Security
PlainHub's technical security. Authentication, data protection, and code integrity verification.
Security
✓ No server-side data storage
PlainHub has no proprietary backend server. All file operations happen directly between GitHub and your browser. Communication is strictly between the GitHub API and your browser.
✓ Credentials stored locally only
- Web UI: Secure sign-in via GitHub's official OAuth flow (token stored in browser localStorage)
- CLI / MCP Server: Stored locally at
~/.config/plainhub/token(permission 0600, owner read/write only)
✓ Code integrity verification
Verify that the running code matches the GitHub repository using SHA-256 hashes. Confirm that no tampering has occurred.
PWA Support
- Offline support — Offline operation via Service Worker
- Add to home screen — Install as an app on mobile or desktop
- Native app feel — Runs without the browser address bar
Supported Browsers
| Browser | Supported version |
|---|---|
| Chrome | 90+ |
| Firefox | 88+ |
| Safari | 14+ |
| Edge | 90+ |