Security: Coreledger-tech/code-porter
Security
Credentials are provided via environment variables or mounted files.
Credentials are never persisted to database rows.
Credentials are never written to evidence artifacts.
Private key loaded from GITHUB_APP_PRIVATE_KEY_PATH.
Installation tokens are short-lived and generated at runtime.
Tokens cached only in memory and refreshed before expiry.
GITHUB_TOKEN remains available for local development.PAT mode should be disabled in hosted pilot environments.
rotate key in GitHub App settings
update mounted PEM file
restart API/worker pods
issue new token
replace secret
revoke old token
GitHub permissions restricted to:
contents:writepull_requests:writemetadata:readNo admin scopes required.
run identifiers: runId, campaignId, projectId
queue/job transitions
workflow stage start/end
error classes and failure kinds
durations and retry counts
Authorization headers
token values (ghp_, bearer tokens, JWTs)
private key material
full signed URLs when they contain credentials/signature query params
sanitize token-like substrings in error output before persistence/logging
redact x-access-token:<value>@ patterns in git URLs
do not include secret-bearing env vars in diagnostics
Data Retention and Artifacts
Evidence bundles include deterministic workflow outputs and checksums only.
Run events are retained for pilot observability and troubleshooting.
TTL cleanup jobs remove stale workspace/evidence cache directories.
Auth failures:
verify app installation ID/app ID/private key path
verify app repo access and permissions
Queue stalls:
inspect worker heartbeat/logs
inspect run_jobs locks/timeouts and retry counters
Secret exposure suspicion:
rotate credentials immediately
invalidate tokens
preserve sanitized logs and audit run/event records
There aren’t any published security advisories
You can’t perform that action at this time.