{"id":34550527,"url":"https://github.com/scidsg/hushline","last_synced_at":"2026-06-04T05:01:53.121Z","repository":{"id":148390525,"uuid":"620069905","full_name":"scidsg/hushline","owner":"scidsg","description":"Anonymous, end-to-end encrypted tip lines for organizations and individuals.","archived":false,"fork":false,"pushed_at":"2026-05-09T17:05:58.000Z","size":111221,"stargazers_count":127,"open_issues_count":2,"forks_count":24,"subscribers_count":2,"default_branch":"main","last_synced_at":"2026-05-09T18:31:29.465Z","etag":null,"topics":["anonymity","end-to-end-encryption","flask","human-rights","journalism","nonprofit","pgp","privacy","python","secure-messaging","security","source-protection","tipline","tor","whistleblowing"],"latest_commit_sha":null,"homepage":"https://hushline.app","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/scidsg.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null},"funding":{"open_collective":"hushline"}},"created_at":"2023-03-28T01:06:05.000Z","updated_at":"2026-05-09T17:04:25.000Z","dependencies_parsed_at":"2026-03-13T07:13:28.604Z","dependency_job_id":null,"html_url":"https://github.com/scidsg/hushline","commit_stats":{"total_commits":2831,"total_committers":15,"mean_commits":"188.73333333333332","dds":"0.24478982691628404","last_synced_commit":"b898bd43c7cec58894b46181e7c726b6a8489178"},"previous_names":["scidsg/hushline","scidsg/hush-line"],"tags_count":405,"template":false,"template_full_name":null,"purl":"pkg:github/scidsg/hushline","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/scidsg%2Fhushline","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/scidsg%2Fhushline/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/scidsg%2Fhushline/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/scidsg%2Fhushline/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/scidsg","download_url":"https://codeload.github.com/scidsg/hushline/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/scidsg%2Fhushline/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32924388,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-11T17:09:15.040Z","status":"online","status_checked_at":"2026-05-12T02:00:06.338Z","response_time":102,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["anonymity","end-to-end-encryption","flask","human-rights","journalism","nonprofit","pgp","privacy","python","secure-messaging","security","source-protection","tipline","tor","whistleblowing"],"created_at":"2025-12-24T07:59:15.625Z","updated_at":"2026-06-04T05:01:53.113Z","avatar_url":"https://github.com/scidsg.png","language":"Python","funding_links":["https://opencollective.com/hushline"],"categories":[],"sub_categories":[],"readme":"# Hush Line\n\n[Hush Line](https://hushline.app) is an open source whistleblower platform for secure, anonymous, one-way disclosures to journalists, lawyers, and other trusted recipients.\n\nHosted service: \u003chttps://tips.hushline.app\u003e \nStart here: \u003chttps://hushline.app/library/docs/getting-started/start-here/\u003e\n\n[![Accessibility](https://github.com/scidsg/hushline/actions/workflows/lighthouse.yml/badge.svg)](https://github.com/scidsg/hushline/actions/workflows/lighthouse.yml)\n[![Performance](https://github.com/scidsg/hushline/actions/workflows/lighthouse-performance.yml/badge.svg)](https://github.com/scidsg/hushline/actions/workflows/lighthouse-performance.yml)\n[![Run Linter and Tests](https://github.com/scidsg/hushline/actions/workflows/tests.yml/badge.svg)](https://github.com/scidsg/hushline/actions/workflows/tests.yml)\n[![GDPR Compliance](https://github.com/scidsg/hushline/actions/workflows/gdpr-compliance.yml/badge.svg)](https://github.com/scidsg/hushline/actions/workflows/gdpr-compliance.yml)\n[![CCPA Compliance](https://github.com/scidsg/hushline/actions/workflows/ccpa-compliance.yml/badge.svg)](https://github.com/scidsg/hushline/actions/workflows/ccpa-compliance.yml)\n[![Database Migration Compatibility Tests](https://github.com/scidsg/hushline/actions/workflows/migration-smoke.yml/badge.svg)](https://github.com/scidsg/hushline/actions/workflows/migration-smoke.yml)\n[![E2EE and Privacy Regressions](https://github.com/scidsg/hushline/actions/workflows/e2ee-privacy-regressions.yml/badge.svg)](https://github.com/scidsg/hushline/actions/workflows/e2ee-privacy-regressions.yml)\n[![Workflow Security Checks](https://github.com/scidsg/hushline/actions/workflows/workflow-security.yml/badge.svg)](https://github.com/scidsg/hushline/actions/workflows/workflow-security.yml)\n[![Python Dependency Audit](https://github.com/scidsg/hushline/actions/workflows/dependency-security-audit.yml/badge.svg)](https://github.com/scidsg/hushline/actions/workflows/dependency-security-audit.yml)\n[![W3C Validators](https://github.com/scidsg/hushline/actions/workflows/w3c-validators.yml/badge.svg)](https://github.com/scidsg/hushline/actions/workflows/w3c-validators.yml)\n[![Public