Evaluation record ยท cline

Cline

v3.x (CLI v3.0.39, 2026-07-09)

Cline Bot Inc.

Agentcoding-agentopen-sourcebyokide-extension
78
Strong
About This Agent

The most-adopted open-source coding agent (5M+ installs by Feb 2026), formerly 'Claude Dev'. Apache-2.0, runs in VS Code, JetBrains, terminal CLI, and via an SDK. Client-side BYOK architecture keeps code local while routing to any model provider; Plan/Act modes with human approval gate edits and commands. Security researchers demonstrated prompt-injection paths that bypassed command approval (mitigated in v3.35.0), and Anthropic's 2026 OAuth crackdown cut off Claude subscription use.

Last Evaluated: July 9, 2026
Official Website

Trust Vector Analysis

Dimension Breakdown

๐Ÿš€Performance & Reliability
+
task completion accuracy

Adoption-signal and hands-on assessment of multi-file coding task completion; accuracy tracks the BYOK model chosen

Evidence
Cline GitHub repository โ€” Edits code across projects, runs commands, and uses a browser; 5M+ installs and 64.5K stars indicate sustained real-world task success across model backends
mediumVerified: 2026-07-09
tool use reliability

Tool invocation testing across editors, terminal execution, and MCP integrations

Evidence
Cline GitHub repository โ€” Mature file-edit, terminal, and browser tools plus MCP server integration and an MCP marketplace; supports Anthropic, OpenAI, Gemini, OpenRouter (200+ models), Bedrock, Vertex, Ollama, and LM Studio
highVerified: 2026-07-09
multi step planning

Evaluation of Plan/Act workflow on long-horizon multi-file changes

Evidence
Cline documentation โ€” Signature Plan/Act mode separates strategy from execution: the agent drafts and discusses a plan in read-only mode before switching to approved execution
highVerified: 2026-07-09
memory persistence

Review of rules files, checkpoints, and task-history persistence

Evidence
Cline documentation โ€” .clinerules project files, workspace checkpoints, and the community memory-bank pattern provide cross-session context; no managed memory service
mediumVerified: 2026-07-09
error recovery

Observed recovery from failing builds and tests plus checkpoint restore testing

Evidence
Cline documentation โ€” Monitors terminal output and linter/compiler errors to self-correct; checkpoints let users roll back the workspace to any step
mediumVerified: 2026-07-09
agent collaboration

Review of multi-agent orchestration features and headless automation support

Evidence
Cline GitHub repository โ€” Multi-agent team coordination, scheduled agents, and a headless CLI/SDK for CI pipelines shipped across the 3.x line
mediumVerified: 2026-07-09
๐Ÿ›ก๏ธSecurity
+
tool sandboxing

Execution isolation review; approval gates substitute for sandboxing, and auto-approve weakens them

Evidence
Cline documentation โ€” No OS-level sandbox: commands run in the user's real shell and edits hit the real workspace; safety relies on per-action human approval and configurable auto-approve settings
mediumVerified: 2026-07-09
access control

Assessment of the approval model, auto-approve granularity, and enterprise policy features

Evidence
Cline documentation โ€” Human-in-the-loop approval for every file edit and terminal command by default, with granular auto-approve controls, .clinerules policies, and enterprise controls on team plans
highVerified: 2026-07-09
prompt injection defense

Review of published injection research (approval bypass, TOCTOU payload assembly, supply-chain triager attack) and vendor mitigations

Evidence
Mindgard - Cline coding agent vulnerabilities โ€” Researchers embedded instructions in Python docstrings, Markdown, and .clinerules to override the requires_approval flag, achieving code execution and data exfiltration from a cloned repo; mitigations including injection detection shipped in v3.35.0
Adnan Khan - Clinejection โ€” Prompt injection against Cline's own AI issue-triage workflow could compromise its production release pipeline, demonstrating second-order supply-chain risk
highVerified: 2026-07-09
data isolation

Data-flow review of the BYOK client-side design and optional Cline-provided inference

Evidence
Cline security documentation โ€” Client-side architecture: code goes directly from the user's machine to the chosen model provider; Cline's servers do not store or proxy source code in BYOK mode
mediumVerified: 2026-07-09
open source transparency

License and source availability review

Evidence
Cline GitHub repository โ€” Apache-2.0, fully open extension/CLI/SDK codebase with public issues and rapid security patching (e.g., v3.35.0 injection mitigations)
highVerified: 2026-07-09
๐Ÿ”’Privacy & Compliance
+
data retention

Privacy architecture review of client-side BYOK data flows

Evidence
Cline website โ€” Zero code retention by design in BYOK mode: prompts and code flow only to the user's own model provider; telemetry is opt-out
highVerified: 2026-07-09
gdpr compliance

Compliance review across BYOK and team-plan configurations

Evidence
Cline website โ€” Compliance posture largely inherits from the chosen model provider; team/enterprise plans add organizational controls, but Cline Bot Inc. itself publishes a lighter compliance program than enterprise vendors
mediumVerified: 2026-07-09
third party data sharing

Data-flow analysis across configured providers and user-installed MCP servers

Evidence
Cline documentation โ€” Code is shared only with the user-selected provider (Anthropic, OpenAI, OpenRouter, local Ollama, etc.); MCP servers the user installs may add further flows
mediumVerified: 2026-07-09
local deployment option

Deployment options assessment including local-model configurations

Evidence
Cline GitHub repository โ€” Supports fully local inference via Ollama and LM Studio and any OpenAI-compatible endpoint, enabling on-prem operation
highVerified: 2026-07-09
๐Ÿ‘๏ธTrust & Transparency
+
documentation quality

