Skip to content
Gittensory
Operating

Privacy & security

Privacy is the product. These are hard rules, not best-effort goals.

Hard rules

  • No source upload by default. MCP sends metadata only.
  • No PAT storage. Auth uses GitHub Device Flow.
  • No wallet or hotkey display.
  • No raw trust-score display.
  • No payout/reward guarantees, anywhere.
  • No farming language.
  • No public score estimates.
  • No private reviewability details in public GitHub output.

Open algorithm, private tuning

Gittensory's review engine is built so the logic is public but the dial settings are not. The deterministic gate, the scoring signals, the slop detector, the grounding/RAG context builders, and the comment renderer all live in the open source tree — anyone can read exactly how a verdict is reached. What stays private is the production tuning: the thresholds, guardrail paths, and gate modes an operator runs in production. That separation is what keeps a review from being gameable off the public code.

Tuning lives in two private, repo-scoped places that sit on top of the open algorithm, and neither reveals review direction:

  • Per-repo settings — gate modes, score thresholds, and guardrails, stored in the operator's database (set through the dashboard/API) or declared as config-as-code in a repo's .gittensory.yml. Choosing gate.slop.minScore or marking a path under blockedPaths tightens the gate without telling a contributor how to pass it.
  • Operator feature flags — the GITTENSORY_REVIEW_* family of worker environment variables. These switch whole capabilities (safety scanning, CI and full-file grounding, RAG context, reputation-based spend control, the unified comment) on or off for a deployment.

Every feature flag ships OFF, and a per-PR capability runs only when its own flag is on and the repo is in the GITTENSORY_REVIEW_REPOS allowlist — so capabilities stay dormant until an operator explicitly converges a repo, one flag and one repo at a time.

# Per-PR features run only when the flag is ON and the repo is allowlisted.
GITTENSORY_REVIEW_REPOS="JSONbored/gittensory"   # per-repo cutover allowlist (default: none)
GITTENSORY_REVIEW_SAFETY="true"                  # prompt-injection defang + secret-leak scan
GITTENSORY_REVIEW_GROUNDING="true"               # CI status + full changed-file content
GITTENSORY_REVIEW_RAG="true"                     # codebase vector-index context (needs index)
GITTENSORY_REVIEW_REPUTATION="true"              # submitter-reputation spend control (never shown)
GITTENSORY_REVIEW_UNIFIED_COMMENT="true"         # one in-place unified PR comment

The internal-only controls never surface publicly. Submitter reputation, for example, can downgrade a burst or low-reputation submitter to a deterministic-only review — but no comment, label, or check ever shows a reputation value. Reputation thresholds are generic anti-abuse defaults that reveal no review direction and are not per-repo tunable.

Reading the open source tells you how a verdict is computed, never what an operator's production gate will decide. The deciding inputs — thresholds, guardrail globs, and which GITTENSORY_REVIEW_* capabilities are live — are private runtime settings, so reviews cannot be reverse-engineered or gamed from the public code.

Public output rules

  • At most one sticky sanitized comment per confirmed-miner PR.
  • At most one configured label per confirmed-miner PR.
  • Public comments are maintainer-friendly and non-shaming.

Auth

  • Public endpoint: GET /health.
  • Private API uses Bearer / session tokens.
  • MCP CLI uses GitHub OAuth Device Flow.
  • Static bearer tokens remain internal / bootstrap only.
Website copy may discuss private scoreability and risk reasoning, but it's always framed as private MCP/API context. The public web never carries score numbers.
← PreviousTuning your reviewsNext →Troubleshooting