(works with any AI you use) Like many of you I wanted my Garmin recovery data (sleep, HRV, resting HR, body battery) going into my AI coach — it's the data Strava can't give you, and for me it changed the conversation from "how far did you run" to "why was your Wednesday night 4.5 hours of sleep." Before running the setup from the classroom guide, I did what the guide itself kind of teaches us: I asked my AI to review it first — and then to red-team the result. A proper adversarial security review. It found real things worth fixing before I'd type my Garmin password anywhere. So we rebuilt it, audited it, and I'm sharing the result so you don't have to choose between your data and your peace of mind. Same idea, same open-source library (python-garminconnect), one script — but hardened: - Read-only, and provably local. The only network connection is to Garmin. No upload endpoints, no analytics. The script is ~350 lines — you (or your AI) can read every one. - Your password is typed once, hidden, never stored — not in files, not in environment variables, not in your shell history. The script even refuses to run in terminals that can't hide your password. - Your login token never gets printed and is saved with locked-down permissions. (A printed token = a year of account access sitting in your terminal scrollback.) - Dependencies pinned to exact versions, so a compromised future release of some library can't silently install itself on your machine. - Smarter failure behavior: if the network is down, it tells you it's the network — so you never get trained into re-typing your password "just in case." That habit is exactly what phishing lives on. What you get: a garmin/ folder of clean markdown notes — one wellness note per day, one per workout, plus a data.json. Point your AI coach at it and every morning it knows how you slept before it tells you what to do. Setup: unzip, follow the README. Five minutes, Windows and Mac covered, including how to schedule it to run automatically every morning (with catch-up for days your machine was off). The only thing you ever type is your Garmin login, once.