TasteKernel

Docs article

Privacy

Understand what is stored, what is not, and the local-first data handling model.

Privacy#

TasteKernel is local-first by default. Source analysis happens in your repo; cloud storage is scoped to project metadata, contracts, and run diagnostics.

Data stored in cloud#

Per project:

  • Project metadata (name, slug, owner linkage)
  • Contract versions and active contract pointer
  • API key records (hashed; plain key shown only at creation)
  • Run metadata (commitSha, branch, prNumber, status, CI provider, timestamps)
  • Findings (ruleId, severity, file path, position, message, waiver metadata)

Optional by project setting:

  • Compact finding snippets (snippetStorageOptIn)

Data not stored by default#

  • Full repository contents
  • Full source file uploads
  • Design files
  • Screenshots or visual captures
  • Secret values from your environment

Authentication and authorization#

  • Dashboard access requires GitHub OAuth via Auth.js.
  • Project-scoped CI ingestion uses API keys.
  • API keys are verified against stored hashes.
  • Revoked keys are rejected.

API key handling#

  • Generated server-side
  • Returned once in plaintext at creation time
  • Persisted as hash with prefix for operator display
  • Revocation marks revokedAt and disables future access

Ingestion posture#

  • Ingestion endpoints accept findings and run metadata.
  • Invalid or missing keys return 401.
  • Basic rate limiting is applied to ingestion routes.
  • Ingestion payloads are schema-validated and normalized by route logic.

Contract and run history#

  • Contract versions are immutable records tied to project/version.
  • Active contract publish updates project active pointer.
  • Run history is append-only from ingestion events.
  • Waiver flags and reasons are persisted in finding records.

Operator controls#

In project settings you can:

  • Set default severity threshold
  • Enable/disable compact snippet storage
  • Create and revoke API keys

Verification checklist#

  • Confirm no source code upload is required for normal lint usage.
  • Confirm ingestion payload excludes full file contents.
  • Confirm DB rows contain metadata and diagnostics, not repository blobs.
  • Confirm revoked API key cannot ingest new runs.

Incident response notes#

  • If key exposure is suspected: revoke key immediately and issue a new key.
  • If unexpected payloads appear: inspect ingestion logs and rotate affected keys.
  • If auth behavior regresses: run protected-route curl matrix and security scan before re-release.