Skip to content
reveren
PricingManifestoGitHub
Security posture

Security

Last updated: May 2026 · Pre-launch

Bring your own keys. The reveren CLI runs locally on your machine. Your model API keys (Claude, OpenAI, GitHub Copilot) stay in your environment, your code stays on your disk, and your prompts and model responses never round-trip through us. That is the most important sentence on this page; everything else describes how we keep it that way.

How the CLI handles your data

The CLI is a Node binary distributed on npm under the BSL + Additional Use Grant. When you run a protocol, it:

  • reads files from the current working directory (and only the current working directory) using your operating system's file permissions;
  • loads model provider credentials from your environment or your shell's credential store, never from any reveren-controlled location;
  • calls the model provider directly over TLS — no reveren proxy in the path;
  • writes results back to your working directory, leaving a diff for you to review and commit.

There is no background daemon, no auto-update channel that runs without your invocation, and no telemetry on by default. If a future opt-in telemetry feature is added, it will be disabled by default, prompted on first run, and described in the CLI's own output before any data leaves your machine.

Today, pre-launch

We don't yet operate any production infrastructure beyond this marketing site. There is no dashboard, no shared database, no authenticated surface. The waitlist endpoint validates an email address and stores it on Postgres (Neon, encrypted at rest, TLS in transit) with the sole purpose of emailing you when the CLI is generally available.

The site itself is a static Next.js build hosted on Vercel. We use standard browser security headers (Content Security Policy,Strict-Transport-Security, X-Content-Type-Options, referrer policy) and we do not embed third-party analytics or advertising scripts.

At launch (Phase 1)

The hosted dashboard ships with:

  • TLS everywhere. All traffic between your browser, the dashboard, and our database is encrypted in transit.
  • Encrypted at rest. Application data lives in Postgres on Neon, with disk encryption applied by the provider.
  • Auth.js with OAuth. Sign-in is via GitHub or Google. We do not store passwords; sessions are first-party, HTTPS-only, signed cookies.
  • Per-tenant row isolation. Workspace data is scoped by tenant on every query. Cross-tenant access is enforced at the database layer, not just the application layer.
  • Least-privilege OAuth scopes. The GitHub App integration requests only the repository permissions strictly needed by the protocols you install on a given repository.
  • Audit log. Team and Enterprise tiers include an auditable record of who ran what and when, exposed back to you.
  • SOC 2 Type II in progress. We expect to have a report in hand before the dashboard exits private beta. This page will be replaced by a Trust Center once reports are available.

Subprocessors and supply chain

We rely on a small set of vendors. The current list is maintained on the Data Processing Agreement page and is refreshed whenever it changes. Each vendor we use has its own published security and compliance posture; we choose vendors with SOC 2 Type II or equivalent.

For the npm distribution, we publish from a CI pipeline that requires two-factor authentication on the publishing account, and we sign releases. Tags are GPG-signed. We track upstream advisories on every dependency we ship and patch high-severity findings as part of our regular release cadence.

Code we generate, code you ship

Reveren produces code suggestions and patches. You are the one who reviews them, runs your tests, and decides whether to merge. We don't commit to your repository on your behalf; the CLI leaves a diff, and the GitHub App integration (at launch) opens a pull request — never a force-push.

Reporting a vulnerability

Email security@reveren.ai. Please do not file public issues for security findings. We acknowledge within 72 hours, aim to triage within five business days, and will credit responsible disclosure on this page once a fix has shipped (with your permission). If you need to send anything sensitive, ask in your first email and we'll respond with a PGP key.

Supported versions

We maintain security patches on the latest minor release and the previous one. If you're on something older, the upgrade path is the recommended response for any reported issue.