From 9033c15d468dc88d797704c3ace5f82bc21f0158 Mon Sep 17 00:00:00 2001 From: Reese Date: Wed, 29 Apr 2026 22:44:46 -0500 Subject: [PATCH 1/8] Patch vulnerable npm dependencies --- package-lock.json | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/package-lock.json b/package-lock.json index 44b9af3..ae196e8 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1597,9 +1597,9 @@ } }, "node_modules/brace-expansion": { - "version": "1.1.12", - "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz", - "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==", + "version": "1.1.14", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.14.tgz", + "integrity": "sha512-MWPGfDxnyzKU7rNOW9SP/c50vi3xrmrua/+6hfPbCS2ABNWfx24vPidzvC7krjU/RTo235sV776ymlsMtGKj8g==", "dev": true, "license": "MIT", "dependencies": { @@ -2222,9 +2222,9 @@ "license": "BSD-3-Clause" }, "node_modules/fastify": { - "version": "5.8.4", - "resolved": "https://registry.npmjs.org/fastify/-/fastify-5.8.4.tgz", - "integrity": "sha512-sa42J1xylbBAYUWALSBoyXKPDUvM3OoNOibIefA+Oha57FryXKKCZarA1iDntOCWp3O35voZLuDg2mdODXtPzQ==", + "version": "5.8.5", + "resolved": "https://registry.npmjs.org/fastify/-/fastify-5.8.5.tgz", + "integrity": "sha512-Yqptv59pQzPgQUSIm87hMqHJmdkb1+GPxdE6vW6FRyVE9G86mt7rOghitiU4JHRaTyDUk9pfeKmDeu70lAwM4Q==", "funding": [ { "type": "github", @@ -2490,9 +2490,9 @@ "license": "ISC" }, "node_modules/handlebars": { - "version": "4.7.8", - "resolved": "https://registry.npmjs.org/handlebars/-/handlebars-4.7.8.tgz", - "integrity": "sha512-vafaFqs8MZkRrSX7sFVUdo3ap/eNiLnb4IakshzvP56X5Nr1iGKAIqdX6tMlm6HcNRIkr6AxO5jFEoJzzpT8aQ==", + "version": "4.7.9", + "resolved": "https://registry.npmjs.org/handlebars/-/handlebars-4.7.9.tgz", + "integrity": "sha512-4E71E0rpOaQuJR2A3xDZ+GM1HyWYv1clR58tC8emQNeQe3RH7MAzSbat+V0wG78LQBo6m6bzSG/L4pBuCsgnUQ==", "dev": true, "license": "MIT", "dependencies": { @@ -3826,9 +3826,9 @@ "license": "ISC" }, "node_modules/picomatch": { - "version": "2.3.1", - "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz", - "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==", + "version": "2.3.2", + "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.2.tgz", + "integrity": "sha512-V7+vQEJ06Z+c5tSye8S+nHUfI51xoXIXjHQ99cQtKUkQqqO1kO/KCJUfZXuB47h/YBlDhah2H3hdUGXn8ie0oA==", "dev": true, "license": "MIT", "engines": { From dfd2ff271c1c192b343b0cdf6291ee19ede368a5 Mon Sep 17 00:00:00 2001 From: Reese Date: Wed, 29 Apr 2026 23:02:39 -0500 Subject: [PATCH 2/8] gnhf #1: Added and verified a repo-local live smoke check for Agentwall so launch readiness now has a scripted runtime validation path, not just build/test/audit checks. --- README.md | 5 ++- docs/install.md | 5 ++- package.json | 1 + scripts/smoke-local.js | 93 ++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 102 insertions(+), 2 deletions(-) create mode 100755 scripts/smoke-local.js diff --git a/README.md b/README.md index c87014c..be5fc98 100644 --- a/README.md +++ b/README.md @@ -54,12 +54,15 @@ node dist/cli.js start Default address: `http://127.0.0.1:3000` -Run tests: +Run tests and the live smoke check: ```bash npm test +npm run smoke:local ``` +`npm run smoke:local` expects Agentwall to already be running. Override the target with `AGENTWALL_URL=http://host:port npm run smoke:local`. + ## CLI ```bash diff --git a/docs/install.md b/docs/install.md index 4c32067..d12de81 100644 --- a/docs/install.md +++ b/docs/install.md @@ -41,12 +41,15 @@ agentwall doctor agentwall start ``` -## Verify health +## Verify health and policy decisions ```bash curl http://127.0.0.1:3000/health +npm run smoke:local ``` +`npm run smoke:local` checks `/health` plus representative allowed and denied `/evaluate` decisions against the running service. Use `AGENTWALL_URL=http://host:port npm run smoke:local` for a non-default target. + ## Uninstall - User-level launcher only: remove `/usr/local/bin/agentwall` diff --git a/package.json b/package.json index aeabfa9..5ea2f60 100644 --- a/package.json +++ b/package.json @@ -11,6 +11,7 @@ "uninstall:system": "bash ./scripts/agentwall-uninstall.sh", "test": "node --experimental-vm-modules node_modules/.bin/jest", "lint": "tsc --noEmit", + "smoke:local": "node scripts/smoke-local.js", "cli": "node dist/cli.js", "init": "node dist/cli.js init", "doctor": "node dist/cli.js doctor" diff --git a/scripts/smoke-local.js b/scripts/smoke-local.js new file mode 100755 index 0000000..21daeba --- /dev/null +++ b/scripts/smoke-local.js @@ -0,0 +1,93 @@ +#!