I wrote up the architectural decisions behind SaneApps — specifically how I ensured nothing phones home, even in SaneSales which needs to connect to Stripe/Gumroad/LemonSqueezy APIs.
The interesting constraint: all API calls happen from the user's machine directly, never proxied through my servers. This was harder than it sounds — it required careful entitlement management and a specific sandboxing approach.
Post covers:
- Sandboxing decisions and network entitlement tradeoffs
- How to architect for zero server-side data
- How to verify it yourself via the public code on GitHub
kristianp•1h ago
This is a link to your website home page, not the article implied by the title. You should change the title to start with "Show HN:". See guidelines at https://news.ycombinator.com/showhn.html
SaneApps•2h ago
The interesting constraint: all API calls happen from the user's machine directly, never proxied through my servers. This was harder than it sounds — it required careful entitlement management and a specific sandboxing approach.
Post covers: - Sandboxing decisions and network entitlement tradeoffs - How to architect for zero server-side data - How to verify it yourself via the public code on GitHub