diff --git a/MASTODON_SETUP.md b/MASTODON_SETUP.md index 6ad6b69..a6606a4 100644 --- a/MASTODON_SETUP.md +++ b/MASTODON_SETUP.md @@ -313,9 +313,12 @@ python -c "from src.govbot.db.models import init_db; init_db('govbot.db')" ## Security Considerations +**📖 See [SECURITY.md](SECURITY.md) for the complete security guide.** + ### Credentials -- **Never commit** `config/config.yaml` to version control +- **Never commit** `config/config.yaml` to version control (it's in `.gitignore`) +- **Never commit** `*_clientcred.secret` or `*_usercred.secret` files (also gitignored) - Store credentials securely - Use environment variables for production: ```bash diff --git a/QUICKSTART.md b/QUICKSTART.md index 9a4f9ba..f3cf707 100644 --- a/QUICKSTART.md +++ b/QUICKSTART.md @@ -32,11 +32,16 @@ pip install -e . # Copy example config cp config/config.example.yaml config/config.yaml -# Edit with your settings -# At minimum, update the AI model configuration +# Edit with your credentials and settings nano config/config.yaml ``` +**⚠️ IMPORTANT - Security Notice**: +- `config/config.yaml` contains your secrets (API tokens, passwords) +- This file is automatically gitignored - it will NEVER be committed +- Never share this file or commit it to version control +- See [SECURITY.md](SECURITY.md) for complete security guidance + For local models with Ollama: ```yaml ai: diff --git a/README.md b/README.md index a8c78d0..c2002ae 100644 --- a/README.md +++ b/README.md @@ -65,13 +65,42 @@ uv pip install -e . uv pip install -e ".[dev]" ``` -## Configuration +## Quick Start -1. Copy `config/config.example.yaml` to `config/config.yaml` -2. Edit with your settings: - - Mastodon instance URL and credentials - - AI model preferences (local/cloud) - - Path to your constitution file +### 1. Install Dependencies (above) + +### 2. Configure (Credentials Required) + +```bash +# Copy the template +cp config/config.example.yaml config/config.yaml + +# Edit with your credentials +nano config/config.yaml +``` + +**⚠️ IMPORTANT**: `config/config.yaml` contains your secrets and is automatically ignored by git. Never commit this file. + +Configure: +- Platform credentials (Mastodon access tokens, Discord bot tokens, etc.) +- AI model settings (Ollama local models or cloud API keys) +- Constitution path and database location + +For detailed setup instructions: +- **Mastodon**: See [MASTODON_SETUP.md](MASTODON_SETUP.md) +- **Security**: See [SECURITY.md](SECURITY.md) for credential management + +### 3. Set AI API Keys (if using cloud models) + +```bash +# For OpenAI +llm keys set openai + +# For Anthropic Claude +llm keys set anthropic +``` + +These are stored securely in `~/.llm/keys.json` (also gitignored) ## Usage @@ -94,6 +123,24 @@ Your constitution should be a markdown file that describes: See `constitution.md` for an example based on Social.coop's bylaws. +## Documentation + +- **[QUICKSTART.md](QUICKSTART.md)** - Get started quickly with CLI testing +- **[MASTODON_SETUP.md](MASTODON_SETUP.md)** - Complete Mastodon deployment guide +- **[PLATFORMS.md](PLATFORMS.md)** - Guide for implementing new platform adapters +- **[SECURITY.md](SECURITY.md)** - Credential management and security best practices +- **[constitution.md](constitution.md)** - Example governance constitution + +## Security Note + +**Never commit these files** (already in `.gitignore`): +- `config/config.yaml` - Contains your credentials +- `govbot.db` - Your governance database +- `.env` files - Environment variables +- `*.token`, `*.key`, `*.secret` files + +See [SECURITY.md](SECURITY.md) for complete security guide. + ## Development Status This is early-stage software. Current phase: Core infrastructure and agentic reasoning engine. @@ -105,3 +152,5 @@ This is early-stage software. Current phase: Core infrastructure and agentic rea ## Contributing This project is in early development. Contributions and feedback welcome! + +**For platform developers**: See [PLATFORMS.md](PLATFORMS.md) to add support for Discord, Telegram, Matrix, or other platforms.