DSAR monorepo: developer-first Data Subject Access Request engine.

bunx turbo run dev --filter=./examples/kitchen-sink

• examples/kitchen-sink shows the runtime-side auth wiring.

DSAR separates authentication into two runtime lanes:

• Machine access: API keys / bearer tokens for CLI, SDK, automation, and service-to-service calls.
• Trusted host identity: host apps can authenticate the end user first, then project that identity into DSAR with resolveTrustedRequestIdentity.

This keeps end-user login in the host product while DSAR focuses on tenant scoping and route authorization.

See:

• docs/architecture/auth-model.md
• docs/integrations/unkey.md
• docs/api/verification.md

• Join our Discord community
• Open an issue on our GitHub repository
• Visit inth.com and use the chat widget
• Contact our support team via email support@inth.com

• We're open to all community contributions!
• Read our Contribution Guidelines
• Review our Code of Conduct
• Fork the repository
• Create a new branch for your feature
• Submit a pull request
• All contributions, big or small, are welcome and appreciated!

If you believe you have found a security vulnerability in c15t, we encourage you to responsibly disclose this and NOT open a public issue. We will investigate all legitimate reports.

Our preference is that you make use of GitHub's private vulnerability reporting feature to disclose potential security vulnerabilities in our Open Source Software. To do this, please visit https://github.com/inthhq/dsar/security and click the "Report a vulnerability" button.

• Please do not share security vulnerabilities in public forums, issues, or pull requests
• Provide detailed information about the potential vulnerability
• Allow reasonable time for us to address the issue before any public disclosure
• We are committed to addressing security concerns promptly and transparently

Apache License 2.0

Built with 💛 by the inth.com team