Record Link Check](https://github.com/scidsg/hushline/actions/workflows/public-record-link-check.yml/badge.svg)](https://github.com/scidsg/hushline/actions/workflows/public-record-link-check.yml)\n[![Docs Screenshots](https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/scidsg/hushline-screenshots/main/badge-docs-screenshots.json)](https://github.com/scidsg/hushline-screenshots/tree/main/releases/latest)\n\n## Why Hush Line\n\nHush Line is built for safety-critical reporting workflows where trust, anonymity, and usability all matter. The project design priorities are:\n\n- Usability of the software\n- Authenticity of the receiver\n- Plausible deniability of the whistleblower\n- Availability of the system\n- Anonymity of the whistleblower\n- Confidentiality and integrity of disclosures\n\n## Core Capabilities\n\n| Area | What Hush Line Provides |\n| ---------------------- | -------------------------------------------------------------------------------------- |\n| Anonymous submissions | No submitter account required for sending disclosures |\n| Encryption | End-to-end encryption workflow with recipient PGP keys, plus server-side fallback path |\n| Receiver trust | Verified account workflow and trusted directory UX |\n| Account security | Password authentication with optional TOTP 2FA |\n| Privacy access | Tor onion support and privacy-preserving defaults |\n| Communication workflow | Message status management, one-way replies, and optional email forwarding modes |\n| Org customization | Branding controls, onboarding guidance, and configurable profile fields |\n| Operational controls | Strong CI checks, migration compatibility testing, and workflow security validation |\n\n## Quickstart (Local)\n\n### 1) Clone and start\n\n```sh\ngit clone https://github.com/scidsg/hushline.git\ncd hushline\nmake serve\n```\n\nOpen \u003chttp://localhost:8080\u003e.\n\nIf you only want to start the current stack without first tearing it down, you can still use `docker compose up` or `make run`.\n\nIf you want a slower, guided setup for a brand-new machine, use the AI-ready prompt in [`docs/LOCAL-CONTRIBUTOR-ONBOARDING-PROMPT.md`](./docs/LOCAL-CONTRIBUTOR-ONBOARDING-PROMPT.md). It walks a new contributor through installing Git, Make, Docker, cloning the repo, starting the stack, and trying the first three local flows.\n\n### 2) Common commands\n\n| Command | Purpose | When to use |\n| ----------------------------------------- | ---------------------------------------- | ------------------------------------------------- |\n| `make serve` | Tear down and rebuild the local stack | Starting fresh or recovering from Docker drift |\n| `make lint` | Run formatting/lint/type checks | Before opening a PR or after code changes |\n| `make test` | Run full test suite with coverage output | Before opening a PR and after behavior changes |\n| `make fix` | Apply formatting/lint autofixes | When lint reports fixable formatting/style issues |\n| `make run` | Start the current local stack | Quick restarts when you do not need a full reset |\n| `make run-full` | Run Stripe-enabled development stack | Testing paid-tier or Stripe-related flows |\n| `docker compose down -v --remove-orphans` | Reset local Docker state | Clearing containers, volumes, and orphaned state |\n\n## Security and Privacy\n\n- Threat model: [`docs/THREAT-MODEL.md`](./docs/THREAT-MODEL.md)\n- Security policy and vulnerability reporting: [`SECURITY.md`](./SECURITY.md)\n- Privacy policy: [`docs/PRIVACY.md`](./docs/PRIVACY.md)\n\nReport security issues through GitHub Security Advisories when possible, or via: \u003chttps://tips.hushline.app/to/hushline-security\u003e.\n\n## Agentic Coding Policy\n\nHush Line uses a risk-based model for agentic software development. Canonical policy: [`docs/AGENTIC-CODE-POLICY.md`](./docs/AGENTIC-CODE-POLICY.md).\n\nQuick summary:\n\n- Human-first is required for high-risk surfaces: funding work, databases/migrations, auth, payments, CI/CD, production infrastructure, and security/privacy boundary changes.\n- AI-first is allowed for low-risk work such as scoped docs/process edits and isolated low-risk implementation tasks with clear rollback.\n- If scope expands into high-risk areas (for example DB/auth/env/security), ownership immediately escalates to human-first.\n- Ownership mode is tracked (`human-first` vs `ai-first`) with a quarterly operating target of roughly 70/30.\n- Approved coding model policy is defined in [`AGENTS.md`](./AGENTS.md). As of 2026-05-11, the minimum approved coding model is `gpt-5.5 high`.\n\n## Contributor Checklist\n\nBefore opening a PR:\n\n1. Read and follow [`AGENTS.md`](./AGENTS.md) (repository policy and safety-critical rules).\n2. Check open Dependabot updates first, then handle applicable dependency/security updates.\n3. Keep diffs minimal and behavior-preserving unless a behavior change is explicitly intended.