WhyC · Stealth Edition
E2E by default local-first v0.4 · Arize track

While they hire, we leak we ship — privately.

Drop a stealth YC URL. WhyC extracts the spec, generates a working Next.js preview, and self-improves on Phoenix traces — without sending your input to anyone you didn't authorize. The roast is public. The artifact is yours alone.

Spec encrypted (XChaCha20-Poly1305) Cloud Run preview · ephemeral 24h Phoenix Cloud sends traces externally — opt-out below No retention beyond run-id
Stealth Mode ON For unlaunched / pre-Demo-Day YC submissions. Hardens every stage of the pipeline.
Input scrubbing Company name, founder names, and YC batch tag stripped from prompts before they reach Gemini. Replaced with synthetic tokens.
No-train flags Gemini ADK called with disableDataLogging=true. Cloud Run logs scoped to run-id only.
Ephemeral artifacts Preview URL signed for 24h, then revoked. Container image deleted from Artifact Registry on TTL expiry.

1 · Submit · client-side encrypted

URL hashed in your browser via SubtleCrypto · only the cipher leaves this tab.
data residency · us-central1 (single region)
Spec stays in your project. No cross-region replication. No backups.
pinned

2 · Pipeline · per-stage trust labels

Spec extract · Gemini ADKScrubbed prompt; no PII; vendor: Google (DPA signed).
trusted · no-train
Codegen · Agent BuilderOutputs Next.js source & design tokens, in your VPC-SC perimeter.
trusted
Deploy · Cloud Run (private)Signed URL · 24h TTL · ingress: internal-and-cloud-load-balancing.
trusted · ephemeral
Phoenix MCP · trace + judgeDefault: Phoenix Cloud (external). Switch to self-hosted below to keep traces in-region.
external by default

3 · Trace export · what leaves your project

span.name whyc.spec.extract span.kind LLM attributes: input.value [REDACTED · 412 bytes] // scrubbed before export input.hash sha256:0x9c4e…b71 // receipt only company.name [REDACTED] // stealth-mode rule #1 founder.email [REDACTED] // stealth-mode rule #2 spec.shape { pages:3, apis:2, persona:"…" } // shape only, no values judge.score 0.71 judge.notes "hero copy generic; CTA spec-fit low" model.name gemini-2.x-pro model.dataLogging false events: - redaction.applied { rules: ["yc.batch","founder.pii","company.dn"] }

Self-hosted Phoenix · keep traces in your region

Ephemeral preview · auto-revokes

https://whyc-prv-7g3k.run.app signed v4 url · ingress: private · image: deleted at T+24h
23:47:12 until URL revoke

Receipts & proofs

Run manifestJSON of every redaction rule + key fingerprint, signed by run-id.
download
Deletion attestationIssued at T+24h · proof Cloud Run image & logs are gone.
auto
Spec-fit log (k-anonymized)Score progression 71→84→92→96 · no input values stored.
k=5

Threat model · plain English