/usr/bin/env node + +const baseUrl = (process.env.AGENTWALL_URL || process.argv[2] || "http://127.0.0.1:3000").replace(/\/$/, ""); + +async function request(path, options = {}) { + const response = await fetch(`${baseUrl}${path}`, { + ...options, + headers: { + "content-type": "application/json", + ...(options.headers || {}), + }, + }); + + const text = await response.text(); + let body; + try { + body = text ? JSON.parse(text) : {}; + } catch { + body = { raw: text }; + } + + if (!response.ok) { + throw new Error(`${path} returned HTTP ${response.status}: ${JSON.stringify(body)}`); + } + + return body; +} + +function assertEqual(actual, expected, label) { + if (actual !== expected) { + throw new Error(`${label}: expected ${expected}, received ${actual}`); + } +} + +function evaluatePayload(overrides) { + return { + agentId: "agentwall-smoke", + sessionId: "agentwall-smoke-session", + plane: "network", + action: "http_request", + payload: { url: "https://api.openai.com/v1/models" }, + actor: { channelId: "cli:smoke", userId: "local-smoke", roleIds: ["operator"] }, + control: { executionMode: "normal" }, + provenance: [{ source: "user", trustLabel: "trusted" }], + flow: { + direction: "egress", + labels: ["external_egress"], + highRisk: false, + crossesBoundary: true, + }, + ...overrides, + }; +} + +async function main() { + console.log(`Agentwall smoke target: ${baseUrl}`); + + const health = await request("/health"); + assertEqual(health.status, "ok", "/health status"); + assertEqual(health.service, "agentwall", "/health service"); + console.log("✓ health ok"); + + const allowed = await request("/evaluate", { + method: "POST", + body: JSON.stringify(evaluatePayload({ + payload: { url: "https://api.openai.com/v1/models" }, + })), + }); + assertEqual(allowed.decision, "allow", "approved API egress decision"); + console.log("✓ approved API egress allowed"); + + const privateRange = await request("/evaluate", { + method: "POST", + body: JSON.stringify(evaluatePayload({ + payload: { url: "http://169.254.169.254/latest/meta-data" }, + flow: { + direction: "egress", + labels: ["external_egress", "private_network_target"], + highRisk: true, + crossesBoundary: true, + }, + })), + }); + assertEqual(privateRange.decision, "deny", "metadata/private-range egress decision"); + console.log("✓ metadata/private-range egress denied"); + + console.log("Agentwall local smoke passed"); +} + +main().catch((error) => { + console.error(`Agentwall local smoke failed: ${error.message}`); + process.exit(1); +}); From 47f4ec707cd22ff67adade6734faf83263ed203b Mon Sep 17 00:00:00 2001 From: Reese Date: Wed, 29 Apr 2026 23:06:31 -0500 Subject: [PATCH 3/8] gnhf #2: Added an explicit npm package allowlist so Agentwall no longer publishes gnhf metadata or broad repo artifacts while preserving runtime, CLI, UI, examples, and install assets. --- package.json | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/package.json b/package.json index 5ea2f60..1b06d0d 100644 --- a/package.json +++ b/package.json @@ -24,6 +24,17 @@ "ai-safety" ], "license": "MIT", + "files": [ + "dist/", + "public/", + "examples/", + "scripts/agentwall-install.sh", + "scripts/agentwall-uninstall.sh", + "README.md", + "CHANGELOG.md", + "LICENSE", + "SECURITY.md" + ], "dependencies": { "fastify": "^5.8.4", "js-yaml": "^4.1.0", From d45723c227ca35c92ba705884b5cba17f4ad906c Mon Sep 17 00:00:00 2001 From: Reese Date: Wed, 29 Apr 2026 23:14:10 -0500 Subject: [PATCH 4/8] gnhf #3: Added and verified launch automation for Agentwall: a local deploy readiness script plus a GitHub Pages workflow