dirigence/fermata
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs(export): rework all export READMEs

Browse Source 
- fermata: position as security layer, add policy protection layers SVG,
  update walk-up docs to match code change
- dirigate: clarify Dirigent Protocol as ACP superset with parity goal
- anth: tools-first structure (anth_usage then anth_bear), library second
- dirigent: link to tool repos instead of install instructions, add
  architecture SVG, under-construction notice
- purge all localsettings references from examples

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Gabor Körber
2026-05-08 23:37:21 +02:00
parent fd2482e3e6
commit 424e6814fd
1 changed files with 9 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+9 -9
View File
@@ -8,7 +8,7 @@ Drop a `.botignore` file in your project root. Fermata reads it and blocks your
.env .env
.env.* .env.*
secrets/** secrets/**
conf/localsettings.yaml conf/settings.local.yaml
``` ```
That's all it takes. That's all it takes.
@@ -90,8 +90,8 @@ Create a `.botignore` at your project root. Gitignore syntax. Blocks both reads
secrets/** secrets/**
# Local config overrides # Local config overrides
conf/localsettings.yaml conf/settings.local.yaml
conf/localtestsettings.yaml conf/settings.test.yaml
# Generated files — let the tools rebuild them, not patch them # Generated files — let the tools rebuild them, not patch them
dist/** dist/**
@@ -107,7 +107,7 @@ For cases where `.botignore`'s uniform read+write block isn't granular enough:
```toml ```toml
[read] [read]
# Block reading secrets outright # Block reading secrets outright
patterns = [".env*", "secrets/**", "conf/localsettings.yaml"] patterns = [".env*", "secrets/**", "conf/settings.local.yaml"]
[write] [write]
# Allow reading vendor code but block patching it # Allow reading vendor code but block patching it
@@ -156,12 +156,12 @@ When Claude attempts a `Read(.env)`, `Write(vendor/foo.js)`, or `Bash(rm ./secre
## Real-world scenario ## Real-world scenario
A project has `.env`, `conf/localsettings.yaml`, and a `vendor/` tree it doesn't want patched. With `.botignore`: A project has `.env`, `conf/settings.local.yaml`, and a `vendor/` tree it doesn't want patched. With `.botignore`:
```gitignore ```gitignore
.env .env
.env.* .env.*
conf/localsettings.yaml conf/settings.local.yaml
vendor/** vendor/**
``` ```
@@ -169,8 +169,8 @@ Claude attempts to read credentials:
``` ```
Tool: Read Tool: Read
Path: ./conf/localsettings.yaml Path: ./conf/settings.local.yaml
Decision: BLOCK — matched rule "conf/localsettings.yaml" (.botignore) Decision: BLOCK — matched rule "conf/settings.local.yaml" (.botignore)
``` ```
Claude attempts to read application code: Claude attempts to read application code:
@@ -186,7 +186,7 @@ Claude attempts to run `cat .env` via bash — which would bypass a path-only ch
```toml ```toml
# botignore.toml # botignore.toml
[bash] [bash]
deny = ["cat .env*", "cat conf/localsettings*"] deny = ["cat .env*", "cat conf/settings.local*"]
``` ```
``` ```