Security

Last updated: January 29, 2026

This document provides security-relevant information about gitspine for enterprise security reviews and compliance assessments.

Architecture Overview

gitspine is a local terminal application (TUI) for visualizing and interacting with git repositories. It runs entirely on the user's machine with no server-side component and no network activity of any kind.

Technology Stack

Language: Rust (memory-safe systems language)
Git Operations: libgit2 via the git2 crate, with fallback to git CLI for specific operations (rebase, push)
UI Framework: Ratatui/Crossterm (terminal rendering)
Distribution: Native binary (no runtime dependencies)

Security Benefits of Rust

Memory safety without garbage collection - prevents buffer overflows, use-after-free, and other memory corruption vulnerabilities
Thread safety guaranteed at compile time
No null pointer dereferences

Network Activity

gitspine makes no network requests. No telemetry, no validation, no analytics. The binary runs fully offline.

Note: Git operations (push, fetch, clone) you initiate use your existing git/ssh configuration and are separate from gitspine itself.

Data Handling

Local Data Storage

gitspine stores no configuration of its own. There is no settings file, no cache directory, no local database.

Temporary Files

Commit message drafts are temporarily written to the system temp directory when invoking an external editor. These files are deleted when the editor closes.

Repository Access

gitspine reads and writes files only within git repositories you explicitly open:

Reads: Git object database, working tree files, config files
Writes: Staging/unstaging changes, creating commits, branch operations

All git operations use the same permissions as your user account. gitspine does not request or use elevated privileges.

Credential Handling

gitspine does not implement its own credential storage. All authentication for git operations (SSH keys, HTTPS credentials) is delegated to your system's git credential configuration. gitspine never has access to your passwords or tokens.

External Processes

gitspine may spawn the following external processes:

git: For rebase, push, and checkout operations (arguments passed via array, not shell)
$EDITOR / $VISUAL: For editing commit messages
Clipboard utilities: pbcopy (macOS), xclip/xsel/wl-copy (Linux) for SHA copying

All subprocess invocations use safe argument passing (arrays, not shell strings) to prevent command injection.

Dependencies

Key dependencies (Rust crates):

Crate	Version	Purpose
git2	0.20	Git operations (libgit2 bindings)
ratatui	0.30	Terminal UI rendering
crossterm	0.29	Cross-platform terminal control
chrono	0.4	Date/time handling
notify	6.x	Filesystem watching

A full dependency list can be provided upon request. All dependencies are sourced from crates.io, the official Rust package registry.

Permissions Required

File system: Read/write access to git repositories you open
Network: None
Process execution: Ability to spawn git, editor, and clipboard commands

No elevated privileges (root/admin) are required or requested.

Vulnerability Disclosure

If you discover a security vulnerability in gitspine, please report it responsibly:

Email: nick@pachulski.me
Response time: We aim to acknowledge reports within 48 hours

Please include a detailed description of the vulnerability, steps to reproduce, and any relevant technical details. We appreciate responsible disclosure and will credit researchers (with permission) in our release notes.

Compliance Notes

No personal data processing (out of GDPR scope)
No cloud storage of customer data
No third-party services involved

Contact

For security questions or to request additional documentation for your security review, contact nick@pachulski.me.