and matching public docs. --- .github/workflows/pages.yml | 37 ++++++++++++++++++++++++++++++ README.md | 12 ++++++++++ docs/install.md | 16 +++++++++++++ docs/launch-readiness-checklist.md | 4 ++++ package.json | 2 ++ scripts/deploy.sh | 37 ++++++++++++++++++++++++++++++ 6 files changed, 108 insertions(+) create mode 100644 .github/workflows/pages.yml create mode 100755 scripts/deploy.sh diff --git a/.github/workflows/pages.yml b/.github/workflows/pages.yml new file mode 100644 index 0000000..f1a2ebc --- /dev/null +++ b/.github/workflows/pages.yml @@ -0,0 +1,37 @@ +name: GitHub Pages + +on: + push: + branches: ["main", "master"] + workflow_dispatch: + +permissions: + contents: read + pages: write + id-token: write + +concurrency: + group: pages + cancel-in-progress: true + +jobs: + deploy: + environment: + name: github-pages + url: ${{ steps.deployment.outputs.page_url }} + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Setup Pages + uses: actions/configure-pages@v5 + + - name: Upload static launch surface + uses: actions/upload-pages-artifact@v3 + with: + path: public + + - name: Deploy to GitHub Pages + id: deployment + uses: actions/deploy-pages@v4 diff --git a/README.md b/README.md index be5fc98..716afb0 100644 --- a/README.md +++ b/README.md @@ -63,6 +63,16 @@ npm run smoke:local `npm run smoke:local` expects Agentwall to already be running. Override the target with `AGENTWALL_URL=http://host:port npm run smoke:local`. +Run the local deploy readiness check: + +```bash +npm run deploy:check +npm run start +AGENTWALL_URL=http://127.0.0.1:3000 npm run smoke:local +``` + +`npm run deploy:check` installs locked dependencies if needed, then runs type-check, build, tests, and high-severity audit before printing the exact start and smoke commands. + ## CLI ```bash @@ -79,6 +89,8 @@ agentwall help This repository includes a practical OSS launch baseline: - CI workflow for lint/build/test/audit (`.github/workflows/ci.yml`) +- GitHub Pages workflow for the static launch surface (`.github/workflows/pages.yml`, publishing `public/`) +- Local deploy readiness script (`npm run deploy:check`, backed by `scripts/deploy.sh`) - Security + contribution community files (`SECURITY.md`, `CONTRIBUTING.md`, `CODE_OF_CONDUCT.md`) - Issue + PR templates (`.github/ISSUE_TEMPLATE/*`, `.github/pull_request_template.md`) - Architecture, threat model, and release strategy docs in `docs/` diff --git a/docs/install.md b/docs/install.md index d12de81..d437020 100644 --- a/docs/install.md +++ b/docs/install.md @@ -50,6 +50,22 @@ npm run smoke:local `npm run smoke:local` checks `/health` plus representative allowed and denied `/evaluate` decisions against the running service. Use `AGENTWALL_URL=http://host:port npm run smoke:local` for a non-default target. +## Local deploy readiness check + +```bash +npm run deploy:check +npm run start +AGENTWALL_URL=http://127.0.0.1:3000 npm run smoke:local +``` + +`npm run deploy:check` runs type-check, build, tests, and high-severity audit from the same repo path. If `node_modules` is missing, it first restores locked dependencies with `npm ci`. + +## GitHub Pages launch surface + +The repo includes `.github/workflows/pages.yml`, which publishes the static `public/` directory on pushes to `main` or `master` and on manual workflow dispatch. + +After the repo is public, enable Pages in GitHub repository settings with source `GitHub Actions`, then run or push the Pages workflow. + ## Uninstall - User-level launcher only: remove `/usr/local/bin/agentwall` diff --git a/docs/launch-readiness-checklist.md b/docs/launch-readiness-checklist.md index 8007115..027075f 100644 --- a/docs/launch-readiness-checklist.md +++ b/docs/launch-readiness-checklist.md @@ -27,12 +27,16 @@ Only true last-mile maintainer/admin steps are left unchecked. ## 4) Adoption readiness - [x] Minimal sample config and policy files are valid. - [x] `npm test` and `npm run build` pass. +- [x] Local deploy readiness path scripted (`npm run deploy:check`) and documented. +- [x] Live runtime smoke