← GCU
Accountable mark

Accountable

Consented, scoped, credential-less cross-origin fetch for your GCU web apps. You decide which sites may reach which hosts — and nothing ever leaves your device.

Install GitHub Privacy

GCU tools want to fetch arbitrary URLs — feeds, datasets, raw files, a local AI model — that the browser's same-origin policy blocks. The usual workarounds each leak trust: public CORS proxies see your traffic, extensions with blanket <all_urls> hold ambient power, native shells are heavy. Accountable takes the middle path — a fetch broker where access is granted per-site, every request is credential-less, private-network targets are blocked by default, and there is no server to send anything to.

How it works

You grant, per site
A site you allow may broker credential-less GETs to any public host. Writes, WebSocket, and localhost need an explicit per-host yes — surfaced as pending requests you approve in context, never pre-armed.
Two gates, both yours
The browser host permission is optional and granted once at runtime — never on install. On top of it sits your per-site grant store. Even with the permission, nothing fetches until a site you allowed asks it to.
Nothing leaves your device
No servers, no accounts, no telemetry. Grants and the response cache live in your browser; the activity log is off by default. Every fetch drops your cookies and is checked against an SSRF / private-range guard.

What you see

The Accountable popup: a reads toggle and pending grant requests for the current site
the popup — grant reads, approve pending requests
The Accountable options page: network access, granted sites with read/write/local chips
options — manage every site & grant

Install

  1. git clone https://github.com/gentropic/accountable (or download the folder).
  2. Open chrome://extensions, toggle Developer mode, click Load unpacked, select the folder.
  3. Visit a GCU page, click the Accountable toolbar icon, and turn on Allow reads — that's the one host-permission prompt.

Chrome / Edge / Brave. Store listings coming soon. Works wherever weir, auditable, and the other GCU tools run.

Privacy, in one line

Accountable collects nothing. No servers, no accounts, no tracking — everything it remembers lives only in your own browser. Read the full privacy policy →