Security model
RepoWise is designed so the AI-tool integration surface stays inside your machine and your graph data stays in your cloud account.
MCP trust model
The MCP server the listener embeds is bound to loopback only —
hard-coded 127.0.0.1. Nothing remote can connect.
- Port is ephemeral, picked at listener start and published in
~/.repowise/listener.endpointso configured AI tools can find it. - No inbound firewall rule is required; loopback is always permitted.
- No auth token — the local socket is the auth. If an attacker can
read your loopback, they can also read
~/.repowisedirectly. - Every MCP tool response passes through the
sanitizeNodeLabelspath to redact accidentally-captured secrets (Anthropic / OpenAI / GitHub / AWS keys + high-entropy tokens).
Content safety (§15.9 summary)
Data we never capture or upload:
- Full file bodies (extraction only needs symbol shapes + doc comments)
- Raw
.envvalues — we record variable names, never their values - TODO comment bodies that contain a detected secret pattern (the whole marker is dropped rather than redacted, because a redaction placeholder is confusing)
- Git blame content when
gitMetadataMode: disabled - MCP response bodies (the local log records argument + envelope only; see MCP logging)
Data we do collect (all in-scope for the graph ship to S3):
- Symbol names, signatures, source locations
- File paths + line counts
- Short doc-comment summaries (first paragraph, scrubbed)
- Type aliases, extends / implements / call / references edges
- Optional author identifiers under
gitMetadataMode: full | hashed
Enterprise privacy options
| Control | Where | Default (Enterprise) | Default (Pro) |
|---|---|---|---|
gitMetadataMode | Ops → Privacy Shield | hashed | full |
sensitivity patterns | Ops → Sensitivity | Seeded defaults | Seeded defaults |
| MCP local logging | repowise mcp-log on/off | off | off |
| Context upload | Always opt-in | off | off |
Salt destruction path: each tenant has a 32-byte HMAC salt stored in
AWS Secrets Manager. disabled mode short-circuits collection; a
full erasure request destroys the salt (crypto-shred via Secrets Manager
delete-secret --force-delete-without-recovery), which makes every
hashed-mode identity unrecoverable across every past scan.
Reporting a vulnerability
Email security@repowise.ai. We acknowledge within 1 business day and keep you updated on remediation timing.