feat: open source readiness by quiet-node · Pull Request #32 · quiet-node/thuki

quiet-node · 2026-04-05T16:48:43Z

Summary

Adds all open source community health files: Apache 2.0 LICENSE, CONTRIBUTING.md, CODE_OF_CONDUCT.md, SECURITY.md, CHANGELOG.md
Adds GitHub issue templates (bug report, feature request), PR template, and release workflow
Comprehensive README overhaul: technology badges, Getting Started flow, Architecture & Security section, and What's next for Thuki roadmap
Fixes all security claim accuracy across docs and sandbox: correct network egress posture, read-only filesystem scope, and memory cap status
Replaces all em dashes throughout every document
Renames product from "AI assistant" to "AI secretary" globally
Updates author attribution to Logan Nguyen with X profile link
Adds missing metadata (description, repository, homepage) to package.json and Cargo.toml
Documents THUKI_SYSTEM_PROMPT in docs/configurations.md and fixes default prompt description
Adds conventional commits guidance to CONTRIBUTING.md
Adds target/ to .gitignore and fixes actions/checkout version comments

Test Plan

All 350 frontend tests pass (bun run test)
All backend tests pass (bun run test:backend)
README renders correctly on GitHub: badges, anchor links, roadmap section
All internal doc links and cross-references resolve
Release workflow triggers correctly on a v*.*.* tag

🤖 Generated with Claude Code

- Add Apache 2.0 LICENSE - Overhaul README: hero, badges, installation (download + build from source), Gatekeeper bypass instructions, architecture in collapsible, contributing link - Add CONTRIBUTING.md with full dev setup, project structure, test/coverage requirements, code style, and PR guidelines for a broad contributor audience - Add CODE_OF_CONDUCT.md referencing Contributor Covenant v2.1 - Add SECURITY.md with responsible disclosure via GitHub Security Advisories - Add GitHub issue templates (bug report, feature request, config) - Add pull request template with coverage and validation checklist - Add CHANGELOG.md (Keep a Changelog format, seeded with v0.1.0) - Add release workflow: tag-triggered macOS build, unsigned .app archive, changelog extraction, and GitHub Release creation - Set license field in Cargo.toml and package.json; remove private flag Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com>

- README: restructure intro with 'What is Thuki?' and 'How to use Thuki?' sections for clearer first-impression narrative - README: sell the highlight-to-quote + no-app-switching convenience upfront - README: add bold fullscreen overlay pitch to Why Thuki section - README: apply <kbd>⌃</kbd> keyboard styling to all Control key references - README: fix copyright year 2024 → 2026 - README: add Author section with @quiet_node X link - CONTRIBUTING: remove Project Structure section Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com>

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com>

- Add lint, typecheck, and test steps to release workflow so tags cannot ship broken or untested code - Fix README author section grammar ("Reached out to" -> "Reach out to") - Fix CONTRIBUTING.md env step: remove false claim that .env overrides Ollama URL or model; scope it to quote display and system prompt only - Add technology badge row to README (Tauri v2, React 19, TypeScript, Rust, Tailwind CSS 4, SQLite, Ollama) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com>

- Correct all security claims globally: replace "network air-gap" and "internal: true" with accurate description (127.0.0.1 ingress isolation, cap_drop, read-only volumes); remove false memory cap claim - Rewrite sandbox/README.md with accurate security controls table and honest note on network egress design tradeoff - Replace "AI assistant" with "AI secretary" everywhere; use "AI tools" when referring to third-party products - Replace "Quiet Node" / "Quiet Node Contributors" with "Logan Nguyen" in LICENSE, Cargo.toml, and README copyright footer - Fix CODE_OF_CONDUCT.md: replace Security Advisory reporting channel with direct X/GitHub contact - Fix CLAUDE.md: Control key (not Command), localhost port binding (not internal-only network) - Add description, repository, homepage to package.json and Cargo.toml - Document THUKI_SYSTEM_PROMPT in docs/configurations.md - Add conventional commits guidance to CONTRIBUTING.md - Remove empty [Unreleased] section from CHANGELOG.md - Add target/ to root .gitignore - Fix actions/checkout version comment in release.yml Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com>

