Skip to main content

Security model

RepoWise is designed so the AI-tool integration surface stays inside your machine and your graph data stays in your cloud account.

MCP trust model

The MCP server the listener embeds is bound to loopback only — hard-coded 127.0.0.1. Nothing remote can connect.

  • Port is ephemeral, picked at listener start and published in ~/.repowise/listener.endpoint so configured AI tools can find it.
  • No inbound firewall rule is required; loopback is always permitted.
  • No auth token — the local socket is the auth. If an attacker can read your loopback, they can also read ~/.repowise directly.
  • Every MCP tool response passes through the sanitizeNodeLabels path to redact accidentally-captured secrets (Anthropic / OpenAI / GitHub / AWS keys + high-entropy tokens).

Content safety (§15.9 summary)

Data we never capture or upload:

  • Full file bodies (extraction only needs symbol shapes + doc comments)
  • Raw .env values — we record variable names, never their values
  • TODO comment bodies that contain a detected secret pattern (the whole marker is dropped rather than redacted, because a redaction placeholder is confusing)
  • Git blame content when gitMetadataMode: disabled
  • MCP response bodies (the local log records argument + envelope only; see MCP logging)

Data we do collect (all in-scope for the graph ship to S3):

  • Symbol names, signatures, source locations
  • File paths + line counts
  • Short doc-comment summaries (first paragraph, scrubbed)
  • Type aliases, extends / implements / call / references edges
  • Optional author identifiers under gitMetadataMode: full | hashed

Enterprise privacy options

ControlWhereDefault (Enterprise)Default (Pro)
gitMetadataModeOps → Privacy Shieldhashedfull
sensitivity patternsOps → SensitivitySeeded defaultsSeeded defaults
MCP local loggingrepowise mcp-log on/offoffoff
Context uploadAlways opt-inoffoff

Salt destruction path: each tenant has a 32-byte HMAC salt stored in AWS Secrets Manager. disabled mode short-circuits collection; a full erasure request destroys the salt (crypto-shred via Secrets Manager delete-secret --force-delete-without-recovery), which makes every hashed-mode identity unrecoverable across every past scan.

Reporting a vulnerability

Email security@repowise.ai. We acknowledge within 1 business day and keep you updated on remediation timing.