Local & Offline Execution
Mustel runs entirely on your local machine. When you run commands such as mustel review, the analysis, linting (Ruff), security scanning (Bandit), and codebase structure parsing happen entirely in your local terminal or editor process. No source code files, text blocks, tokens, or abstract syntax trees are ever uploaded to, cached on, or processed by remote servers.
Telemetry & Analytics
Mustel does not collect telemetry, usage metrics, or error tracking data. We do not track which commands you run, the size of your repositories, the packages scanned, or the IDE configurations configured via the bootstrap system. Your usage remains fully private and offline.
Third-Party Dependency Checks
When Mustel runs in **Audit Mode** (either through the --audit flag or automatically in CI pipelines), it invokes pip-audit. The dependency check queries public vulnerability databases (such as OSV.dev) to audit package versions. During this check:
- Only package names and version numbers are transmitted to look up active CVEs.
- No actual codebase files, function definitions, or application logic are sent.
- No personal identifiers, accounts, or developer metadata are transmitted.
Open Source Sovereignty
The entirety of Mustel is open source under the MIT License. You have complete transparency to audit the underlying Python package source code to verify that no tracking, analytics hooks, or network telemetry have been added.
Contact Information
If you have any questions or feedback regarding our privacy philosophy, please contact the maintainers at mustel.oss@gmail.com.
