Skip to content

docs: audience-segmented README rewrite#45

Merged
noisyloop merged 1 commit into
mainfrom
claude/review-codebase-docs-wyk1U
May 19, 2026
Merged

docs: audience-segmented README rewrite#45
noisyloop merged 1 commit into
mainfrom
claude/review-codebase-docs-wyk1U

Conversation

@noisyloop

@noisyloop noisyloop commented May 19, 2026

Copy link
Copy Markdown
Owner

Rewrites README.md into three deliberately separate, non-overlapping sections — (1) developer building a custom agent, (2) security engineer evaluating for deployment, (3) technical decision-maker — no general audience, no merged sections. Accurate technical claims and control descriptions are preserved; reorganized by reader.

Per-flag decisions applied:

  • Header: "Production hardened" → "Production-grade architecture"; "NIST AI RMF 1.0 compliant" → "NIST AI RMF aligned"
  • E-2 kept as ❌ CRITICAL, not softened; risk tiers described as an enforced policy control, not an isolation boundary
  • Actuator guarantee rewritten honestly around E-2 (holds vs honest agents/accidental misuse, not vs a compromised in-process agent)
  • Added the MODEL_GUARD_SIGN_KEY fallback caveat (STRIDE T-2)
  • Removed the hardcoded test-count number
  • docs/CONTROLS.md verified complete and cited as-is (its stale paths are a separate follow-up, not touched here)

STRIDE.md (flag decisions 2 and 8):

  • S-2 marked resolved (commit 54628dd): the unauthenticated server.ts /api/approvals/:id/{approve,deny} endpoints were removed, route now 410 Gone, no approval:decision emission — table row, detailed section resolution note, and implementation-status note updated
  • Scope updated to main; status date updated to 2026-05-19

@claude
docs: audience-segmented README rewrite
e7008b9 
Rewrites README.md into three deliberately separate, non-overlapping
sections — (1) developer building a custom agent, (2) security engineer
evaluating for deployment, (3) technical decision-maker — no general
audience, no merged sections. Accurate technical claims and control
descriptions are preserved; reorganized by reader.

Per-flag decisions applied:
- Header: "Production hardened" → "Production-grade architecture";
  "NIST AI RMF 1.0 compliant" → "NIST AI RMF aligned"
- E-2 kept as ❌ CRITICAL, not softened; risk tiers described as an
  enforced policy control, not an isolation boundary
- Actuator guarantee rewritten honestly around E-2 (holds vs honest
  agents/accidental misuse, not vs a compromised in-process agent)
- Added the MODEL_GUARD_SIGN_KEY fallback caveat (STRIDE T-2)
- Removed the hardcoded test-count number
- docs/CONTROLS.md verified complete and cited as-is (its stale paths
  are a separate follow-up, not touched here)

STRIDE.md (flag decisions 2 and 8):
- S-2 marked resolved (commit 54628dd): the unauthenticated server.ts
  /api/approvals/:id/{approve,deny} endpoints were removed, route now
  410 Gone, no approval:decision emission — table row, detailed
  section resolution note, and implementation-status note updated
- Scope updated to `main`; status date updated to 2026-05-19

https://claude.ai/code/session_01Ds4diwEnvZ863CUoNCQEkY
@noisyloop noisyloop merged commit 5417229 into main May 19, 2026
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@noisyloop @claude