Security

Last updated: January 29, 2026

This document provides security-relevant information about gitspine for enterprise security reviews and compliance assessments.

Architecture Overview

gitspine is a local terminal application (TUI) for visualizing and interacting with git repositories. It runs entirely on the user's machine with no server-side component beyond license validation.

Technology Stack

Language: Rust (memory-safe systems language)
Git Operations: libgit2 via the git2 crate, with fallback to git CLI for specific operations (rebase, push)
UI Framework: Ratatui/Crossterm (terminal rendering)
Distribution: Native binary (no runtime dependencies)

Security Benefits of Rust

Memory safety without garbage collection - prevents buffer overflows, use-after-free, and other memory corruption vulnerabilities
Thread safety guaranteed at compile time
No null pointer dereferences

Network Activity

Outbound Connections

gitspine makes network requests to exactly one endpoint:

Endpoint	Purpose	Protocol	Frequency
`api.lemonsqueezy.com`	License validation	HTTPS (TLS 1.2+)	On launch, ~every 48 hours

Data Transmitted

License validation requests contain only:

License key (user-provided)
Instance identifier (locally generated UUID)

No repository data, file contents, paths, commit messages, or other sensitive information is ever transmitted.

Offline Operation

After initial validation, gitspine can operate offline for up to 30 days with a valid license. If network access to api.lemonsqueezy.com is blocked, previously validated licenses continue to work within this grace period.

Firewall Configuration

To allow license validation while restricting other access:

Allow outbound HTTPS (port 443) to api.lemonsqueezy.com
No inbound connections required
No other outbound connections required by gitspine itself

Note: Git operations (push, fetch, clone) use your existing git/ssh configuration and are separate from gitspine's network requirements.

Data Handling

Local Data Storage

gitspine stores configuration data in:

Linux/macOS: ~/.config/gg/license.json

This file contains license information only (key, validation timestamps, customer name). It is created with standard user permissions (readable/writable by the user only).

Temporary Files

Commit message drafts are temporarily written to the system temp directory when invoking an external editor. These files are deleted when the editor closes.

Repository Access

gitspine reads and writes files only within git repositories you explicitly open:

Reads: Git object database, working tree files, config files
Writes: Staging/unstaging changes, creating commits, branch operations

All git operations use the same permissions as your user account. gitspine does not request or use elevated privileges.

Credential Handling

gitspine does not implement its own credential storage. All authentication for git operations (SSH keys, HTTPS credentials) is delegated to your system's git credential configuration. gitspine never has access to your passwords or tokens.

External Processes

gitspine may spawn the following external processes:

git: For rebase, push, and checkout operations (arguments passed via array, not shell)
$EDITOR / $VISUAL: For editing commit messages
Clipboard utilities: pbcopy (macOS), xclip/xsel/wl-copy (Linux) for SHA copying

All subprocess invocations use safe argument passing (arrays, not shell strings) to prevent command injection.

Dependencies

Key dependencies (Rust crates):

Crate	Version	Purpose
git2	0.20	Git operations (libgit2 bindings)
ratatui	0.30	Terminal UI rendering
crossterm	0.29	Cross-platform terminal control
ureq	2.x	HTTP client (license validation)
serde / serde_json	1.x	JSON serialization
chrono	0.4	Date/time handling
notify	6.x	Filesystem watching

A full dependency list can be provided upon request. All dependencies are sourced from crates.io, the official Rust package registry.

Permissions Required

File system: Read/write access to git repositories and ~/.config/gg/
Network: Outbound HTTPS to api.lemonsqueezy.com
Process execution: Ability to spawn git, editor, and clipboard commands

No elevated privileges (root/admin) are required or requested.

Vulnerability Disclosure

If you discover a security vulnerability in gitspine, please report it responsibly:

Email: nick@pachulski.me
Response time: We aim to acknowledge reports within 48 hours

Please include a detailed description of the vulnerability, steps to reproduce, and any relevant technical details. We appreciate responsible disclosure and will credit researchers (with permission) in our release notes.

Compliance Notes

No personal data processing beyond license validation (minimal GDPR scope)
No cloud storage of customer data
Payment processing handled by Lemon Squeezy (PCI DSS compliant)
TLS 1.2+ for all network communications

Third-Party Service

Lemon Squeezy (lemonsqueezy.com) is our payment processor and license management provider. They handle:

Payment card processing
License key generation and validation
Subscription management

Lemon Squeezy is a merchant of record and handles compliance with payment regulations. Their security practices are documented on their website.

Contact

For security questions or to request additional documentation for your security review, contact nick@pachulski.me.