Security and privacy
This page documents security-relevant behavior and privacy controls in caretta.
Secret handling
caretta separates non-secret configuration from secret material:
Non-secret settings are stored in
caretta.toml.Secrets such as tokens, PEM keys, and local inference API keys are stored via OS credential vault/keychain mechanisms.
Do not commit secrets to repository configuration files.
Code review bot identity
code-review operations require a bot identity separate from the PR author to satisfy GitHub review constraints.
Recommended setup is a dedicated GitHub App with minimum required repository permissions.
Telemetry model
caretta integrates anonymous usage telemetry for product and reliability improvement.
Design constraints:
No collection of user prompt/content payloads.
No PII by design.
Endpoint and app identity are fixed in code.
Telemetry can be disabled via environment variables or caretta.toml.
Telemetry opt-out methods
Global opt-out:
Application opt-out:
Config opt-out:
Local security review support
caretta includes a security-review action and security findings UI panel. Use these for routine checks during PR review and release preparation.
Practical security guidance
Prefer least-privilege tokens and app scopes.
Use short-lived credentials whenever platform support exists.
Rotate bot credentials on schedule or after exposure events.
Audit
.github/labels.ymlcreation in repositories where policy controls metadata writes.