Security

Pharaoh is hosted infrastructure — no packages on developer machines, no transitive dependencies to audit, no supply chain attack surface. If Pharaoh gets a vulnerability, we remediate server-side. You do nothing.

No source code stored

The knowledge graph contains function names, file paths, dependency edges, complexity scores, export signatures, and function body hashes. Source code is read during parsing, used to generate the graph in memory, then discarded.

The graph is a table of contents, not the book.

Read-only GitHub access

Pharaoh cannot write to your repository, push commits, or modify code. The GitHub App requests repository contents (read) and metadata (read). No write access. Ever.

Per-tenant isolation

Dual-layer defense protects tenant data:

Cypher repo-anchoring: Every Neo4j query starts from a repo node owned by the requesting tenant. Queries cannot traverse to repos belonging to other tenants. CI enforces this — every new query is automatically tested for isolation violations.
Application-level ownership checks: Before every tool call, Pharaoh validates that the requested repo belongs to the tenant's Postgres tenant_repos records. This check runs independently of the graph query.

Both layers must fail for cross-tenant data access. All tenants share one database — isolation is enforced entirely at the application layer, verified by CI on every push.

Encrypted at rest

GitHub tokens and sensitive graph properties (function signatures, JSDoc, API routes) are encrypted with AES-256-GCM using HKDF per-tenant derived keys. Each token uses a unique random initialization vector. Compromising one tenant's key does not expose others.

GitHub-based access control

Remove someone from your GitHub org and their Pharaoh access revokes within minutes. No API tokens to rotate, no credentials on developer machines. Org membership is re-verified on every token refresh.

Session cache TTL is 5 minutes. Tenant suspension is immediate — all cached sessions are evicted instantly.

Open source parser

The parser that reads your code is fully auditable. You can verify exactly what structural metadata gets extracted before installing the GitHub App.

Account deletion

Uninstall the GitHub App or delete your account: knowledge graph deleted, encrypted tokens destroyed, audit logs retained 90 days then purged. No lock-in.

PreviousHow Pharaoh Works NextPricing

Last updated 3 days ago

Good afternoon

hashtagNo source code stored

hashtagRead-only GitHub access

hashtagPer-tenant isolation

hashtagEncrypted at rest

hashtagGitHub-based access control

hashtagOpen source parser

hashtagAccount deletion