- Move "What's Next" section to after Author, just before License - Rename to "What's next for Thuki" - Reframe quick actions as slash commands (/summarize, /translate, etc.) - Replace em dashes with colons throughout the section Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com>

- Fix broken README anchor: #whats-next -> #whats-next-for-thuki - Fix docker-compose.yml security checklist: mark NETWORK EGRESS and DOS PREVENTION as unconfigured with accurate explanations; remove false 'internal: false blocks egress' and 'memory: 16G' claims - Fix .env.example and docs/configurations.md: remove wrong default system prompt text ('assistant'); point to commands.rs as source of truth for the built-in default - Fix sandbox/README.md: clarify read-only filesystem applies to sandbox-server only, not sandbox-init - Add Accessibility API (context.rs) to SECURITY.md attack surface - Fix release.yml actions/checkout comment: v4 -> v6.0.2 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com>

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com>

- Add release-please workflow: opens a release PR on every push to main, bumps version in package.json and Cargo.toml, writes CHANGELOG.md automatically from conventional commits - Add release-please-config.json and .release-please-manifest.json - Remove old manual release.yml (replaced by release-please workflow) - Add RELEASING.md at repo root documenting the automated flow - Remove Releasing section from CONTRIBUTING.md (now in RELEASING.md) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com>

activator.rs is gated with #[cfg(target_os = "macos")] and depends on core-graphics and core-foundation. These crates cannot compile on Ubuntu, so backend tests must run on macOS to cover the full codebase. Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com>

quiet-node · 2026-04-05T18:55:16Z

Code review

Found 5 issues:

PULL_REQUEST_TEMPLATE.md tells contributors to manually update CHANGELOG.md, but RELEASING.md (introduced in the same PR) explicitly forbids this because release-please owns the file exclusively. Contributors following the template will create conflicts on every release PR.

https://github.com/quiet-node/thuki/blob/86b05507aaa253568c2d200b5c479f5f1652b2e9/.github/PULL_REQUEST_TEMPLATE.md#L15-L17

README.md claims docs/configurations.md explains "how to change the default model and Ollama URL", but neither setting exists anywhere in the codebase. The configurations file only documents VITE_QUOTE_* display limits and THUKI_SYSTEM_PROMPT. Model switching is a roadmap item, not a current feature.

thuki/README.md

Lines 183 to 185 in 86b0550

    
           See [docs/configurations.md](docs/configurations.md) for the full configuration reference, including how to change the default model and Ollama URL.

RELEASING.md uses em dashes (—) in the "Files Managed by release-please" section. CLAUDE.md says "Never use em dashes (—) in any output: code comments, documentation, markdown files, commit messages, or prose."

thuki/RELEASING.md

Lines 40 to 43 in 86b0550

    
           - `CHANGELOG.md` — written by release-please on every release PR 
        
           - `package.json` `"version"` field — bumped automatically 
        
           - `src-tauri/Cargo.toml` `version` field — bumped automatically

The release build runs bun run test and bun run test:backend, which have no coverage gate. PR CI enforces 100% coverage via bun run test:coverage and bun run test:backend:coverage. A release could ship code that passed PR checks but was later merged without re-verifying coverage at release time.

thuki/.github/workflows/release-please.yml

Lines 52 to 57 in 86b0550

    
           - name: Run frontend tests 
        
             run: bun run test 
        
           - name: Run backend tests 
        
             run: bun run test:backend

SECURITY.md lists the attack surface but omits screenshot.rs, which is a registered Tauri command (capture_screenshot_command) that invokes macOS screencapture to capture user-selected screen regions. This is a relevant system-level capability that should be documented alongside the other IPC boundary entries.

thuki/SECURITY.md

Lines 14 to 21 in 86b0550

    
           - The Tauri IPC boundary between the frontend and Rust backend 
        
           - The macOS Accessibility API integration that captures selected text and screen bounds at activation (`context.rs`) 
        
           - The Docker sandbox configuration (network isolation, capability dropping) 
        
           - The local SQLite database storing conversation history 
        
           - Image processing via the `image` crate 
        
           ## Supported Versions

🤖 Generated with Claude Code

_{- If this code review was useful, please react with 👍. Otherwise, react with 👎.}

