Architecture & Privacy
Last updated: April 25, 2026
This page documents how Zarev Pro processes your data technically. The backend code stays closed source but the architecture is public: you must be able to know exactly what leaves your machine.
Data flow
When you run the Zarev CLI, here's exactly what happens:
┌─────────────────────────────────────────────────────────────┐
│ YOUR MACHINE (local-first) │
│ │
│ ~/.claude/ scan + parse ┌─────────────────┐ │
│ ├─ .mcp.json ─────────────────────▶│ CLI (Node) │ │
│ ├─ skills/ │ │ │
│ └─ hooks/ │ Gitleaks strip │ │
│ │ (~150 patterns)│ │
│ ~/.zarev/ │ │ │ │
│ └─ audit.log ◀──── append ──────────│ ▼ │ │
│ │ Preview UI │ │
│ └─────────┬───────┘ │
└──────────────────────────────────────────────────│──────────┘
│ HTTPS / TLS 1.3
│ Bearer token
▼
┌─────────────────────────────────────────────────────────────┐
│ ZAREV BACKEND (Supabase EU + Vercel) │
│ │
│ POST /api/v1/zarev/match ─────▶ Supabase EU (Frankfurt) │
│ │ │ │
│ │ ▼ │
│ │ RLS scoring │
│ │ │
│ POST /api/v1/zarev/brief-prompt ─▶ Anthropic (US, SCC+DPF) │
│ Claude Haiku │
│ │ │
│ ▼ │
│ JSON response │
│ (5 min cache) │
└─────────────────────────────────────────────────────────────┘Threat model
The 4 main threats we address in V0.1:
1. Secret leak (API keys, tokens)
Mitigation — Gitleaks pre-strip with ~150 patterns (sk-*, GITHUB_TOKEN, AWS_*, OPENAI_API_KEY, etc.) + heuristic on long hex/base64 values in .env* files. Mandatory UI preview before each upload: you see the exact payload, you can cancel.
2. Network man-in-the-middle
Mitigation — TLS 1.3 mandatory, invalid certs rejected by the CLI. No HTTP fallback.
3. Prompt injection via brief
Mitigation — the Anthropic system prompt strictly isolates the stack context from user content. No exfiltration possible: the brief has no access to past conversations or other users' DB.
4. Data exfiltration via generated brief
Mitigation — the brief contains only Claude recommendations, never raw echo of the scanned stack. Output payload is validated server-side before returning to the CLI.
Fields sent to the backend
Exhaustive list of what the CLI sends to POST /api/v1/zarev/match and POST /api/v1/zarev/brief-prompt:
stack_hash: SHA-256 of stack fingerprint (deterministic, no PII).mcps: list of detected MCPs (slug, version, transport — no config values).skills: list of Skills (slug, version — no prompt content).hooks: list of Claude Code hooks (event, script-name — no body).runtime: os (darwin/linux/win32), node version, claude-cli version. No hostname or username.user_id: Supabase UUID, linked to your Pro account. Sent only when authenticated.
Before/after strip example
Before strip (local .mcp.json file):
{
"mcpServers": {
"supabase": {
"command": "npx",
"args": ["-y", "@supabase/mcp-server-supabase"],
"env": {
"SUPABASE_URL": "https://xyz.supabase.co",
"SUPABASE_SERVICE_ROLE_KEY": "eyJhbGc...REDACTED..."
}
}
}
}After strip (sent to backend):
{
"stack_hash": "sha256:b1946ac9...",
"mcps": [
{
"slug": "supabase",
"transport": "stdio",
"version": "0.1.4"
}
],
"runtime": {
"os": "darwin",
"node": "20.11.1",
"claude_cli": "1.4.2"
}
}Going further
- Security policy: /legal/security.
- Privacy policy: /legal/privacy.
- SECURITY.md on the repo: github.com/Arch-s-Technologies/pulse.