Documentation completeness and accuracy review

Evidence
Cline documentation โ€” Thorough docs for providers, MCP, rules, auto-approve, CLI/SDK, and enterprise deployment
highVerified: 2026-07-09
execution traceability

Review of diff previews, task transcripts, and checkpoint history

Evidence
Cline documentation โ€” Every proposed edit is shown as a diff and every command surfaced before execution; task history and checkpoints record the full session
highVerified: 2026-07-09
decision explainability

Assessment of plan previews and pre-execution reasoning visibility

Evidence
Cline documentation โ€” Plan mode externalizes the agent's strategy for discussion before any change; per-action approval keeps intent visible throughout
mediumVerified: 2026-07-09
open source code

Open source assessment of license and codebase completeness

Evidence
Cline GitHub repository โ€” Apache-2.0 with the full extension, CLI, and SDK source public; large fork ecosystem (Roo Code, Kilo Code) built on it
highVerified: 2026-07-09
community activity

Community engagement analysis via installs, stars, release cadence, and ecosystem forks

Evidence
Cline GitHub repository โ€” 64.5K stars, 6.9K forks, near-daily releases (CLI v3.0.39 on 2026-07-09), active Discord, and 5M+ installs across VS Code, JetBrains, and CLI
JetBrains Marketplace - Cline plugin โ€” Native JetBrains plugin extends the ecosystem beyond VS Code
highVerified: 2026-07-09
โš™๏ธOperational Excellence
+
ease of integration

Setup time and integration surface assessment across IDEs, CLI, and SDK

Evidence
Cline GitHub repository โ€” One-click marketplace installs for VS Code and JetBrains, npm-installed CLI and SDK; works immediately with any pasted API key
highVerified: 2026-07-09
scalability

Assessment of headless/CI usage and multi-instance operation

Evidence
Cline GitHub repository โ€” Headless CLI, SDK, and scheduled agents support CI/CD-scale automation; throughput is bounded by the user's provider rate limits
mediumVerified: 2026-07-09
cost predictability

Pricing analysis of BYOK token costs and the impact of the consumer-OAuth policy change

Evidence
Cline website โ€” Free extension with pay-as-you-go BYOK tokens; heavy full-context usage is a known cost complaint, and Anthropic's OAuth ban removed the cheaper Claude-subscription path in early 2026
The Register - Anthropic clarifies third-party access ban โ€” Anthropic's February 2026 ToS update barred Claude Pro/Max OAuth tokens from third-party tools including Cline; API keys remain the supported route
highVerified: 2026-07-09
monitoring capabilities

Monitoring features assessment for individual and team usage

Evidence
Cline documentation โ€” Per-task token and cost tracking in the UI; team plans add centralized usage visibility, but deep audit/telemetry pipelines require external tooling
mediumVerified: 2026-07-09
production readiness

Maturity assessment from adoption scale, release stability, and security response history

Evidence
Cline GitHub repository โ€” Mature 3.x line with 5M+ installs (reported Feb 2026), rapid patching of disclosed vulnerabilities, and a stable Plan/Act core that large fork ecosystems depend on
highVerified: 2026-07-09
Strengths
  • +Most-adopted open-source coding agent: 5M+ installs (Feb 2026), 64.5K GitHub stars
  • +Client-side BYOK: code never touches Cline servers in default configuration
  • +Plan/Act separation with diff previews and per-command approval
  • +Very broad provider support: Anthropic, OpenAI, Gemini, OpenRouter (200+ models), Bedrock, Vertex, Ollama, LM Studio
  • +Apache-2.0 across extension, CLI, and SDK; spawned a large fork ecosystem
  • +MCP marketplace and .clinerules for extensibility and team policy
Limitations
  • !No sandbox: approval prompts are the only barrier between the model and the real shell/workspace
  • !Demonstrated prompt-injection attacks bypassed command approval via .clinerules/docstrings before v3.35.0 mitigations; auto-approve settings re-open that risk
  • !Anthropic ToS change (Jan-Apr 2026) blocked Claude Pro/Max OAuth use, forcing API-key costs on Claude users
  • !Full-context prompting makes token costs high on large tasks
  • !Compliance program is lighter than enterprise vendors; largely inherited from the chosen provider
  • !User-installed MCP servers are an unvetted supply-chain surface
Metadata
license: Apache-2.0
repository: https://github.com/cline/cline
package name: cline (npm CLI); saoudrizwan.claude-dev (VS Code)
supported models
0: Anthropic Claude (API key)
1: OpenAI GPT models
2: Google Gemini
3: OpenRouter (200+ models)
4: AWS Bedrock / Azure / GCP Vertex
5: Local via Ollama and LM Studio
deployment type: Client-side IDE extension (VS Code, JetBrains), terminal CLI, and SDK; BYOK
architecture: Client-side agent with Plan/Act modes, human-in-the-loop approvals, checkpoints, and MCP integration
first release: July 2024 (as Claude Dev); renamed Cline early 2025
adoption: 5M+ installs across VS Code, JetBrains, and CLI (reported February 2026)
pricing: Free extension + BYOK provider costs; paid team/enterprise plans with centralized billing and controls
github stars: 64500+

Use Case Ratings

code generation

Flagship use case: Plan/Act workflow with diff-gated edits across VS Code, JetBrains, and CLI

data analysis

Handles scripted analysis and notebooks through terminal and file tools

research assistant

Codebase exploration and web research via browser tool and MCP servers

content creation

Fine for technical docs; not built for general content work