Realign fermata around redaction (PostToolUse) as the primary security
layer, with access control (PreToolUse) as supplementary write/bash
protection. Remove botignore.toml — policy rules now live in .botsecrets
[policy] section. Add fermata.toml as an alias for .botsecrets.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
New user-friendly README modeled after sandcage's layout (Why / Quick Start /
How It Works), plus four focused docs under docs/:
- commands.md — full CLI reference with options, exit codes, examples
- configuration.md — .botignore, botignore.toml, .botsecrets reference
- security-model.md — the Reveal Triangle and defense-in-depth layers
- threat-model.md — L0-L6 coverage, honest limitations, pairing guidance
All Dirigent/monorepo internals stripped — ready for standalone export.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
g4borg