- Remove contradictory CHANGELOG.md checklist item from PR template; release-please owns CHANGELOG.md and contributors should not edit it manually. Replace with a conventional commits reminder. - Fix README Configuration section: remove false claim that docs/configurations.md documents model and Ollama URL settings. Those are roadmap items, not current features. - Replace em dashes in RELEASING.md with colons (project style rule). - Enforce 100% coverage at release time: replace plain bun run test + bun run test:backend with bun run test:all:coverage in release-please.yml. Add nightly Rust toolchain and cargo-llvm-cov steps required by the coverage script. - Add screenshot.rs to SECURITY.md attack surface: the Tauri command that invokes macOS screencapture is a relevant system-level boundary. Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com>

quiet-node · 2026-04-05T19:08:31Z

Code review

Found 1 issue:

CONTRIBUTING.md tells contributors to run bun run test:backend:coverage and bun run test:all:coverage before submitting PRs, but the Prerequisites section only states "Thuki builds against stable Rust" — it never mentions that the nightly-2026-03-30 toolchain is required. Both coverage commands hard-code cargo +nightly-2026-03-30 llvm-cov in package.json. A contributor following the guide verbatim will hit a toolchain 'nightly-2026-03-30' is not installed error when running the mandatory pre-PR checks.

thuki/CONTRIBUTING.md

Lines 27 to 35 in e44a94e

    
           **Rust:** required for the Tauri backend 
        
           ```bash 
        
           curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh 
        
           ``` 
        
           After installation, restart your shell or run `source ~/.cargo/env` to make `cargo` available. Thuki builds against stable Rust.

🤖 Generated with Claude Code

_{- If this code review was useful, please react with 👍. Otherwise, react with 👎.}

Coverage enforcement commands (test:backend:coverage, test:all:coverage) require cargo +nightly-2026-03-30 with llvm-tools. The prerequisites section only mentioned stable Rust, which would cause contributors to hit a toolchain-not-found error when running mandatory pre-PR checks. Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com>

quiet-node · 2026-04-05T19:24:43Z

Code review

No issues found. Checked for bugs and CLAUDE.md compliance.

Verified this round:

All 6 issues from prior review rounds are confirmed fixed
GitHub Actions: all runners and actions are free-tier compatible; macos-latest is required for backend tests and the release build (macOS framework linkages), and is free with unlimited minutes once the repo is public
No paid GitHub features (Advanced Security, CodeQL, paid marketplace actions) referenced anywhere
screenshot.rs, release-please-config.json TOML jsonpath, and all cross-references verified accurate
CHANGELOG.md dead links are intentional bootstrap artifacts; release-please resolves them on first release

🤖 Generated with Claude Code

_{- If this code review was useful, please react with 👍. Otherwise, react with 👎.}

Increased logo width from 80px to 140px to make the Thuki icon more prominent and visually striking on the README page. Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com>

Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com> Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com>

Update version to 0.1.0-beta.1 in package.json and Cargo.toml to explicitly indicate beta status. Add prominent beta notice to README warning users that features may change, bugs may occur, AI outputs are not guaranteed to be perfect or accurate, and this is not production-ready. Add beta status badge to README badges row. Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com>

Keep version at 0.1.0 without beta suffix. Use the beta badge and disclaimer in README to indicate project status instead. When ready to exit beta, bump to 0.2.0 or higher. This keeps version numbers clean and tied to feature releases, not beta iterations. Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com>

Convert beta notice from plain text to blockquote format for better visual prominence. This renders as a distinct callout box on GitHub, making the beta status immediately obvious to users. Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com>

Replace blockquote with bold warning text and warning emoji (⚠️) for maximum visibility. This makes the beta status immediately obvious and impossible to miss. Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com>

Replace em-dash with period to comply with project writing style rule that forbids em-dashes in all documentation. Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com>

