Moves the list of private organisation / pilot / codename
strings the security gate blocks OUT of the repo entirely.
Before: tools/security/check-staged.sh + the Today AI prompt
+ docs/today-pipeline.md held the strings in plaintext. The
whole point of the gate is to keep certain strings out of
committed artefacts, so holding them in a committed
artefact was self-defeating — anyone with read access to
the repo trivially recovered the very list we tried to
protect.
After:
- The gate reads a runtime file
`${FAI_BANNED_TERMS_FILE:-~/.fai-security/banned-terms.txt}`
at scan time. One regex per line, `#`-prefixed comments,
matched case-insensitively against staged diffs and
commit messages. Repos contain no copy.
- Pre-commit / commit-msg modes log a warning + skip the
confidential-terms scan if the file is missing (fresh
checkouts shouldn't trip until the operator bootstraps
the list).
- CI mode (`check-staged.sh ci`) FAILS when the file is
missing — runners are expected to be bootstrapped by
their deploy step.
- The unit-test harness uses a synthetic placeholder term
(`SYNTHETIC_BANNED_TERM_XYZZY`) injected via a temp
banned-terms file, so the test never references real
customer names.
- docs/today-pipeline.md + tools/today/prompt.template.md
point at the runtime file instead of enumerating terms.
Operator bootstrap (one-time, per machine):
mkdir -p ~/.fai-security && chmod 700 ~/.fai-security
printf '\\b%s\\b\\n' TERM_A TERM_B > ~/.fai-security/banned-terms.txt
chmod 600 ~/.fai-security/banned-terms.txt
Gate self-tests: 18 passed, 0 failed.
Signed-off-by: flemming-it <sf@flemming.it>
Signed-off-by: flemming-it <stefan.a.flemming@googlemail.com>
|
||
|---|---|---|
| .forgejo/workflows | ||
| .githooks | ||
| assets/docs | ||
| docs | ||
| lib | ||
| linux | ||
| macos | ||
| test | ||
| tools | ||
| windows | ||
| .gitignore | ||
| .metadata | ||
| .security-allow | ||
| analysis_options.yaml | ||
| l10n.yaml | ||
| pubspec.lock | ||
| pubspec.yaml | ||
| README.md | ||
F∆I Studio
Desktop GUI client for the F∆I Platform hub. Tier-2 generic
platform client per docs/architecture/client.md. Connects to a
local or remote fai serve over gRPC.
Status (2026-05-05): MVP scaffold. Three pages with mock data, no live gRPC connection yet. Validates the visual direction before the Dart SDK is wired in.
Pages (MVP scope)
- Modules — installed modules, capabilities, declared permissions. Click → manifest detail.
- Audit — live stream of hub events (when wired). Filter by event type and flow.
- Approvals — pending
system.approval@^0reviews with approve / reject buttons.
These three cover the platform's central properties: composition (modules), audit (events), human-in-the-loop (approvals).
Stack
- Flutter 3.40+ (Desktop: macOS, Linux, Windows)
- gRPC client via
fai_dart_sdk(sibling repo; pinned by relative path during development) - No external runtime dependencies; bundles its own Dart VM
Run locally
flutter run -d macos
Repo placement
Will be published as fai/studio on Forgejo (git.flemming.ws).
The local directory fai_studio/ follows the established
fai_platform/ layout convention.
Why "Studio" and not "Stage"
"Stage" collided too easily with "staging environment" in
developer English. "Studio" is the established industry pattern
for creator-tools (Visual Studio, Android Studio, RStudio) and
matches the GUI's audience of module developers, operators, and
power users. The rename was applied across all docs/ in the
platform repo on 2026-05-05.