what bevel does with your stuff.

bevel is one loop, on repeat:

watch    posthog + github + vercel + the public web
decide   up to 3 tickets per scan. ceiling, not quota.
         every rec gated and verified before you see it.
hand     the move, ready to use: leads, a draft, copy,
         or a claude code prompt. whatever the ticket needs.
track    did the number move? checked on a later scan.

everything below is the fine print on that loop. it stays boring on purpose.

1 · what bevel reads

posthog

you paste a personal api key (you create it, read-only) and a project id. bevel finds your cloud region (us or eu) and then runs queries against posthog's query api. the queries: a 30-day overview (event count, unique users, sessions), top pages, top events, daily active users, high exit-rate pages, feature request and feedback events, error spikes, survey and nps responses. it filters out localhost traffic so your own dev clicks don't pollute the read.

the scanner is one file, src/lib/scanners/posthog.ts, and every call in it is a query. there is no code path that writes to posthog.

github

you create a classic personal access token with reposcope, labeled “bevel access” so it's easy to find in your token list and revoke in one click. bevel reads: repo metadata, the file tree, key files like README and package.json, current file contents on demand (capped at 60KB per read), the last 10 commits, open PRs with their age (flagged stale at 7 days), and the latest ci run.

straight talk: github's classic repo scope is read/write. there is no read-only classic scope. so the guarantee is behavior, not token math. the only call that writes is create_github_issue in src/lib/agent/tools/ship.ts, and it fires only when you explicitly say ship. it opens an issue labeled bevel with the claude code prompt in the body. no pushed commits, no opened PRs, no edited files, ever. if you want the token itself locked down, use a fine-grained token with read-only contents on one repo. everything works except issue creation.

vercel

you paste a token (read-only is fine) and pick the project. bevel polls the rest api for the last 20 deploys: succeeded vs failed, the error lines from the most recent failed build, build durations, and what's live in production right now. no webhooks, no writes. src/lib/scanners/vercel.ts.

the public web

bevel also reads public pages while reasoning: your landing page, reddit and hacker news mentions of your product. nothing to grant here.

2 · what bevel stores

• signals. short summaries the scanners produce, shaped like [drop-off] "/pricing" has 71% exit rate. not raw event streams, not your users' profiles.
• memory.what you shipped, skipped, and dismissed, plus a product summary inferred from your repo at connect time (what already exists, so recs don't pitch features you already built).
• your tokens. encrypted with a key held separate from the database.

purge windows, same numbers as /privacy: disconnect a source and bevel stops pulling immediately and purges that source's cached data within 7 days. delete your account and everything is purged within 30 days, including backups. want your data out first? email victor and you get a JSON export within a week.

3 · the model layer

claude, running on aws bedrock. your prompt and the relevant slice of your source data go to bedrock for inference and come back. aws does not use bedrock inference data to train models. neither do we: recommendations are generated on demand from your data and discarded server-side after the response.

4 · what bevel will never do

• sell your data, or run ad targeting against it.
• train models on it. ours or anyone else's.
• write to your repo unasked. the one write is an issue, on your word.
• email your users. bevel has no path to contact them. the only outbound email in the codebase is the feedback note you send victor.
• fake traction. bevel has zero users today. no logo wall because there are no logos. you'd be early, and you'd have victor's full attention. that's the trade.

5 · how a scan works

• every 12 hours a watcher wakes your workspace and pulls what changed: posthog numbers, new commits and PRs, deploy results, fresh public mentions.
• the agent reasons over the deltas. every candidate finding runs gates: dedup against everything it already told you (including tickets you dismissed), a fabricated-metrics check, and a second model whose whole job is to kill weak recs.
• up to 3 tickets land. that's a ceiling, not a quota. a week where nothing changed produces zero tickets, and that's correct behavior.
• each ticket carries evidence, one line of dissent (“would change my mind: ...”), and the thing that executes it: named leads, a drafted message, the copy, or a claude code prompt, depending on the move. you do it, bevel snapshots a baseline and checks whether the number moved on a later scan.

6 · what it costs

nothing during beta. soft caps keep our model bill sane: 100 manual scans and 5,000 chats a month. the 12h watcher runs regardless. hit a cap, email victor@bevel.sh and we'll bump your limits. details on /pricing.

still skeptical? good. email victor@bevel.sh with the hard questions and he'll show you the code.