Tipbar

Trust

Everything here is checkable. That is the point.

Most apps ask you to trust them. This one is built so you do not have to. Below are the claims we make, each with the artifact that proves it, exactly what leaves your machine, the commands to verify the app yourself, the lines we will never cross, and a $500 bounty if you can prove us wrong about the biggest one.

The three proofs

01

Safe app

The app will be open source at launch, and every release will be signed with an Apple Developer ID and notarized by Apple. You will be able to read the whole client, build it yourself, and confirm the binary you downloaded is the one we published.

02

Safe integration

We never patch, wrap, or inject into your agent. We read each agent through its own vendor-documented lifecycle hooks and render only in our own menu bar. The proof is a public, reproducible git diff showing zero bytes changed.

03

Safe ads

Every advertiser is vetted by a human, and every ad link passes an open-source safety scanner before it can serve, then gets re-scanned continuously. You can audit the scanner and the policy.

What leaves your machine

This table is exact and complete. If something is not in the Sends column, we do not send it.

DirectionItemDetail
SENDSAgent stateThe normalized activity signal only: thinking / running_tool / awaiting_input / idle.
SENDSAd-slot IDWhich sponsor slot rendered, so we can serve and count it.
SENDSCoarse targeting bucketLow-resolution buckets computed on your machine (agent type, broad stack category, coarse geo, daypart). Buckets, never raw values.
SENDSClick eventsThat a labeled sponsor line was clicked, plus dedupe metadata, so the advertiser is billed and you are credited.
NEVERRepository namesNever transmitted.
NEVERFile pathsNever transmitted.
NEVERYour codeNever transmitted, in whole or in part.
NEVERPrompts or agent outputNever read, never transmitted.
NEVERAuth tokens or credentialsNever accessed, stored, or routed. For any vendor.

The coarse targeting bucket is deliberately lossy: bucketing happens locally and only the bucket leaves, so targeting never requires, or receives, your actual file contents, repo names, or dependency lists.

Verify it yourself

Copy-paste these against a shipped release. Values in <angle brackets> are filled in for each release and published on the release page.

Confirm the app is signed by our Developer ID

codesign --verify --deep --strict --verbose=2 /Applications/Tipbar.app
codesign -dvvv /Applications/Tipbar.app 2>&1 | grep "TeamIdentifier"
# expected: TeamIdentifier=<TEAM_ID>

Confirm Gatekeeper accepts it (notarization)

spctl -a -vvv -t install /Applications/Tipbar.app
# expected: accepted
#           source=Notarized Developer ID

Confirm the download matches the published hash

shasum -a 256 ~/Downloads/Tipbar-<version>.dmg
# expected: <SHA_256_HASH>  Tipbar-<version>.dmg

Pending the first notarized release

The signing identity, Apple Team ID, and release SHA-256 are published here the moment the notarized build ships.

Apple Team ID
<TEAM_ID> · pending
Latest release SHA-256
<SHA_256_HASH> · pending
Signing identity
Developer ID Application: <NAME> (<TEAM_ID>) · pending

What we will never do

Seven red lines. Breaking any one of them means we have failed at the one thing this product is for.

  1. 01

    We will never touch your auth or tokens.

    No vendor's credentials are ever accessed, stored, or routed through us.

  2. 02

    We will never call the model.

    We do not run inference, proxy your API calls, or sit between you and your agent.

  3. 03

    We will never modify, patch, wrap, or weaken your agent.

    No edits to any agent's binary or files, and never any change to its security settings or CSP.

  4. 04

    We will never render outside our own menu bar.

    No ads in a terminal, spinner, status line, editor, or webview. Only in our own surface.

  5. 05

    We will never ship an unsigned binary or a silent update.

    Every release will be signed and notarized, and is always something you choose to install.

  6. 06

    We will never trade on a vendor's name.

    No agent's trademark in our brand, and never any implied endorsement or affiliation.

  7. 07

    We will never serve an ad we have not screened.

    Every advertiser is vetted and every link is scanned before it can reach you.

If we ever break this pact, you can uninstall in one click. We will have failed, in public.

The bounty

$500

The “0 lines modified” bounty

We claim the app modifies zero lines of any AI coding agent it integrates with. We are putting $500 on it.

What counts as a win

  • Any byte changed in an agent's own binary, bundle, or vendor-installed files, caused by installing or running our app.
  • Any weakening of an agent's security posture (for example a CSP relaxed) caused by our app.
  • Any hook or config we add outside the agent's own documented hook mechanism, or without showing it in the installer's change-preview.

What does not count (by design)

  • The documented hook-config entry the installer adds with your consent and shows you first. One-click revert removes it cleanly.
  • Changes to our own app's files, config, or state.
  • Files you or another tool modified independently of our app.
  • Behavior on an agent version we do not yet support, or a build you patched yourself.

To claim: open a public issue on the client repo titled bounty: with the agent and version, exact reproduction steps from a clean machine, and the diff or evidence of the agent-owned change. We reproduce it; if it holds, we pay $500, fix it, and say so publicly. We post confirmed and rejected claims openly either way, so the bounty itself stays honest.

Reproduce the zero-diff proof

The report below is machine-generated. It runs the installer in a throwaway sandbox home, diffs every agent config before and after, then reverts and confirms the bytes are identical. It exits non-zero if anything outside the documented write surface changes, so the proof doubles as a regression test.

Run it yourself

# the client repo is public at launch; these run against it then
git clone https://github.com/angelo-swe/tipbar && cd tipbar
bash scripts/zero-diff-proof.sh

Publishes with the repo at launch

The full PROOF.md renders here verbatim when the client repo goes public at launch, alongside the source that produces it. Until then, the report ships inside the repository so you can run bash scripts/zero-diff-proof.sh and reproduce it byte-for-byte the moment the code is in your hands.