dirigence/fermata
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs(export): rework all export READMEs

Browse Source 
- fermata: position as security layer, add policy protection layers SVG,
  update walk-up docs to match code change
- dirigate: clarify Dirigent Protocol as ACP superset with parity goal
- anth: tools-first structure (anth_usage then anth_bear), library second
- dirigent: link to tool repos instead of install instructions, add
  architecture SVG, under-construction notice
- purge all localsettings references from examples

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Gabor Körber
2026-05-08 23:37:21 +02:00
parent fd2482e3e6
commit 424e6814fd
1 changed files with 9 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+9 -9
View File
@@ -8,7 +8,7 @@ Drop a `.botignore` file in your project root. Fermata reads it and blocks your
.env
.env.*
secrets/**
conf/localsettings.yaml
conf/settings.local.yaml
```
That's all it takes.
@@ -90,8 +90,8 @@ Create a `.botignore` at your project root. Gitignore syntax. Blocks both reads
secrets/**
# Local config overrides
conf/localsettings.yaml
conf/localtestsettings.yaml
conf/settings.local.yaml
conf/settings.test.yaml
# Generated files — let the tools rebuild them, not patch them
dist/**
@@ -107,7 +107,7 @@ For cases where `.botignore`'s uniform read+write block isn't granular enough:
```toml
[read]
# Block reading secrets outright
patterns = [".env*", "secrets/**", "conf/localsettings.yaml"]
patterns = [".env*", "secrets/**", "conf/settings.local.yaml"]
[write]
# Allow reading vendor code but block patching it
@@ -156,12 +156,12 @@ When Claude attempts a `Read(.env)`, `Write(vendor/foo.js)`, or `Bash(rm ./secre
## Real-world scenario
A project has `.env`, `conf/localsettings.yaml`, and a `vendor/` tree it doesn't want patched. With `.botignore`:
A project has `.env`, `conf/settings.local.yaml`, and a `vendor/` tree it doesn't want patched. With `.botignore`:
```gitignore
.env
.env.*
conf/localsettings.yaml
conf/settings.local.yaml
vendor/**
```
@@ -169,8 +169,8 @@ Claude attempts to read credentials:
```
Tool: Read
Path: ./conf/localsettings.yaml
Decision: BLOCK — matched rule "conf/localsettings.yaml" (.botignore)
Path: ./conf/settings.local.yaml
Decision: BLOCK — matched rule "conf/settings.local.yaml" (.botignore)
```
Claude attempts to read application code:
@@ -186,7 +186,7 @@ Claude attempts to run `cat .env` via bash — which would bypass a path-only ch
```toml
# botignore.toml
[bash]
deny = ["cat .env*", "cat conf/localsettings*"]
deny = ["cat .env*", "cat conf/settings.local*"]
```
```