path scripted (`npm run smoke:local`) and documented. - [x] Version is set (`0.1.0`) and changelog drafted (`CHANGELOG.md`). - [x] CI automation in place (`.github/workflows/ci.yml`). +- [x] GitHub Pages workflow present for static launch surface (`.github/workflows/pages.yml`). ## 5) Last-mile admin (maintainer-owned) - [ ] Configure GitHub repo description, topics, homepage, and social preview image. - [ ] Decide canonical public clone URL/org and update README if needed. +- [ ] Enable GitHub Pages source as `GitHub Actions` after the repo is public. - [ ] Create initial release tag (`v0.1.0`) and attach release notes. - [ ] Publish announcement post (problem, why now, demo, quickstart, roadmap). - [ ] Final external account setup items chosen by the maintainer (public inboxes + service accounts). diff --git a/package.json b/package.json index 1b06d0d..9414c42 100644 --- a/package.json +++ b/package.json @@ -12,6 +12,7 @@ "test": "node --experimental-vm-modules node_modules/.bin/jest", "lint": "tsc --noEmit", "smoke:local": "node scripts/smoke-local.js", + "deploy:check": "bash scripts/deploy.sh", "cli": "node dist/cli.js", "init": "node dist/cli.js init", "doctor": "node dist/cli.js doctor" @@ -30,6 +31,7 @@ "examples/", "scripts/agentwall-install.sh", "scripts/agentwall-uninstall.sh", + "scripts/deploy.sh", "README.md", "CHANGELOG.md", "LICENSE", diff --git a/scripts/deploy.sh b/scripts/deploy.sh new file mode 100755 index 0000000..19532a1 --- /dev/null +++ b/scripts/deploy.sh @@ -0,0 +1,37 @@ +#!/usr/bin/env bash +set -euo pipefail + +ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)" +cd "$ROOT_DIR" + +AGENTWALL_URL="${AGENTWALL_URL:-http://127.0.0.1:3000}" + +if [[ ! -d node_modules ]]; then + echo "node_modules missing; installing locked dependencies with npm ci" + npm ci +fi + +echo "==> Type-checking" +npm run lint + +echo "==> Building" +npm run build + +echo "==> Testing" +npm test -- --runInBand + +echo "==> Auditing high+ vulnerabilities" +npm audit --audit-level=high + +cat < Date: Wed, 29 Apr 2026 23:17:38 -0500 Subject: [PATCH 5/8] gnhf #4: Replaced the public quickstart clone placeholder with the canonical GitHub repo URL and documented the exact GitHub auth blocker/next push command while keeping local launch verification green. --- README.md | 2 +- docs/launch-readiness-checklist.md | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 716afb0..d0952da 100644 --- a/README.md +++ b/README.md @@ -43,7 +43,7 @@ This closes the end-to-end operator story: **detect → route to approval → op ## Quickstart ```bash -git clone https://github.com//agentwall.git +git clone https://github.com/reesepj/agentwall.git cd agentwall npm install npm run build diff --git a/docs/launch-readiness-checklist.md b/docs/launch-readiness-checklist.md index 027075f..f7a531d 100644 --- a/docs/launch-readiness-checklist.md +++ b/docs/launch-readiness-checklist.md @@ -35,8 +35,9 @@ Only true last-mile maintainer/admin steps are left unchecked. ## 5) Last-mile admin (maintainer-owned) - [ ] Configure GitHub repo description, topics, homepage, and social preview image. -- [ ] Decide canonical public clone URL/org and update README if needed. -- [ ] Enable GitHub Pages source as `GitHub Actions` after the repo is public. +- [x] Canonical public clone URL selected and reflected in README (`https://github.com/reesepj/agentwall.git`). +- [ ] Push the launch branch once GitHub auth is available. Current blocker: local GitHub HTTPS auth is unavailable (`fatal: could not read Username for 'https://github.com'`). Exact next command: `gh auth login && git push -u origin gnhf/mission-finish-agent-7891a0`. +- [ ] Enable GitHub Pages source as `GitHub Actions` after the repo is public. If GitHub auth is unavailable locally, run: `gh auth login`, then push this branch and enable Pages from Actions in repository settings. - [ ] Create initial release tag (`v0.1.0`) and attach release notes. - [ ] Publish announcement post (problem, why now, demo, quickstart, roadmap). - [ ] Final external account setup items chosen by the maintainer (public inboxes + service accounts). From 0fafc6a46930d06a08ff099a7821ab1121f3aa32 Mon Sep 17 00:00:00 2001 From: Reese Date: Wed, 29 Apr 2026 23:21:38 -0500 Subject: [PATCH 6/8] gnhf #5: Replaced the remaining public docs clone placeholders with the canonical Agentwall GitHub URL and verified launch checks, live smoke, and review gate still pass. --- docs/agentwall-portfolio.md | 2 +- docs/install.