docs: replace fabricated local-encryption claims on product+security copy#231
Merged
operatoruplift merged 1 commit intomasterfrom Apr 28, 2026
Merged
Conversation
Continues the honesty sweep across the product/security copy that still told users their data lives encrypted on their machine. The web app does not run locally and never has — it is a Vercel-hosted Next.js app routing prompts through Anthropic, OpenAI, Google, xAI, or DeepSeek per the user's selection per turn. dataService.ts: - Product card #1 now describes the real data posture: export/erase from Settings → Data; named third-party AI providers see only the prompts you send them; we do not resell. - security section retitled TRUST with a posture grounded in the gate + receipt + audit log we actually ship. Subhead names HIPAA-aware architecture, GDPR workflows, MIT-licensed open source. - features.security pivots to "Every action carries a receipt" (ed25519 signing + Merkle root anchored on Solana via the deployed audit-trail Anchor program). linkUrl moved to /docs/receipts. ProductPage.tsx: - extendedDescriptions[0]: dropped "private space on your computer, encrypted" → describes per-session scope, capability gating, and inter-helper isolation in terms that match runtime behavior. - extendedDescriptions[4]: dropped "taking an action on your computer" → describes outbound sends/bookings/API calls with approval and request-id logging. - technicalDetails fully rewritten: each bullet now points at a shipped surface (lib/capabilities.ts, lib/toolSafety.ts, Privy JWTs, ed25519 receipts) so a reviewer can ground-truth the claims. After this lands, the only "stays on your computer" framing left in homepage copy is roadmap language explicitly tied to the future desktop app, which is correct given the Ollama path is documented as roadmap in the FAQ and Privacy Policy. Verification: - pnpm check (4/4 passed: copy-check, capability-check, trust-gate, fabrication-rot-check) - pnpm exec tsc --noEmit (clean)
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
3 tasks
operatoruplift
added a commit
that referenced
this pull request
Apr 28, 2026
The "Why now?" narrative said "one assistant on your computer can replace the dozens of productivity apps you juggle today. We're building it before big tech does, and putting it on your machine instead of theirs." The web app is Vercel-hosted and routes prompts through Anthropic / OpenAI / Google / xAI / DeepSeek per the user's selection per turn. It is not a local-only product. The desktop+Ollama path is roadmap- only, documented as such in the FAQ and Privacy Policy. Rewrite the narrative around what the product actually is: - One assistant that can sit across many SaaS apps and move work between them (true: Gmail+Calendar via Google OAuth, more on the roadmap). - Approval before every action and a signed receipt afterward (true: ed25519 receipts anchored on Solana via the audit-trail Anchor program). This continues the honesty positioning sweep that PRs #227-#231 did across Privacy / Compliance / ProblemStatement / Pricing / Comparison / FAQ / CloudVsLocal / dataService / ProductPage. After this lands, the only remaining "computer/machine" framing on the site is the explicit roadmap copy in the FAQ and Privacy Policy pointing at the future desktop app. Verification: - pnpm check (4/4: copy-check, capability-check, trust-gate, fabrication-rot-check) - pnpm exec tsc --noEmit (clean)
2 tasks
operatoruplift
added a commit
that referenced
this pull request
Apr 28, 2026
) Add 4 anchored patterns to scripts/fabrication-rot-check.mjs that fail the build if a future PR reintroduces the local-machine fabrications that PRs #231-#232 retired: - "on your machine instead of theirs" -> retired in #232 (MarketOpportunity) - "Everything lives on your computer" -> retired in #231 (dataService product card #1) - "AES-256 encrypted local storage" -> retired in #231 (dataService security section) - "your data never leaves your environment" -> retired in #231 (dataService security features.security) Each pattern is anchored to the exact phrasing that was in the retired copy. The COMMENT_LINE_RE skip means rule comments and audit-trail commentary in code are still allowed, only live source strings fail. Total rules: 10 -> 14. Verification: - pnpm check: 4 passed (4/4: copy-check, capability-check, trust-gate, fabrication-rot-check) with 14 rules across 197 files. - pnpm exec tsc --noEmit (clean - no source changes).
2 tasks
operatoruplift
added a commit
that referenced
this pull request
Apr 28, 2026
src/sections/Security.tsx: replace the "AES-256-GCM Encrypted" badge on Security card 1 with "Ed25519 Signed Receipts". The card is now about ed25519-signed receipts anchored on Solana (per #231 rewrite of features.security), so the AES-256-GCM badge no longer matches the copy underneath it. The badge should describe what the card actually proves. app/blog/posts.ts: rewrite the excerpt for "Local AI vs Cloud AI: The Privacy Case Nobody's Making". The previous excerpt asserted "When your AI runs locally, you make the decisions" without any web-app caveat, which read as "Operator Uplift runs locally today." The new excerpt distinguishes the present-tense web app (cloud-routed per turn) from the desktop+Ollama path on the roadmap, and points out both layers share the approval-gate + signed-receipt primitives. Continues the honesty positioning sweep that PRs #227-#238 landed. Verification: - pnpm check (4/4: copy-check, capability-check, trust-gate, fabrication-rot-check, all clean with 14 rules across 197 files) - pnpm exec tsc --noEmit (clean)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
src/services/dataService.ts(product card Install Vercel Web Analytics for Next.js #1 + security section) andsrc/sections/ProductPage.tsx(extendedDescriptions + technicalDetails)lib/capabilities.ts,lib/toolSafety.ts, Privy JWTs, ed25519 receipts) so a reviewer can ground-truth each claimWhy this matters
The Vercel-hosted Next.js app routes prompts through Anthropic / OpenAI / Google / xAI / DeepSeek depending on which provider the user picks per turn — it has never been a local-only app. PRs #227–#230 already cleaned Privacy / Compliance / ProblemStatement / Pricing / Comparison / FAQ / CloudVsLocal. This finishes the homepage product+security surfaces.
Test plan