Modpol/agentic-govbot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Reduce documentation redundancy while keeping security visible

Browse Source 
Applied "Single Source of Truth with Contextual Pointers" pattern:

README.md changes:
- Simplified "Security Note" section to brief warning + bullets
- Removed detailed file list (now only in SECURITY.md)
- Kept inline warning in Quick Start (contextual, at point of use)
- Added bullets describing what SECURITY.md covers
- Result: Brief, clear, points to authoritative source

Documentation strategy:
- SECURITY.md = single source of truth (all details)
- Other docs = brief inline warnings + links to SECURITY.md
- Inline warnings kept at critical moments (e.g., creating config.yaml)
- Platform-specific notes stay in platform guides

Added .maintenance-notes.md:
- Documents the documentation strategy
- Explains what goes where and why
- Provides guidance for future updates
- Helps prevent redundancy creep

Benefits:
- Easier to maintain (update SECURITY.md, others just link)
- Still highly visible (warnings at critical steps)
- No loss of information (everything in SECURITY.md)
- Clear ownership (each file owns specific info)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This commit is contained in:
Nathan Schneider
2026-02-06 17:38:56 -07:00
parent 98eef7bf5c
commit b636a805f9
2 changed files with 123 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
README.md
View File

@@ -131,15 +131,15 @@ See `constitution.md` for an example based on Social.coop's bylaws.
- **[SECURITY.md](SECURITY.md)** - Credential management and security best practices
- **[constitution.md](constitution.md)** - Example governance constitution
## Security Note
## Security
**Never commit these files** (already in `.gitignore`):
- `config/config.yaml` - Contains your credentials
- `govbot.db` - Your governance database
- `.env` files - Environment variables
- `*.token`, `*.key`, `*.secret` files
⚠️ **Important**: Never commit `config/config.yaml` or other files containing credentials. All sensitive files are automatically protected by `.gitignore`.
See [SECURITY.md](SECURITY.md) for complete security guide.
**See [SECURITY.md](SECURITY.md) for:**
- Complete list of protected files
- Where to store credentials
- Best practices for development and production
- What to do if secrets are accidentally committed
## Development Status