Security

Data handling

• hall-monitor processes webhook payloads from GitHub and events from Slack. It stores event metadata (PR titles, commit SHAs, deployment IDs, timestamps) to maintain thread state.
• Source code is never read, stored, or transmitted. Webhook payloads contain metadata only — diffs and file contents are not included in the events hall-monitor receives.
• No personal data is collected beyond what's present in webhook payloads (Git author names, GitHub usernames).

Authentication and access

• GitHub webhooks are validated using HMAC-SHA256 with a per-installation secret. Invalid or missing signatures are rejected immediately.
• Slack events are verified using Slack's signing secret. The bot uses the minimum required OAuth scopes: chat:write, chat:write.public, reactions:read, and channels:history.
• API keys are scoped per workspace and can be rotated from the dashboard at any time.

Infrastructure

• Each workspace's data is logically separated at the database level via tenant isolation.
• All data in transit is encrypted via TLS.

Vulnerability reporting

• Responsible disclosure: security issues can be reported to security@hall-monitor.dev. We aim to acknowledge within 48 hours.

Security roadmap

We're actively working toward these. They're planned, not yet in place.

• Encryption at rest (AES-256) for all stored data
• SSO / SAML support for dashboard access (Okta, Azure AD, Google Workspace)
• SOC 2 Type II audit
• GDPR-compliant data processing with Data Processing Agreements (DPAs)
• Configurable event data retention periods
• Automated dependency vulnerability scanning in CI
• Regular third-party penetration testing
• Automated database backups with defined RPO/RTO targets