* feat: open source the project under Apache 2.0 - Add Apache 2.0 LICENSE - Overhaul README: hero, badges, installation (download + build from source), Gatekeeper bypass instructions, architecture in collapsible, contributing link - Add CONTRIBUTING.md with full dev setup, project structure, test/coverage requirements, code style, and PR guidelines for a broad contributor audience - Add CODE_OF_CONDUCT.md referencing Contributor Covenant v2.1 - Add SECURITY.md with responsible disclosure via GitHub Security Advisories - Add GitHub issue templates (bug report, feature request, config) - Add pull request template with coverage and validation checklist - Add CHANGELOG.md (Keep a Changelog format, seeded with v0.1.0) - Add release workflow: tag-triggered macOS build, unsigned .app archive, changelog extraction, and GitHub Release creation - Set license field in Cargo.toml and package.json; remove private flag Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com> * docs: README and CONTRIBUTING polish - README: restructure intro with 'What is Thuki?' and 'How to use Thuki?' sections for clearer first-impression narrative - README: sell the highlight-to-quote + no-app-switching convenience upfront - README: add bold fullscreen overlay pitch to Why Thuki section - README: apply <kbd>⌃</kbd> keyboard styling to all Control key references - README: fix copyright year 2024 → 2026 - README: add Author section with @quiet_node X link - CONTRIBUTING: remove Project Structure section Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com> * docs: improve README getting started flow and quarantine UX Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com> * docs: move sandbox setup to Step 1 and simplify Option B Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com> * docs: replace all em dashes with contextual alternatives Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com> * fix: open source readiness corrections - Add lint, typecheck, and test steps to release workflow so tags cannot ship broken or untested code - Fix README author section grammar ("Reached out to" -> "Reach out to") - Fix CONTRIBUTING.md env step: remove false claim that .env overrides Ollama URL or model; scope it to quote display and system prompt only - Add technology badge row to README (Tauri v2, React 19, TypeScript, Rust, Tailwind CSS 4, SQLite, Ollama) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com> * fix: open source readiness corrections (round 2) - Correct all security claims globally: replace "network air-gap" and "internal: true" with accurate description (127.0.0.1 ingress isolation, cap_drop, read-only volumes); remove false memory cap claim - Rewrite sandbox/README.md with accurate security controls table and honest note on network egress design tradeoff - Replace "AI assistant" with "AI secretary" everywhere; use "AI tools" when referring to third-party products - Replace "Quiet Node" / "Quiet Node Contributors" with "Logan Nguyen" in LICENSE, Cargo.toml, and README copyright footer - Fix CODE_OF_CONDUCT.md: replace Security Advisory reporting channel with direct X/GitHub contact - Fix CLAUDE.md: Control key (not Command), localhost port binding (not internal-only network) - Add description, repository, homepage to package.json and Cargo.toml - Document THUKI_SYSTEM_PROMPT in docs/configurations.md - Add conventional commits guidance to CONTRIBUTING.md - Remove empty [Unreleased] section from CHANGELOG.md - Add target/ to root .gitignore - Fix actions/checkout version comment in release.yml Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com> * docs: move roadmap to end of README, rename, and refine - Move "What's Next" section to after Author, just before License - Rename to "What's next for Thuki" - Reframe quick actions as slash commands (/summarize, /translate, etc.) - Replace em dashes with colons throughout the section Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com> * fix: final open source readiness pass - Fix broken README anchor: #whats-next -> #whats-next-for-thuki - Fix docker-compose.yml security checklist: mark NETWORK EGRESS and DOS PREVENTION as unconfigured with accurate explanations; remove false 'internal: false blocks egress' and 'memory: 16G' claims - Fix .env.example and docs/configurations.md: remove wrong default system prompt text ('assistant'); point to commands.rs as source of truth for the built-in default - Fix sandbox/README.md: clarify read-only filesystem applies to sandbox-server only, not sandbox-init - Add Accessibility API (context.rs) to SECURITY.md attack surface - Fix release.yml actions/checkout comment: v4 -> v6.0.2 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com> * docs: add native settings panel to roadmap Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com> * docs: document release process in CONTRIBUTING.md Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com> * feat: automate releases with release-please - Add release-please workflow: opens a release PR on every push to main, bumps version in package.json and Cargo.toml, writes CHANGELOG.md automatically from conventional commits - Add release-please-config.json and .release-please-manifest.json - Remove old manual release.yml (replaced by release-please workflow) - Add RELEASING.md at repo root documenting the automated flow - Remove Releasing section from CONTRIBUTING.md (now in RELEASING.md) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com> * fix(ci): run backend tests on macos-latest activator.rs is gated with #[cfg(target_os = "macos")] and depends on core-graphics and core-foundation. These crates cannot compile on Ubuntu, so backend tests must run on macOS to cover the full codebase. Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com> * fix: address open source readiness review findings - Remove contradictory CHANGELOG.md checklist item from PR template; release-please owns CHANGELOG.md and contributors should not edit it manually. Replace with a conventional commits reminder. - Fix README Configuration section: remove false claim that docs/configurations.md documents model and Ollama URL settings. Those are roadmap items, not current features. - Replace em dashes in RELEASING.md with colons (project style rule). - Enforce 100% coverage at release time: replace plain bun run test + bun run test:backend with bun run test:all:coverage in release-please.yml. Add nightly Rust toolchain and cargo-llvm-cov steps required by the coverage script. - Add screenshot.rs to SECURITY.md attack surface: the Tauri command that invokes macOS screencapture is a relevant system-level boundary. Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com> * docs: add nightly Rust toolchain prerequisite to CONTRIBUTING.md Coverage enforcement commands (test:backend:coverage, test:all:coverage) require cargo +nightly-2026-03-30 with llvm-tools. The prerequisites section only mentioned stable Rust, which would cause contributors to hit a toolchain-not-found error when running mandatory pre-PR checks. Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com> * docs: enlarge README logo for better prominence Increased logo width from 80px to 140px to make the Thuki icon more prominent and visually striking on the README page. Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com> * chore: Increase logo width in README Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com> Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com> * chore: mark Thuki as beta and add disclaimer Update version to 0.1.0-beta.1 in package.json and Cargo.toml to explicitly indicate beta status. Add prominent beta notice to README warning users that features may change, bugs may occur, AI outputs are not guaranteed to be perfect or accurate, and this is not production-ready. Add beta status badge to README badges row. Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com> * chore: revert to 0.1.0 for semantic versioning Keep version at 0.1.0 without beta suffix. Use the beta badge and disclaimer in README to indicate project status instead. When ready to exit beta, bump to 0.2.0 or higher. This keeps version numbers clean and tied to feature releases, not beta iterations. Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com> * docs: make beta status more prominent with blockquote callout Convert beta notice from plain text to blockquote format for better visual prominence. This renders as a distinct callout box on GitHub, making the beta status immediately obvious to users. Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com> * docs: make beta status more prominent with warning emoji Replace blockquote with bold warning text and warning emoji (⚠️) for maximum visibility. This makes the beta status immediately obvious and impossible to miss. Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com> * fix: remove em-dash from beta status warning Replace em-dash with period to comply with project writing style rule that forbids em-dashes in all documentation. Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com> --------- Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com>

