From 424e6814fd04025326f58bbf039127b40ec0db56 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gabor=20K=C3=B6rber?= Date: Fri, 8 May 2026 23:37:21 +0200 Subject: [PATCH] docs(export): rework all export READMEs - fermata: position as security layer, add policy protection layers SVG, update walk-up docs to match code change - dirigate: clarify Dirigent Protocol as ACP superset with parity goal - anth: tools-first structure (anth_usage then anth_bear), library second - dirigent: link to tool repos instead of install instructions, add architecture SVG, under-construction notice - purge all localsettings references from examples Co-Authored-By: Claude Opus 4.6 (1M context) --- README.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 7dc4df3..ae03652 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ Drop a `.botignore` file in your project root. Fermata reads it and blocks your .env .env.* secrets/** -conf/localsettings.yaml +conf/settings.local.yaml ``` That's all it takes. @@ -90,8 +90,8 @@ Create a `.botignore` at your project root. Gitignore syntax. Blocks both reads secrets/** # Local config overrides -conf/localsettings.yaml -conf/localtestsettings.yaml +conf/settings.local.yaml +conf/settings.test.yaml # Generated files — let the tools rebuild them, not patch them dist/** @@ -107,7 +107,7 @@ For cases where `.botignore`'s uniform read+write block isn't granular enough: ```toml [read] # Block reading secrets outright -patterns = [".env*", "secrets/**", "conf/localsettings.yaml"] +patterns = [".env*", "secrets/**", "conf/settings.local.yaml"] [write] # Allow reading vendor code but block patching it @@ -156,12 +156,12 @@ When Claude attempts a `Read(.env)`, `Write(vendor/foo.js)`, or `Bash(rm ./secre ## Real-world scenario -A project has `.env`, `conf/localsettings.yaml`, and a `vendor/` tree it doesn't want patched. With `.botignore`: +A project has `.env`, `conf/settings.local.yaml`, and a `vendor/` tree it doesn't want patched. With `.botignore`: ```gitignore .env .env.* -conf/localsettings.yaml +conf/settings.local.yaml vendor/** ``` @@ -169,8 +169,8 @@ Claude attempts to read credentials: ``` Tool: Read -Path: ./conf/localsettings.yaml -Decision: BLOCK — matched rule "conf/localsettings.yaml" (.botignore) +Path: ./conf/settings.local.yaml +Decision: BLOCK — matched rule "conf/settings.local.yaml" (.botignore) ``` Claude attempts to read application code: @@ -186,7 +186,7 @@ Claude attempts to run `cat .env` via bash — which would bypass a path-only ch ```toml # botignore.toml [bash] -deny = ["cat .env*", "cat conf/localsettings*"] +deny = ["cat .env*", "cat conf/settings.local*"] ``` ```