GitHub app boundaries · GSCDump

[gscdump](https://gscdump.com/ "Home")

- [Tools](https://gscdump.com/tools)
- [Learn](https://gscdump.com/learn-google-search-console)
- [MCP](https://gscdump.com/mcp)
- [Pricing](https://gscdump.com/pricing)

[gscdump on GitHub](https://github.com/harlan-zw/gscdump) [ Sign In](https://gscdump.com/auth/google)

gscdump(7)TRUST · GITHUB APP BOUNDARIESgscdump(7)

1.0NAMEREV. 1 · APR 2026

<dl><dt>trust</dt>
<dd>— how the github app works · what it cannot do</dd></dl># How the github appworks.

gscdump can write pull requests on the repos you install it on. This page documents every boundary — what the app can read, what it can write, what it will never do, and how we handle your data. No legalese, no marketing.

> Runs on a schedule you set. Opens PRs you review. Never commits without explicit permission. Never watches your other work.

2.0PERMISSIONSEXACT SCOPES

The exact scopes we request when you install the GitHub App. Anything not listed here is not requested.

TABLE · github app scopes7 scopes

| scope | level | why |
| --- | --- | --- |
| Contents | R+W (branches) | Read code to detect SEO issues. Write commits to a feature branch prefixed `gscdump/`. Never pushes to main. |
| Pull requests | R+W | Open PRs with proposed fixes. Add descriptions. You decide whether to merge. |
| Metadata | Read | Required by GitHub for any app install. |
| Checks | Write | Post verification results (URL Inspection, GSC re-crawl outcome) as a check on the PR. |
| Issues | None | We do not read or write issues. Out of scope. |
| Actions | None | We do not read or modify GitHub Actions workflows. |
| Secrets | None | We never read repo secrets or environment variables. |

3.0HARD COMMITMENTSNEVER LIST

- [!]Never commits without explicit permission Fixes are proposed as pull requests on a feature branch. Your existing branch protection rules and CODEOWNERS apply.
- [!]Never self-merges The agent cannot merge its own PRs. A human merges, or the PR expires.
- [!]Never force-pushes or rewrites history All commits are new commits. Lockfiles are not touched.
- [!]Never watches your other PRs Unlike AI code review tools, gscdump is dormant between scheduled audits and ad-hoc invocations. No PR comments, no push-event subscriptions.
- [!]Runs on a schedule you set Monthly cadence by default. You choose weekly, monthly, or disabled. You can invoke manually from the dashboard or via MCP.
- [!]Deterministic fixes are deterministic Tier 1 fixes (canonical, meta description, noindex, sitemap, alt) are AST codemods using ts-morph — not LLM-generated code. LLMs only draft the PR description.

4.0DATA HANDLINGWHAT WE TOUCH

Your data, in transit and at rest, with the exact retention boundary for each scope.

§ GSC data

Stored in a Cloudflare D1 database and R2 parquet bucket dedicated to your account. Encrypted at rest. You can export or delete everything via the dashboard.

§ Repo contents during an audit

Shallow-cloned into an ephemeral Fly Machine. Touched files are analysed in memory. The machine is destroyed after the PR is pushed. No code persists outside the audit run.

§ Secrets in repo files

Redacted from logs. Never sent to LLMs. The audit pipeline refuses to read files matching `.env*`, `*.pem`, `*.key`, `secrets/*`.

§ LLM inputs

Only the diff we generated and the issue type are sent to the LLM (for PR description drafting). Your code is never sent verbatim. Anthropic is the LLM provider with zero-retention terms.

§ Analytics

Anonymous aggregated usage metrics only. No individual user behaviour is tracked.

5.0COMPLIANCECERTIFICATION ROADMAP

Small team. We prioritise real security primitives (scoped permissions, ephemeral compute, no retained secrets) over paperwork, and ship certifications when a paying customer requires them. If your procurement needs something below sooner, email us.

DPA

on-request

Email hello@gscdump.com

SOC 2 Type I

in-progress

Targeted on first enterprise agreement

SOC 2 Type II

roadmap

After Type I + 6 months evidence

ISO 27001

not-yet

Based on customer demand

HIPAA

n/a

gscdump does not handle PHI

6.0QUESTIONSFAQ · 6

Can the agent push to my main branch?

What if I uninstall the app mid-audit?

Does the agent read every file in my repo?

Who is liable if a bad fix breaks my site?

How do I report a security issue?

Is the codemod library open source?

7.0SEE ALSO · CONTACTEND

§ contact

still have questions? email [hello@gscdump.com](https://gscdump.com/mailto:hello@gscdump.com) or [security@gscdump.com](https://gscdump.com/mailto:security@gscdump.com) for security issues.

[← Back to home](https://gscdump.com/)

END OF TRUSTpage 7 of 72026-04 · rev. 1

§ colophon

gscdump

A primitive for adding Google Search Console data anywhere. Open source. MIT licensed. Built by [Harlan Zw](https://harlanzw.com).

[GitHub](https://github.com/harlan-zw/gscdump) [Twitter / X](https://twitter.com/harlan_zw) [Discord](https://discord.gg/275MBUBvgP)

§ resources

- [▸Documentation](https://gscdump.com/learn-google-search-console)
- [▸API Guide](https://gscdump.com/learn-google-search-console/api)
- [▸MCP & Agents](https://gscdump.com/learn-google-search-console/ai-agents)
- [▸Pricing](https://gscdump.com/pricing)
- [▸Trust & Security](https://gscdump.com/trust)

§ see also

<dl>

<dt>man(1)</dt>
<dd>Linux man-pages</dd>

<dt>mysqldump(1)</dt>
<dd>MySQL data export</dd>

<dt>curl(1)</dt>
<dd>URL transfer tool</dd>

<dt>git(1)</dt>
<dd>Distributed VCS</dd></dl>

© 2026 · MITprinted for engineers2026-04 · rev. 1