fix(dashboard,auth,demo): retire local-only claims on live user surfaces#238
Merged
operatoruplift merged 1 commit intomasterfrom Apr 28, 2026
Merged
Conversation
Five surgical edits replace fabricated local-only claims on surfaces
that real users see in the auth flow, the dashboard, and the public
demo:
1. /security page header sublabel:
"Encrypted on your computer · Tamper-proof receipts · Nothing in
the cloud" -> "Approval before every action · Tamper-proof
receipts · Audit log on Solana"
The page already discloses lower down that encryption is
"Configured" not "Active" because chat/memory/agent-config writes
do not call secureStore yet, the header now matches that truth.
2. /demo step-6 success copy:
"Your agent ran locally. Zero cloud. Zero surveillance." ->
"Approval before every action. Signed receipt for the audit log."
The demo runs through the same cloud-routed pipeline as the rest
of the app, no code path makes the demo local.
3. /agents/builder save toast:
`Agent "${name}" deployed locally!` -> `Agent "${name}" saved to
this browser.`
The builder writes to localStorage, the agent itself still runs
in the cloud, "deployed locally" overstates what just happened.
4. /signup footer trust badges:
"Your computer · Encrypted · Open source" -> "Approval-gated ·
Signed receipts · Open source"
5. /login footer trust badges:
"Your computer · Encrypted · Signed receipts" -> "Approval-gated
· Open source · Signed receipts"
Both auth pages dropped "Your computer" + "Encrypted" because
neither matches what the cloud-hosted web app does today.
Verification:
- pnpm check (4/4: copy-check, capability-check, trust-gate,
fabrication-rot-check, all clean)
- pnpm exec tsc --noEmit (clean)
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
operatoruplift
added a commit
that referenced
this pull request
Apr 28, 2026
src/sections/Security.tsx: replace the "AES-256-GCM Encrypted" badge on Security card 1 with "Ed25519 Signed Receipts". The card is now about ed25519-signed receipts anchored on Solana (per #231 rewrite of features.security), so the AES-256-GCM badge no longer matches the copy underneath it. The badge should describe what the card actually proves. app/blog/posts.ts: rewrite the excerpt for "Local AI vs Cloud AI: The Privacy Case Nobody's Making". The previous excerpt asserted "When your AI runs locally, you make the decisions" without any web-app caveat, which read as "Operator Uplift runs locally today." The new excerpt distinguishes the present-tense web app (cloud-routed per turn) from the desktop+Ollama path on the roadmap, and points out both layers share the approval-gate + signed-receipt primitives. Continues the honesty positioning sweep that PRs #227-#238 landed. Verification: - pnpm check (4/4: copy-check, capability-check, trust-gate, fabrication-rot-check, all clean with 14 rules across 197 files) - pnpm exec tsc --noEmit (clean)
2 tasks
operatoruplift
added a commit
that referenced
this pull request
Apr 28, 2026
After the homepage + dashboard + auth + demo + blog honesty sweep landed across PRs #233-#239, this PR institutionalizes the changes in two places so they cannot regress silently: scripts/fabrication-rot-check.mjs: Add 6 anchored patterns (rules 14-20): | Pattern | Retired in | Phrase / location | |---|---|---| | `vault sealed[^a-zA-Z]+memory encrypted` | #235 | HeroAnimation canvas text | | `Encrypted on your computer` | #238 | /security page header | | `Your agent ran locally. Zero cloud. Zero surveillance` | #238 | /demo step-6 | | `${...} deployed locally` | #238 | /agents/builder toast | | `AES-256-GCM Encrypted` | #239 | Security card badge | | `change: ['"]Local, encrypted['"] | 'On your computer'` | #233 | /app dashboard tiles | tests/e2e/consumer-copy.spec.ts: Add 8 banned phrases to BANNED_DEV_PHRASES so the existing consumer-copy regression spec asserts they don't appear in rendered body text on /, /paywall, /pricing, /store, /login, /signup. This complements the build-time grep guards with a runtime check that catches regressions in dynamic content. Combined regression net for retired local-machine claims: - 14 fabrication-rot rules (was 10) -> 20 total rules - 8 banned phrases on consumer-copy.spec.ts asserting against rendered body innerText across 5 routes Verification: - pnpm check (4/4: copy-check, capability-check, trust-gate, fabrication-rot-check; 20 rules across 197 files) - pnpm exec tsc --noEmit (clean)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Five edits across five files replace fabricated local-only claims on surfaces that real users see — the auth flow, the dashboard, and the public demo:
Why
Each of these surfaces was making a claim that didn't match shipped behavior:
This continues the honesty positioning sweep landed in PRs #227–#236.
Test plan