Trust & security

Audit it yourself.

StarkRista sits between your engineer and a switch with privilege 15. It earns your trust the only way that matters — by being short, transparent, and offline.

Local-first

No telemetry. No analytics. No outbound calls to any Stark server, ever. The binary talks to your switch and to you. That's all.

Small surface

~28k lines of Go. One binary, one SQLite file. Read the whole codebase in an afternoon if you want.

Open source

Open-core. The repo is public on GitHub. Pull requests welcome. Forks even more welcome.

Concrete controls

Password storage
bcrypt (cost 12). Plaintext is never written to disk, logs, or memory after hashing. Existing hashes auto-rehash on next login if the cost was raised.
enforced
Sessions
Short-lived JWT, 24-hour expiry. Stored in an HttpOnly, Secure, SameSite=strict cookie. Renewable, not extendable.
enforced
Authorization
Two roles: admin writes, viewer reads. The viewer guard is in middleware — even a UI bug can't let a viewer modify anything.
enforced
Last-admin protection
The last admin in the system cannot be deleted or demoted. There's no "everyone's a viewer" failure mode.
enforced
Outbound calls
There are exactly two: the HTTP listener for the browser, and the eAPI client to the switch. No telemetry. No update check. No analytics.
enforced
CSRF
All state-changing endpoints require a double-submit token. Bound to the session, single-use on the most sensitive routes (user delete, firmware reboot).
enforced
Audit log
Best-effort local log of who did what, when, against which switch. Tamper-evident audit log lives in the Enterprise tier.
basic
SSO / AD / LDAP
Local accounts only in the free tier. SAML / OIDC / LDAP land in Enterprise.
enterprise

Network footprint

Two TCP connections. That's the whole picture.

Browser
your laptop
TCP/8082 ───→
StarkRista
single binary
TCP/443 · eAPI ───→
Arista switch
EOS 4.20+
What we promise
  • Open source. Audit, fork, vendor.
  • No outbound calls to any third party.
  • Bcrypt password hashes, never plaintext.
  • Middleware-enforced viewer-only role.
  • Per-release CHANGELOG entries for security-relevant changes.
  • 72-hour acknowledgment on responsibly disclosed vulnerabilities.
What we don't
  • SOC 2 / ISO 27001 certification (we're a small team).
  • Government / regulated-industry compliance reports.
  • A bug bounty program — yet.
  • Anti-shoulder-surfing, anti-phishing, or other human-factors guarantees.

Found something?

Email us before posting. We acknowledge within 72 hours. Patch turnaround for criticals is usually 1–3 days. We credit you publicly unless you ask us not to.