* feat: open source the project under Apache 2.0 - Add Apache 2.0 LICENSE - Overhaul README: hero, badges, installation (download + build from source), Gatekeeper bypass instructions, architecture in collapsible, contributing link - Add CONTRIBUTING.md with full dev setup, project structure, test/coverage requirements, code style, and PR guidelines for a broad contributor audience - Add CODE_OF_CONDUCT.md referencing Contributor Covenant v2.1 - Add SECURITY.md with responsible disclosure via GitHub Security Advisories - Add GitHub issue templates (bug report, feature request, config) - Add pull request template with coverage and validation checklist - Add CHANGELOG.md (Keep a Changelog format, seeded with v0.1.0) - Add release workflow: tag-triggered macOS build, unsigned .app archive, changelog extraction, and GitHub Release creation - Set license field in Cargo.toml and package.json; remove private flag Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com> * docs: README and CONTRIBUTING polish - README: restructure intro with 'What is Thuki?' and 'How to use Thuki?' sections for clearer first-impression narrative - README: sell the highlight-to-quote + no-app-switching convenience upfront - README: add bold fullscreen overlay pitch to Why Thuki section - README: apply <kbd>⌃</kbd> keyboard styling to all Control key references - README: fix copyright year 2024 → 2026 - README: add Author section with @quiet_node X link - CONTRIBUTING: remove Project Structure section Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com> * docs: improve README getting started flow and quarantine UX Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com> * docs: move sandbox setup to Step 1 and simplify Option B Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com> * docs: replace all em dashes with contextual alternatives Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com> * fix: open source readiness corrections - Add lint, typecheck, and test steps to release workflow so tags cannot ship broken or untested code - Fix README author section grammar ("Reached out to" -> "Reach out to") - Fix CONTRIBUTING.md env step: remove false claim that .env overrides Ollama URL or model; scope it to quote display and system prompt only - Add technology badge row to README (Tauri v2, React 19, TypeScript, Rust, Tailwind CSS 4, SQLite, Ollama) Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com> * fix: open source readiness corrections (round 2) - Correct all security claims globally: replace "network air-gap" and "internal: true" with accurate description (127.0.0.1 ingress isolation, cap_drop, read-only volumes); remove false memory cap claim - Rewrite sandbox/README.md with accurate security controls table and honest note on network egress design tradeoff - Replace "AI assistant" with "AI secretary" everywhere; use "AI tools" when referring to third-party products - Replace "Quiet Node" / "Quiet Node Contributors" with "Logan Nguyen" in LICENSE, Cargo.toml, and README copyright footer - Fix CODE_OF_CONDUCT.md: replace Security Advisory reporting channel with direct X/GitHub contact - Fix CLAUDE.md: Control key (not Command), localhost port binding (not internal-only network) - Add description, repository, homepage to package.json and Cargo.toml - Document THUKI_SYSTEM_PROMPT in docs/configurations.md - Add conventional commits guidance to CONTRIBUTING.md - Remove empty [Unreleased] section from CHANGELOG.md - Add target/ to root .gitignore - Fix actions/checkout version comment in release.yml Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com> * docs: move roadmap to end of README, rename, and refine - Move "What's Next" section to after Author, just before License - Rename to "What's next for Thuki" - Reframe quick actions as slash commands (/summarize, /translate, etc.) - Replace em dashes with colons throughout the section Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com> * fix: final open source readiness pass - Fix broken README anchor: #whats-next -> #whats-next-for-thuki - Fix docker-compose.yml security checklist: mark NETWORK EGRESS and DOS PREVENTION as unconfigured with accurate explanations; remove false 'internal: false blocks egress' and 'memory: 16G' claims - Fix .env.example and docs/configurations.md: remove wrong default system prompt text ('assistant'); point to commands.rs as source of truth for the built-in default - Fix sandbox/README.md: clarify read-only filesystem applies to sandbox-server only, not sandbox-init - Add Accessibility API (context.rs) to SECURITY.md