v0.1.0 — GitHub Auth & Secure Access Control
This release establishes the core trust and identity layer for GitProfileAI.
GitHub is now the single source of truth for user identity, repository ownership, and access permissions.
🔐 Authentication
- GitHub OAuth via NextAuth.js
- Zero-friction sign-in using GitHub identity
- Automatic user upsert into MongoDB (Atlas)
- Default plan assigned as
free
👤 User Model
Each user is stored with:
- GitHub ID, username, avatar, email
- Plan (
free/pro) - Account creation and last login timestamps
🛡️ Ownership & Access Validation (Critical)
Strict enforcement using GitHub API:
- Public repositories → scannable by anyone
- Private repositories → only owner or authorized collaborators
- Permission checks include:
admin,maintain,write - Private repository scans without permission are explicitly blocked
📄 README Generation Rules
- Public repos → allowed for all users
- Private repos → owner or collaborator only
- All generated READMEs include attribution:
Generated by GitProfileAI
🧑💼 Recruiter / Third-Party Restrictions
Recruiters can:
- Scan public repositories
- View read-only code intelligence
- Generate README previews
Recruiters cannot:
- Scan private repositories
- Trigger paid scans for others
- Export results without attribution
🧠 Why This Matters
This release is about trust, correctness, and abuse prevention.
Every future feature builds on these guarantees.
No shortcuts. No security debt.