caretta Help

Security and privacy

This page documents security-relevant behavior and privacy controls in caretta.

Secret handling

caretta separates non-secret configuration from secret material:

  • Non-secret settings are stored in caretta.toml.

  • Secrets such as tokens, PEM keys, and local inference API keys are stored via OS credential vault/keychain mechanisms.

Do not commit secrets to repository configuration files.

Code review bot identity

code-review operations require a bot identity separate from the PR author to satisfy GitHub review constraints.

Recommended setup is a dedicated GitHub App with minimum required repository permissions.

Telemetry model

caretta integrates anonymous usage telemetry for product and reliability improvement.

Design constraints:

  • No collection of user prompt/content payloads.

  • No PII by design.

  • Endpoint and app identity are fixed in code.

Telemetry can be disabled via environment variables or caretta.toml.

Telemetry opt-out methods

Global opt-out:

export DO_NOT_TRACK=1

Application opt-out:

export CARETTA_NO_TELEMETRY=1

Config opt-out:

[telemetry] enabled = false

Local security review support

caretta includes a security-review action and security findings UI panel. Use these for routine checks during PR review and release preparation.

Practical security guidance

  • Prefer least-privilege tokens and app scopes.

  • Use short-lived credentials whenever platform support exists.

  • Rotate bot credentials on schedule or after exposure events.

  • Audit .github/labels.yml creation in repositories where policy controls metadata writes.

Last modified: 02 July 2026