\n4. Add or update tests for every behavior change.\n5. Run required checks locally:\n - `make lint`\n - `make test`\n6. If behavior-critical paths changed, run CI-style coverage validation:\n\n```sh\ndocker compose run --rm app poetry run pytest --cov hushline --cov-report term-missing -q --skip-local-only\n```\n\n7. Run dependency vulnerability audits:\n\n```sh\nmake audit-python\nmake audit-node-runtime\n```\n\nWhen frontend/runtime dependencies change, also run:\n\n```sh\nmake audit-node-full\n```\n\nIf local audit commands are blocked by network/tooling availability, document that in the PR and wait for a passing `Dependency Security Audit` workflow before merge.\n\n8. Ensure commits are cryptographically signed and verifiable on GitHub.\n\n## Documentation Map\n\n- Docs index: [`docs/README.md`](./docs/README.md)\n- Local contributor onboarding prompt: [`docs/LOCAL-CONTRIBUTOR-ONBOARDING-PROMPT.md`](./docs/LOCAL-CONTRIBUTOR-ONBOARDING-PROMPT.md)\n- Developer notes: [`docs/DEV.md`](./docs/DEV.md)\n- Architecture: [`docs/ARCHITECTURE.md`](./docs/ARCHITECTURE.md)\n- Runner automation: [`docs/AGENT_RUNNER.md`](./docs/AGENT_RUNNER.md)\n- Terms: [`docs/TERMS.md`](./docs/TERMS.md)\n\n## Latest Screenshots\n\n\u003ctable\u003e\n \u003ctr\u003e\n \u003ctd valign=\"bottom\" width=\"73%\"\u003e\n \u003cimg\n src=\"https://raw.githubusercontent.com/scidsg/hushline-screenshots/refs/heads/main/releases/latest/guest/guest-directory-featured-carousel-desktop-light-fold.png\"\n width=\"100%\"\n alt=\"Guest directory screenshot\"\n /\u003e\n \u003c/td\u003e\n \u003ctd valign=\"bottom\" width=\"27%\"\u003e\n \u003cimg\n src=\"https://raw.githubusercontent.com/scidsg/hushline-screenshots/refs/heads/main/releases/latest/newman/auth-newman-onboarding-profile-mobile-light-fold.png\"\n width=\"100%\"\n alt=\"Onboarding screenshot\"\n /\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n\u003c/table\u003e\n\nMore screenshots: \u003chttps://github.com/scidsg/hushline-screenshots/tree/main/releases/latest\u003e\n\n## In the Media\n\n### Privacy Guides\n\n\u003e “After using their platform for the past few weeks, I can comfortably write that Hush Line accomplishes its mission astoundingly well. Not only is customer support excellent for enterprise users, but its integration with PGP encrypted email makes it a lifesaver for a Thunderbird user like me. The ability to receive encrypted notifications via email is honestly an underrated feature.” \n\u003e — [Privacy Guides](https://www.privacyguides.org/posts/2026/01/09/hush-line-review-an-accessible-whistleblowing-platform-for-journalists-and-lawyers-alike/) ([archive](https://web.archive.org/web/20260110024015/https://www.privacyguides.org/posts/2026/01/09/hush-line-review-an-accessible-whistleblowing-platform-for-journalists-and-lawyers-alike/))\n\n### Newsweek\n\n\u003e “Investing in technology that protects privacy—such as Hush Line and Signal—is also important in sharing information that is anonymous, and can't be subpoenaed.” \n\u003e — [Newsweek](https://www.newsweek.com/protecting-free-speech-about-more-letting-content-run-wild-opinion-2012746) ([archive](https://web.archive.org/web/20250111062609/https://www.newsweek.com/protecting-free-speech-about-more-letting-content-run-wild-opinion-2012746))\n\n### TIME\n\n\u003e “Psst’s safe is based on Hush Line... a simpler way for sources to reach out to journalists and lawyers... Micah Lee, an engineer on Hush Line, says that the tool fills a gap in the market for an encrypted yet accessible central clearinghouse for sensitive information.” \n\u003e — [TIME](https://time.com/7208911/psst-whistleblower-collective/) ([archive](https://web.archive.org/web/20250122105330/https://time.com/7208911/psst-whistleblower-collective/))\n\n### Substack\n\n\u003e “New systems in development, such as Hush Line, are the brave new frontier in reporting. Hush Line is a software application that offers a more secure ability to report anonymously.” \n\u003e — [Substack](https://zacharyellison.substack.com/p/part-151-playing-the-whistleblower)\n\n### Podcasts\n\n\u003e “I'm working with a non-profit software company called Hush Line, which is a one-way encrypted anonymizing platform so that whistleblowers can reach out to individual journalists while remaining anonymous...” \n\u003e — [YouTube](https://www.youtube.com/watch?v=pO6q_t0wGGA\u0026t=38m17s)\n\n## Contributing and Conduct\n\nContributors are expected to follow the Code of Conduct: \n\u003chttps://github.com/scidsg/business-resources/blob/main/Policies%20%26%20Procedures/Code%20of%20Conduct.md\u003e\n\n## License\n\nSee [`LICENSE`](./LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fscidsg%2Fhushline","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fscidsg%2Fhushline","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fscidsg%2Fhushline/lists"}