need to understand codebases, but codebases contain sensitive business logic.
Key Claims
- Cursor’s approach: index code embeddings client-side, send only embeddings (not raw code) to their servers for retrieval.
- Privacy model: the raw code never leaves the user’s machine; only vector representations are transmitted.
- Teammate sharing: cursor allows sharing embeddings within a team so semantic search benefits from teammates’ context.
- The embedding privacy question: embeddings are not perfectly opaque — some information can be recovered. Cursor acknowledges this limitation.
- Performance: semantic search across large codebases (millions of lines) returns results in <100ms using approximate nearest-neighbor search.
Entities
- Cursor — AI code editor
Concepts
- Coding Agents — codebase indexing is the core context problem for coding agents
- Context Engineering — retrieval from indexed codebase as context injection