attack surface - Fix release.yml actions/checkout comment: v4 -> v6.0.2 Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com> * docs: add native settings panel to roadmap Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com> * docs: document release process in CONTRIBUTING.md Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com> * feat: automate releases with release-please - Add release-please workflow: opens a release PR on every push to main, bumps version in package.json and Cargo.toml, writes CHANGELOG.md automatically from conventional commits - Add release-please-config.json and .release-please-manifest.json - Remove old manual release.yml (replaced by release-please workflow) - Add RELEASING.md at repo root documenting the automated flow - Remove Releasing section from CONTRIBUTING.md (now in RELEASING.md) Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com> * fix(ci): run backend tests on macos-latest activator.rs is gated with #[cfg(target_os = "macos")] and depends on core-graphics and core-foundation. These crates cannot compile on Ubuntu, so backend tests must run on macOS to cover the full codebase. Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com> * fix: address open source readiness review findings - Remove contradictory CHANGELOG.md checklist item from PR template; release-please owns CHANGELOG.md and contributors should not edit it manually. Replace with a conventional commits reminder. - Fix README Configuration section: remove false claim that docs/configurations.md documents model and Ollama URL settings. Those are roadmap items, not current features. - Replace em dashes in RELEASING.md with colons (project style rule). - Enforce 100% coverage at release time: replace plain bun run test + bun run test:backend with bun run test:all:coverage in release-please.yml. Add nightly Rust toolchain and cargo-llvm-cov steps required by the coverage script. - Add screenshot.rs to SECURITY.md attack surface: the Tauri command that invokes macOS screencapture is a relevant system-level boundary. Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com> * docs: add nightly Rust toolchain prerequisite to CONTRIBUTING.md Coverage enforcement commands (test:backend:coverage, test:all:coverage) require cargo +nightly-2026-03-30 with llvm-tools. The prerequisites section only mentioned stable Rust, which would cause contributors to hit a toolchain-not-found error when running mandatory pre-PR checks. Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com> * docs: enlarge README logo for better prominence Increased logo width from 80px to 140px to make the Thuki icon more prominent and visually striking on the README page. Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com> * chore: Increase logo width in README Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com> Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com> * chore: mark Thuki as beta and add disclaimer Update version to 0.1.0-beta.1 in package.json and Cargo.toml to explicitly indicate beta status. Add prominent beta notice to README warning users that features may change, bugs may occur, AI outputs are not guaranteed to be perfect or accurate, and this is not production-ready. Add beta status badge to README badges row. Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com> * chore: revert to 0.1.0 for semantic versioning Keep version at 0.1.0 without beta suffix. Use the beta badge and disclaimer in README to indicate project status instead. When ready to exit beta, bump to 0.2.0 or higher. This keeps version numbers clean and tied to feature releases, not beta iterations. Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com> * docs: make beta status more prominent with blockquote callout Convert beta notice from plain text to blockquote format for better visual prominence. This renders as a distinct callout box on GitHub, making the beta status immediately obvious to users. Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com> * docs: make beta status more prominent with warning emoji Replace blockquote with bold warning text and warning emoji (⚠️) for maximum visibility. This makes the beta status immediately obvious and impossible to miss. Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com> * fix: remove em-dash from beta status warning Replace em-dash with period to comply with project writing style rule that forbids em-dashes in all documentation. Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com> --------- Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com>

