gitorii 0.1.6

A human-first Git client with simplified commands, snapshots, multi-platform mirrors and built-in secret scanning
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195

# Security Policy

**Read this in other languages**: [Español](docs/i18n/security/SECURITY.es.md) | [日本語](docs/i18n/security/SECURITY.ja.md) | [Deutsch](docs/i18n/security/SECURITY.de.md) | [Français](docs/i18n/security/SECURITY.fr.md)

## 🔒 Reporting a Vulnerability

**Please DO NOT open a public issue for security vulnerabilities.**

### How to Report

Send security vulnerabilities to: **paski@paski.dev**

Include in your report:
- Description of the vulnerability
- Steps to reproduce
- Affected versions
- Potential impact
- Suggested fix (if you have one)

### What to Expect

- **Acknowledgment**: Within 48 hours
- **Initial Assessment**: Within 5 business days
- **Status Updates**: Every 7 days until resolved
- **Public Disclosure**: After fix is released (coordinated disclosure)

### Responsible Disclosure

We follow responsible disclosure practices:

1. You report the vulnerability privately
2. We confirm and investigate
3. We develop and test a fix
4. We release the fix
5. We publicly disclose (with credit to you if desired)
6. You can publish your findings after disclosure

## 🛡️ Security Features in Torii

### Credentials Management

- ✅ Credentials stored in OS keychain (not plaintext)
- ✅ Support for SSH keys and tokens
- ✅ OAuth flows for GitHub/GitLab/Bitbucket
- ❌ Never logs credentials
- ❌ Never transmits credentials except to authenticated endpoints

### Snapshot Security

- Snapshots are **local-only** by default
- Sensitive files (`.env`, credentials) excluded from snapshots
- Snapshots encrypted at rest (optional, configurable)
- Auto-cleanup prevents unlimited disk usage

### Network Security

- ✅ TLS for all external communications
- ✅ Certificate pinning for critical endpoints
- ✅ Webhook signature verification
- ❌ No telemetry or tracking by default

### Code Analysis Security

- AI analysis runs **locally** by default
- Premium tier analysis: data encrypted in transit
- No code sent to third parties without explicit consent
- You can review analysis queries before sending

## 🔐 Supported Versions

We provide security updates for:

| Version | Supported          |
| ------- | ------------------ |
| 0.x.x   | :white_check_mark: |

Once 1.0 is released:

| Version | Supported          |
| ------- | ------------------ |
| 1.x.x   | :white_check_mark: |
| < 1.0   | :x:                |

## 🚨 Known Security Considerations

### Git Protocol Security

Torii inherits security properties of `git2-rs` and `libgit2`:
- SSH key management follows git standards
- HTTPS uses system certificate stores
- Git hooks are **disabled by default** (security risk)

### Snapshot Privacy

**Important**: Snapshots may contain:
- Uncommitted code
- API keys in files (if not in .toriignore)
- Passwords in config files
- Personal data in test files

**Recommendation**: 
- Use `.toriignore` properly
- Enable snapshot encryption
- Review snapshot contents before sharing

### Mirror Sync Security

When syncing to mirrors:
- Credentials for each platform stored separately
- Sync operations use platform APIs (not git protocol)
- Webhook secrets rotated periodically
- Failed auth attempts logged and rate-limited

## 🛠️ Security Best Practices for Users

### Credentials

```bash
# ✅ Good: Use SSH keys
torii config --auth-method ssh

# ✅ Good: Use tokens with minimal scope
torii config --token <token> --scope "repo:read,repo:write"

# ❌ Bad: Store credentials in plaintext
# Never do: git config credential.helper store
```

### Snapshots

```toml
# .torii/config.toml

[snapshots]
enabled = true
encrypt = true  # ✅ Recommended
exclude_patterns = [
    "**/.env*",
    "**/credentials.json",
    "**/*_rsa",
    "**/*.key",
]
```

### Mirror Sync

```toml
[mirrors]
# ✅ Good: Use deploy keys (read-only on mirrors)
[[mirrors.github]]
url = "https://github.com/user/repo"
auth_method = "deploy_key"
permissions = "read"

# ⚠️ Caution: Personal access tokens have broad scope
# Use with minimal permissions only
```

## 📋 Security Checklist for Contributors

Before submitting code:

- [ ] No hardcoded credentials or API keys
- [ ] No use of `unwrap()` on user input
- [ ] Input validation for all external data
- [ ] Proper error handling (no panic on bad input)
- [ ] Dependency review (cargo audit)
- [ ] No `unsafe` blocks without justification
- [ ] Sensitive data sanitized from logs

## 🔍 Security Audits

We welcome security audits of Torii. If you're conducting an audit:

1. Email paski@paski.dev with your intent
2. We'll provide guidance on scope and priorities
3. You can request clarification on implementation details
4. Report findings according to responsible disclosure above

## 🏆 Security Hall of Fame

Security researchers who have responsibly disclosed vulnerabilities:

<!-- Will be populated as researchers contribute -->
_No reports yet - be the first!_

## 📞 Contact

- **Security Issues**: paski@paski.dev
- **General Contact**: paski@paski.dev
- **PGP Key**: [To be published]

---

**Last Updated**: 2026-04-09