Source Code & Cryptography

Overview

NetStacks takes an “auditable security, proprietary application” approach. The cryptography that protects your credentials and sessions — the part that matters most for trust — is fully open source and can be reviewed by anyone. The NetStacks application itself (the Terminal, Local Agent, and Controller) is proprietary software.

NetStacks Professional is free during the public beta ($19/month or $199/year afterward). Most users simply download a signed installer from the download page. The application source is available to qualified customers under a non-disclosure agreement — see Application Source below.

Open-Source Cryptography

The same cryptography is used in every NetStacks edition — Professional and the Enterprise Controller alike. It is published as a standalone, independently auditable library:

• github.com/netstacks/netstacks-crypto — the AES-256-GCM + Argon2id credential-vault and session-protection primitives. This is the authoritative, public implementation; the license that governs it is stated in that repository.

Nothing about the credential vault's confidentiality depends on code you cannot see: the encryption, key derivation, and envelope format are all in this repository.

Reviewing & Verifying the Crypto

You can clone the cryptography library, read it, and run its test and vector suite yourself:

# Rust toolchain
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh

# Clone and test the open-source crypto
git clone https://github.com/netstacks/netstacks-crypto.git
cd netstacks-crypto
cargo test          # unit tests + known-answer vectors
cargo doc --open    # browse the API and envelope format

Contributing to the Crypto

Contributions and review of the open-source cryptography are welcome. See the repository's CONTRIBUTING.md. Briefly:

• All commits must be DCO sign-off-ed (git commit -s).
• PRs must include tests and pass CI.
• Security findings go privately to security@netstacks.net, not into a public issue. See the repo's SECURITY.md for the disclosure timeline.

Application Source (Under NDA)

The NetStacks application source is proprietary and is not public. It is available to qualified customers under a non-disclosure agreement. This includes:

• NetStacks Professional — the Terminal desktop application and the Local Agent (SSH, the credential vault, session recordings, SFTP).
• NetStacks Controller — the server-side platform for teams (shared credential vaults, templates, stack deployments, RBAC, SSO, audit logging).
• The first-party plugins — alerts, incidents, and profiling-agents, which run inside the Controller.

To request application source access under NDA, or for Controller licensing, contact us. See the pricing page for the edition split.

Q&A

Q: Why do you ask me to sign in before downloading?

A: We use a $0 Stripe checkout to email you a download link and to keep an aggregate count of who has the software. During the public beta there is no card capture and no charge.

Q: Is the application open source?

A: No. The application (Terminal, Local Agent, and Controller) is proprietary. The cryptography that protects your credentials and sessions is open source and independently auditable at github.com/netstacks/netstacks-crypto.

Q: Can I get the application source?

A: Yes, under NDA, for qualified customers. Contact us to start that process.

Q: Can I run a Controller from source?

A: The Controller is a proprietary product. Contact sales for Controller licensing; source access is under NDA.

Q: How do I report a bug?

A: For a cryptography bug, open an issue on the netstacks-crypto issue tracker with a minimal reproducer. For application bugs, use the contact form.