Skip to content

Security and local data

ReviewArc is local-first. Application state lives in the macOS application support directory, including inbox settings, managed Git caches, structured analysis, review progress, private notes, drafts, and publication history.

ReviewArc does not use or modify your working repositories. It creates isolated, bare Git caches under its own application storage and materializes only the revisions needed for review.

Git hooks are disabled for managed operations. ReviewArc never runs project build commands, test commands, package scripts, or arbitrary repository instructions.

GitHub authentication is delegated to your installed gh CLI. ReviewArc does not store a separate GitHub token. The Git transport follows the active account’s gh protocol setting.

Codex runs in read-only mode with structured output. ReviewArc validates AI-provided paths and line ranges before displaying them and labels unsupported claims as unverified.

Network access is limited to the services required for the workflow: GitHub for repository and pull request data, managed Git remotes for revision fetches, and Codex for the analysis you explicitly start.

Analysis, chapter progress, notes, and draft comments remain local. Only the explicitly previewed and confirmed review payload is sent to GitHub.