Security & Trust
Your code stays yours. CodeRifts is designed with minimal access and zero data retention.
What CodeRifts accesses
Only schema files
Reads OpenAPI spec files (YAML/JSON) only. Nothing else in your repo.
Never source code
CodeRifts has no access to your application code, tests, or configuration.
Never credentials
No access to secrets, environment variables, or authentication tokens.
How processing works
In-memory only
Schemas are processed entirely in memory. Never written to disk.
Stateless
Nothing persists after analysis. Each PR is processed independently.
No storage
Your API schemas are never stored, cached, or logged.
GitHub App Permissions
CodeRifts requests the minimum permissions needed to function. Here's exactly what each permission is used for:
| Permission | Level | Why |
|---|---|---|
| Pull Requests | Write | To post analysis comments on pull requests |
| Contents | Read | To read OpenAPI spec files from the repository |
| Metadata | Read | Required by GitHub for all apps |
| Checks | Write | To create check runs with analysis status |
Data handling
No telemetry
We don't collect usage analytics on your API schemas or repository content.
No schema analytics
We don't analyze, aggregate, or learn from your API schemas.
No third-party sharing
Your data is never shared with third parties, advertisers, or AI training pipelines.
Infrastructure
Hosted on Railway
Application runs on Railway's managed infrastructure with EU/US regions.
HTTPS everywhere
All communication is encrypted in transit. No exceptions.
Hashed API keys
API keys are stored as SHA-256 hashes with per-key salts. Plaintext keys are never stored.
Rate limiting
Built-in rate limiting protects against abuse and ensures fair usage.
Install with confidence.
Minimal permissions. Zero data retention. Read-only access to schema files only.
Install on GitHub →