quiet-node and others added 13 commits April 5, 2026 01:56

docs: improve README getting started flow and quarantine UX

b97db4e

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com>

docs: move sandbox setup to Step 1 and simplify Option B

32b02a3

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com>

docs: replace all em dashes with contextual alternatives

7a5abee

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com>

docs: add native settings panel to roadmap

2d3fe0d

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com>

docs: document release process in CONTRIBUTING.md

de636ac

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com>

quiet-node added 7 commits April 5, 2026 14:30

docs: enlarge README logo for better prominence

a11f348

Increased logo width from 80px to 140px to make the Thuki icon more prominent and visually striking on the README page. Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com>

chore: Increase logo width in README

8b8717a

Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com> Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com>

docs: make beta status more prominent with warning emoji

b37f9e6

Replace blockquote with bold warning text and warning emoji (⚠️) for maximum visibility. This makes the beta status immediately obvious and impossible to miss. Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com>

fix: remove em-dash from beta status warning

6744e6d

Replace em-dash with period to comply with project writing style rule that forbids em-dashes in all documentation. Signed-off-by: Logan Nguyen <lg.131.dev@gmail.com>

quiet-node merged commit bc21281 into main Apr 5, 2026
0 of 3 checks passed

quiet-node deleted the worktree-radiant-weaving-hedgehog branch April 5, 2026 20:06

This was referenced Apr 5, 2026

chore(main): release thuki 1.0.0 #33

Closed

chore(main): release thuki 0.1.1 #34

Closed

chore(main): release 0.2.0 #37

Merged

github-actions bot mentioned this pull request Apr 10, 2026

chore(main): release 0.6.0 #76

Closed

This was referenced Apr 11, 2026

chore(main): release 0.6.0 #77

Closed

chore(main): release 0.6.0 #78

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: open source readiness#32

feat: open source readiness#32
quiet-node merged 22 commits intomainfrom
worktree-radiant-weaving-hedgehog

quiet-node commented Apr 5, 2026

Uh oh!

quiet-node commented Apr 5, 2026

Uh oh!

quiet-node commented Apr 5, 2026

Uh oh!

quiet-node commented Apr 5, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

quiet-node commented Apr 5, 2026

Summary

Test Plan

Uh oh!

quiet-node commented Apr 5, 2026

Code review

Uh oh!

quiet-node commented Apr 5, 2026

Code review

Uh oh!

quiet-node commented Apr 5, 2026

Code review

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant