Trust
Everything here is checkable. That is the point.
Most apps ask you to trust them. This one is built so you do not have to. Below are the claims we make, each with the artifact that proves it, exactly what leaves your machine, the commands to verify the app yourself, the lines we will never cross, and a $500 bounty if you can prove us wrong about the biggest one.
The three proofs
Safe app
The app will be open source at launch, and every release will be signed with an Apple Developer ID and notarized by Apple. You will be able to read the whole client, build it yourself, and confirm the binary you downloaded is the one we published.
Safe integration
We never patch, wrap, or inject into your agent. We read each agent through its own vendor-documented lifecycle hooks and render only in our own menu bar. The proof is a public, reproducible git diff showing zero bytes changed.
Safe ads
Every advertiser is vetted by a human, and every ad link passes an open-source safety scanner before it can serve, then gets re-scanned continuously. You can audit the scanner and the policy.
What leaves your machine
This table is exact and complete. If something is not in the Sends column, we do not send it.
| Direction | Item | Detail |
|---|---|---|
| SENDS | Agent state | The normalized activity signal only: thinking / running_tool / awaiting_input / idle. |
| SENDS | Ad-slot ID | Which sponsor slot rendered, so we can serve and count it. |
| SENDS | Coarse targeting bucket | Low-resolution buckets computed on your machine (agent type, broad stack category, coarse geo, daypart). Buckets, never raw values. |
| SENDS | Click events | That a labeled sponsor line was clicked, plus dedupe metadata, so the advertiser is billed and you are credited. |
| NEVER | Repository names | Never transmitted. |
| NEVER | File paths | Never transmitted. |
| NEVER | Your code | Never transmitted, in whole or in part. |
| NEVER | Prompts or agent output | Never read, never transmitted. |
| NEVER | Auth tokens or credentials | Never accessed, stored, or routed. For any vendor. |
The coarse targeting bucket is deliberately lossy: bucketing happens locally and only the bucket leaves, so targeting never requires, or receives, your actual file contents, repo names, or dependency lists.
Verify it yourself
Copy-paste these against a shipped release. Values in <angle brackets> are filled in for each release and published on the release page.
Confirm the app is signed by our Developer ID
codesign --verify --deep --strict --verbose=2 /Applications/Tipbar.app codesign -dvvv /Applications/Tipbar.app 2>&1 | grep "TeamIdentifier" # expected: TeamIdentifier=<TEAM_ID>
Confirm Gatekeeper accepts it (notarization)
spctl -a -vvv -t install /Applications/Tipbar.app # expected: accepted # source=Notarized Developer ID
Confirm the download matches the published hash
shasum -a 256 ~/Downloads/Tipbar-<version>.dmg # expected: <SHA_256_HASH> Tipbar-<version>.dmg
Pending the first notarized release
The signing identity, Apple Team ID, and release SHA-256 are published here the moment the notarized build ships.
- Apple Team ID
- <TEAM_ID> · pending
- Latest release SHA-256
- <SHA_256_HASH> · pending
- Signing identity
- Developer ID Application: <NAME> (<TEAM_ID>) · pending
What we will never do
Seven red lines. Breaking any one of them means we have failed at the one thing this product is for.
- 01
We will never touch your auth or tokens.
No vendor's credentials are ever accessed, stored, or routed through us.
- 02
We will never call the model.
We do not run inference, proxy your API calls, or sit between you and your agent.
- 03
We will never modify, patch, wrap, or weaken your agent.
No edits to any agent's binary or files, and never any change to its security settings or CSP.
- 04
We will never render outside our own menu bar.
No ads in a terminal, spinner, status line, editor, or webview. Only in our own surface.
- 05
We will never ship an unsigned binary or a silent update.
Every release will be signed and notarized, and is always something you choose to install.
- 06
We will never trade on a vendor's name.
No agent's trademark in our brand, and never any implied endorsement or affiliation.
- 07
We will never serve an ad we have not screened.
Every advertiser is vetted and every link is scanned before it can reach you.
If we ever break this pact, you can uninstall in one click. We will have failed, in public.
The bounty
$500
The “0 lines modified” bounty
We claim the app modifies zero lines of any AI coding agent it integrates with. We are putting $500 on it.
What counts as a win
- Any byte changed in an agent's own binary, bundle, or vendor-installed files, caused by installing or running our app.
- Any weakening of an agent's security posture (for example a CSP relaxed) caused by our app.
- Any hook or config we add outside the agent's own documented hook mechanism, or without showing it in the installer's change-preview.
What does not count (by design)
- The documented hook-config entry the installer adds with your consent and shows you first. One-click revert removes it cleanly.
- Changes to our own app's files, config, or state.
- Files you or another tool modified independently of our app.
- Behavior on an agent version we do not yet support, or a build you patched yourself.
To claim: open a public issue on the client repo titled bounty: with the agent and version, exact reproduction steps from a clean machine, and the diff or evidence of the agent-owned change. We reproduce it; if it holds, we pay $500, fix it, and say so publicly. We post confirmed and rejected claims openly either way, so the bounty itself stays honest.
Reproduce the zero-diff proof
The report below is machine-generated. It runs the installer in a throwaway sandbox home, diffs every agent config before and after, then reverts and confirms the bytes are identical. It exits non-zero if anything outside the documented write surface changes, so the proof doubles as a regression test.
Run it yourself
# the client repo is public at launch; these run against it then git clone https://github.com/angelo-swe/tipbar && cd tipbar bash scripts/zero-diff-proof.sh
Publishes with the repo at launch
The full PROOF.md renders here verbatim when the client repo goes public at launch, alongside the source that produces it. Until then, the report ships inside the repository so you can run bash scripts/zero-diff-proof.sh and reproduce it byte-for-byte the moment the code is in your hands.