Hush Line is an open source whistleblower platform for secure, anonymous, one-way disclosures to journalists, lawyers, and other trusted recipients.

Hosted service: https://tips.hushline.app
Start here: https://hushline.app/library/docs/getting-started/start-here/

Hush Line is built for safety-critical reporting workflows where trust, anonymity, and usability all matter. The project design priorities are:

• Usability of the software
• Authenticity of the receiver
• Plausible deniability of the whistleblower
• Availability of the system
• Anonymity of the whistleblower
• Confidentiality and integrity of disclosures

git clone https://github.com/scidsg/hushline.git
cd hushline
docker compose up

Open http://localhost:8080.

• Threat model: docs/THREAT-MODEL.md
• Security policy and vulnerability reporting: SECURITY.md
• Privacy policy: docs/PRIVACY.md

Report security issues through GitHub Security Advisories when possible, or via: https://tips.hushline.app/to/hushline-security.

Hush Line uses a risk-based model for agentic software development. Canonical policy: docs/AGENTIC-CODE-POLICY.md.

Quick summary:

• Human-first is required for high-risk surfaces: funding work, databases/migrations, auth, payments, CI/CD, production infrastructure, and security/privacy boundary changes.
• AI-first is allowed for low-risk work such as scoped docs/process edits and isolated low-risk implementation tasks with clear rollback.
• If scope expands into high-risk areas (for example DB/auth/env/security), ownership immediately escalates to human-first.
• Ownership mode is tracked (human-first vs ai-first) with a quarterly operating target of roughly 70/30.
• Approved coding model policy is defined in AGENTS.md. As of 2026-02-13, the minimum approved coding model is gpt-5.3-codex high.

Policy discussion thread: https://github.com/orgs/scidsg/discussions/1313

Before opening a PR:

1. Read and follow AGENTS.md (repository policy and safety-critical rules).
2. Check open Dependabot updates first, then handle applicable dependency/security updates.
3. Keep diffs minimal and behavior-preserving unless a behavior change is explicitly intended.
4. Add or update tests for every behavior change.
5. Run required checks locally:
   • make lint
   • make test
6. If behavior-critical paths changed, run CI-style coverage validation:

docker compose run --rm app poetry run pytest --cov hushline --cov-report term-missing -q --skip-local-only

7. Run dependency vulnerability audits:

make audit-python
make audit-node-runtime

When frontend/runtime dependencies change, also run:

make audit-node-full

If local audit commands are blocked by network/tooling availability, document that in the PR and wait for a passing Dependency Security Audit workflow before merge.

8. Ensure commits are cryptographically signed and verifiable on GitHub.

• Docs index: docs/README.md
• Developer notes: docs/DEV.md
• Architecture: docs/ARCHITECTURE.md
• Runner automation: docs/AGENT_RUNNER.md
• Terms: docs/TERMS.md

More screenshots: https://github.com/scidsg/hushline-website/tree/main/src/assets/img/screenshots

• Privacy Guides: https://www.privacyguides.org/posts/2026/01/09/hush-line-review-an-accessible-whistleblowing-platform-for-journalists-and-lawyers-alike/
• Newsweek: https://www.newsweek.com/protecting-free-speech-about-more-letting-content-run-wild-opinion-2012746
• TIME: https://time.com/7208911/psst-whistleblower-collective/
• Around the Bend podcast: https://www.youtube.com/watch?v=pO6q_t0wGGA&t=38m17s

Contributors are expected to follow the Code of Conduct:
https://github.com/scidsg/business-resources/blob/main/Policies%20%26%20Procedures/Code%20of%20Conduct.md

See LICENSE.