Commit graph

4 commits

Author SHA1 Message Date
flemming-it
68d23ab7dd refactor: rename app fai_studio -> chain_studio
Some checks are pending
Security / Security check (push) Waiting to run
Studio is the Ch∆In product's GUI, not a F∆I-vendor app. Rename the
Flutter package, all package: imports, and the build identity across
platforms: linux/windows CMake BINARY_NAME + project, Windows Runner.rc
fields, macOS PRODUCT_NAME / bundle id (ai.flemming.chain.chainStudio) /
.app + scheme BuildableName. Update the client-SDK + flow-editor deps to
their renamed chain_* packages (path + git URL). Company/copyright fields
now read Flemming.AI. flutter analyze: clean.

Signed-off-by: flemming-it <stefan.a.flemming@googlemail.com>
2026-06-16 17:48:11 +02:00
flemming-it
7ff4fda2a3 refactor(brand): rename F∆I -> Ch∆In + hub binary fai -> chain
Some checks failed
Security / Security check (push) Failing after 2s
Studio follows the platform rename: product branding F∆I -> Ch∆In in UI
strings, command examples fai -> chain, and — critically — the spawned
hub binary path ~/.fai/bin/fai -> ~/.fai/bin/chain so Studio launches
the renamed binary. The fai_* Dart identifiers (FaiLog, widget files,
the generated SDK) stay = vendor/internal namespace. flutter analyze:
no issues.

Signed-off-by: flemming-it <stefan.a.flemming@googlemail.com>
2026-06-15 16:22:22 +02:00
flemming-it
efa9871a75 chore(security): externalise confidentiality term list
Moves the list of private organisation / pilot / codename
strings the security gate blocks OUT of the repo entirely.

Before: tools/security/check-staged.sh + the Today AI prompt
+ docs/today-pipeline.md held the strings in plaintext. The
whole point of the gate is to keep certain strings out of
committed artefacts, so holding them in a committed
artefact was self-defeating — anyone with read access to
the repo trivially recovered the very list we tried to
protect.

After:

- The gate reads a runtime file
  `${FAI_BANNED_TERMS_FILE:-~/.fai-security/banned-terms.txt}`
  at scan time. One regex per line, `#`-prefixed comments,
  matched case-insensitively against staged diffs and
  commit messages. Repos contain no copy.
- Pre-commit / commit-msg modes log a warning + skip the
  confidential-terms scan if the file is missing (fresh
  checkouts shouldn't trip until the operator bootstraps
  the list).
- CI mode (`check-staged.sh ci`) FAILS when the file is
  missing — runners are expected to be bootstrapped by
  their deploy step.
- The unit-test harness uses a synthetic placeholder term
  (`SYNTHETIC_BANNED_TERM_XYZZY`) injected via a temp
  banned-terms file, so the test never references real
  customer names.
- docs/today-pipeline.md + tools/today/prompt.template.md
  point at the runtime file instead of enumerating terms.

Operator bootstrap (one-time, per machine):

  mkdir -p ~/.fai-security && chmod 700 ~/.fai-security
  printf '\\b%s\\b\\n' TERM_A TERM_B > ~/.fai-security/banned-terms.txt
  chmod 600 ~/.fai-security/banned-terms.txt

Gate self-tests: 18 passed, 0 failed.

Signed-off-by: flemming-it <sf@flemming.it>
Signed-off-by: flemming-it <stefan.a.flemming@googlemail.com>
2026-05-25 21:06:17 +02:00
flemming-it
ce97300a12 feat(studio): daily Today-Hero proposal pipeline (v0.31.0)
Cross-store research (Apple, Play, Steam, Docker, VS Code,
Chrome Web Store, Flathub) consistently rewards editorial
curation over algorithmic recommendations — but manual
copywriting per release does not survive a solo-dev cadence.
This commit lands a daily-build pipeline so the Today-Hero
card stays fresh without operator hand-edits per release.

Pipeline shape (full design in docs/today-pipeline.md):

1. tools/today/collect.sh aggregates "what happened in the
   last 24 hours" across the F∆I monorepos: git log per repo,
   store-index seed.yaml diffs, architecture/system-gaps doc
   changes, Studio release tags, and (opt-in) audit-log
   highlights. Outputs plain text.

2. tools/today/propose.sh feeds the signal summary plus
   prompt.template.md to the operator's already-configured
   System-AI (Ollama default; OpenAI-compatible endpoints
   work via env-var override). Drafts N candidate stories as
   YAML files under ~/.fai/today/proposals/<date>/.

3. tools/today/accept.sh validates a chosen candidate against
   the today/v1 schema and the no-marketing-speak banned-word
   list, then atomic-renames it into ~/.fai/today/active.yaml.

4. Studio reads active.yaml at store-page init via the new
   TodayStoryLoader (lib/data/today_story_loader.dart). On any
   failure (file missing, schema mismatch, banned-words hit,
   parse error) it falls back to the compiled-in
   _kFallbackTodayStory so KRITIS deployments and fresh
   installs always render something sensible.

Trust + audit:
- All proposed and accepted stories live as plain YAML on disk.
- The pipeline calls only the operator's already-configured
  System-AI; it never reaches a CMS, never phones home, works
  air-gapped if the System-AI does.
- The bash accept gate AND the Dart loader both enforce the
  banned-word list — a hand-edited active.yaml that bypassed
  the shell still won't reach the UI.
- Removing the cron entry disables the pipeline; Studio falls
  back to the const story and continues to work.

Cron / launchd / systemd recipes documented in
tools/today/README.md.

Signed-off-by: flemming-it <stefan.a.flemming@googlemail.com>
2026-05-08 12:59:33 +02:00