Public repositories
We clone your public repo into an ephemeral container, run the assessment, generate the report, and destroy the container. The container has no persistent disk — everything lives in RAM for the duration of the job. After the report is written, the container is terminated.
Public code is already public. We retain only the sanitized report: repository name, pillar scores, findings, and remediation suggestions. No code content.
Private repositories via GitHub OAuth
You authenticate with GitHub. We request the minimum possible scope: read:user and repo:read. The resulting access token is short-lived and is used exactly once — to clone your repo into the same ephemeral container we use for public repos.
The token is never stored to disk. It exists only in the memory of the worker process, and it expires within the container's 60-second lifetime. We do not retain OAuth tokens beyond the minimum necessary for the assessment.
All the same guarantees as public-repo assessment apply: RAM-only scratch space, restricted network egress, automatic self-destruction, sanitized report only.
Self-hosted CARL
For teams with stricter requirements, CARL is available as a self-hosted Docker image. You run it inside your own infrastructure. Your code never reaches Wentzel.ai servers. Only the report is yours to keep.
What we never do
- We never store source code from your repos.
- We never log file contents.
- We never use your code for training.
- We never share your code or reports with third parties.
- We never scan outside the scope of the repository you submit.
What we retain
We retain these data for each assessment:
- Repository identifier (e.g.,
vercel/next.js) - Commit hash assessed
- Timestamp of assessment
- Pillar scores and CARL level
- Structural findings (e.g., "Has ESLint config," "Lacks AGENTS.md")
- Remediation suggestions generated from the findings
- User account (if authenticated)
We retain these for the lifetime of your account or up to the retention window specified in our Privacy Policy, whichever is shorter.
Audit log
Every repository clone, every assessment, every report write is logged to an immutable audit log with the container identifier and timestamp. If you believe your code was improperly handled, we can prove otherwise — or prove you right.
Security disclosures
If you discover a security issue with CARL, email security@wentzel.ai. We respond within 24 hours.