Security · Project Spine

CLI

No implicit network calls.spine compile, spine drift check, and spine export run entirely offline. Workspace commands (login, publish, drift check --push) are the only surfaces that touch the network, and only after you explicitly opt in.
Bearer tokens at rest.CLI bearer tokens live in ~/.project-spine/config.json with 0600 permissions. On the server side only a sha256 hash is stored; plaintext tokens never hit the database.
Opt-in LLM enrichment.Rationale enrichment via Anthropic's API is opt-in per command and requires an explicit key in env. Prompts run through a secrets scrubber (PATs, API keys, PEM blocks) before leaving your machine.

Auth.GitHub OAuth device flow for CLI; web OAuth for the workspace UI. The two share a single unified callback with cookie-bound state to prevent cross-device session fixation.
Rate limits on every auth endpoint.Per-IP and per-device-code fixed-window limits backed by Postgres. Atomic UPSERT prevents thundering-herd bypass. Fails open if the DB is unavailable so auth never becomes unreachable because of a limiter bug.
CSP with per-request nonce.script-src 'self' 'nonce-<fresh>' 'strict-dynamic', with no 'unsafe-inline' on scripts. Middleware mints a fresh nonce per request; every route renders dynamically so Next stamps it onto its inline RSC payload scripts.
Transport.HTTPS only. .dev is HSTS-preloaded at the TLD; we additionally send Strict-Transport-Security: max-age=63072000; includeSubDomains; preload.
Plus X-Frame-Options: DENY, X-Content-Type-Options: nosniff, Referrer-Policy: strict-origin-when-cross-origin, Permissions-Policy locking out geolocation / microphone / camera.
Authorization.Every workspace API route requires a valid bearer AND membership. Non-members get 404, not 403, so workspace existence isn't leaked.
XSS on public rationale URLs.Markdown is rendered via marked and then passed through sanitize-html with an allowlist. Scripts, iframes, inline styles, and javascript: schemes are stripped. Rationales set noindex, nofollow.

Your repo source.The CLI runs offline for compile and drift. Workspace commands upload only what you explicitly push: templates, rationales, drift summaries. Never the full repo.
Analytics or third-party trackers.Zero. Check the site's Content-Security-Policy header in devtools. connect-src allows 'self', api.github.com, and registry.npmjs.org. Nothing else.
Request bodies in logs.Vercel logs access lines (IP, path, status, timestamp) only, retained per Vercel's policy. Tokens never appear in logs; API routes don't print auth headers.

Email security@projectspine.dev or use GitHub private vulnerability reporting on the repo. Acknowledgement within 72 hours, initial assessment within 7 days, coordinated disclosure on a timeline agreed with you.