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/agentwall-portfolio.md b/docs/agentwall-portfolio.md index 989dc6a..605d3ec 100644 --- a/docs/agentwall-portfolio.md +++ b/docs/agentwall-portfolio.md @@ -55,7 +55,7 @@ Prompt safety and static filters are not enough for runtime behavior. Agentwall ## 5) Installation + CLI Story ```bash -git clone https://github.com/your-org/agentwall +git clone https://github.com/reesepj/agentwall.git cd agentwall npm install npm run onboard diff --git a/docs/install.md b/docs/install.md index d437020..fdc3fc6 100644 --- a/docs/install.md +++ b/docs/install.md @@ -8,7 +8,7 @@ ## Local source install ```bash -git clone https://github.com/your-org/agentwall +git clone https://github.com/reesepj/agentwall.git cd agentwall npm install npm run build From a64f9498de7375994433c3ab9f24beb063c9c118 Mon Sep 17 00:00:00 2001 From: Reese Date: Wed, 29 Apr 2026 23:26:03 -0500 Subject: [PATCH 7/8] gnhf #6: Prepared the first three public community issues with copy-ready bodies and GitHub CLI creation commands, then verified Agentwall launch checks and live smoke still pass. --- docs/community-issues-seed.md | 100 ++++++++++++++++++++++++++++- docs/launch-readiness-checklist.md | 2 +- 2 files changed, 100 insertions(+), 2 deletions(-) diff --git a/docs/community-issues-seed.md b/docs/community-issues-seed.md index 07dd046..d46005d 100644 --- a/docs/community-issues-seed.md +++ b/docs/community-issues-seed.md @@ -1,24 +1,122 @@ # Community Issue Seed (First 3) -Use these as initial public issues right after launch. +Use these as initial public issues right after launch. They are intentionally scoped so a maintainer can create them without inventing labels or copy. +## Create all three with GitHub CLI + +Run after GitHub auth is available and the public repo exists. The commands intentionally create temporary body files so they work with stock `gh issue create` and create the non-default labels first. + +```bash +gh label create ui --repo reesepj/agentwall --color "1d76db" --description "Dashboard and browser-facing work" || true +gh label create cli --repo reesepj/agentwall --color "5319e7" --description "Command-line interface work" || true +cat > /tmp/agentwall-issue-1.md <<'EOF' +### Goal +Make the dashboard easier to investigate by filtering decision history without editing code or scanning the whole feed. + +### Scope +- Add query params + UI controls for filtering by `decision`, `riskLevel`, and `plane`. +- Preserve filter state in URL. +- Add tests for server route/state shaping. + +### Acceptance criteria +- Operators can filter dashboard decision data by decision, risk level, and plane. +- Filter state survives page refresh through URL params. +- Tests cover the state shape and at least one filtered view. +EOF + +gh issue create --repo reesepj/agentwall \ + --title "good first issue: add structured decision filters to dashboard" \ + --label "good first issue" --label enhancement --label ui \ + --body-file /tmp/agentwall-issue-1.md + +cat > /tmp/agentwall-issue-2.md <<'EOF' +### Goal +Let operators evaluate many sample action contexts offline before pushing policy changes into a live Agentwall runtime. + +### Scope +- Add `agentwall simulate --input ` to evaluate a batch of contexts offline. +- Output summary table + JSON mode. +- Include docs/example input file. + +### Acceptance criteria +- `agentwall simulate --input examples/simulation-input.json` runs without a live server. +- Output includes decision counts and per-item decision details. +- JSON output mode is stable enough for CI or scripts. +EOF + +gh issue create --repo reesepj/agentwall \ + --title "help wanted: policy rule simulator CLI command" \ + --label "help wanted" --label enhancement --label cli \ + --body-file /tmp/agentwall-issue-2.md + +cat > /tmp/agentwall-issue-3.md <<'EOF' +### Goal +Make Agentwall's detection model easier for new contributors and security reviewers to understand. + +### Scope +- Expand `docs/threat-model.md` with detection-to-mitigation mapping. +- Add examples of false-positive/false-negative handling. +- Link from README under product docs. + +### Acceptance criteria +- Threat model docs include a table mapping detections to mitigations. +- Docs explain at least one false-positive and one false-negative example. +- README links the improved taxonomy section. +EOF + +gh issue create --repo reesepj/agentwall \ + --title "good first issue: detection taxonomy documentation improvements" \ + --label "good first issue" --label documentation \ + --body-file /tmp/agentwall-issue-3.md +``` + + ## 1) good first issue: add structured decision filters to dashboard **Labels:** `good first issue`, `enhancement`, `ui` +### Goal +Make the dashboard easier to investigate by filtering decision history without editing code or scanning the whole feed. + +### Scope - Add query params + UI controls for filtering by `decision`, `riskLevel`, and `plane`. - Preserve filter state in URL. - Add tests for server route/state shaping. +### Acceptance criteria +- Operators can filter dashboard decision data by decision, risk level, and plane. +- Filter state survives page refresh through URL params. +- Tests cover the state shape and at least one filtered view. + + ## 2) help wanted: policy rule simulator CLI command **Labels:** `help wanted`, `enhancement`, `cli` +### Goal +Let operators evaluate many sample action contexts offline before pushing policy changes into a live Agentwall runtime. + +### Scope - Add `agentwall simulate --input ` to evaluate a batch of contexts offline. - Output summary table + JSON mode. - Include docs/example input file. +### Acceptance criteria +- `agentwall simulate --input examples/simulation-input.json` runs without a live server. +- Output includes decision counts and per-item decision details. +- JSON output mode is stable enough for CI or scripts. + + ## 3) good first issue: detection taxonomy documentation improvements **Labels:** `good first issue`, `documentation` +### Goal +Make Agentwall's detection model easier for new contributors and security reviewers to understand. + +### Scope - Expand `docs/threat-model.md` with detection-to-mitigation mapping. - Add examples of false-positive/false-negative handling. - Link from README under product docs. + +### Acceptance criteria +- Threat model docs include a table mapping detections to mitigations. +- Docs explain at least one false-positive and one false-negative example. +- README links the improved taxonomy section. diff --git a/docs/launch-readiness-checklist.md b/docs/launch-readiness-checklist.md index f7a531d..ac98b60 100644 --- a/docs/launch-readiness-checklist.md +++ b/docs/launch-readiness-checklist.md @@ -44,7 +44,7 @@ Only true last-mile maintainer/admin steps are left unchecked. ## 6) Immediate post-launch guardrails - [ ] Enable notifications/triage routine for issues and security reports. -- [ ] Prepare first three community issues (`good first issue` + `help wanted`). +- [x] Prepare first three community issues (`good first issue` + `help wanted`) in `docs/community-issues-seed.md`, including copy-ready bodies and `gh issue create` commands for when GitHub auth is available. - [ ] Open first public roadmap milestone and label policy. --- From 1d970bc8f3f1002d5b6c034ca720253471f1ee5d Mon Sep 17 00:00:00 2001 From: Reese Date: Wed, 29 Apr 2026 23:28:28 -0500 Subject: [PATCH 8/8] docs: correct launch branch push command --- docs/launch-readiness-checklist.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/launch-readiness-checklist.md b/docs/launch-readiness-checklist.md index ac98b60..7ea7e20 100644 --- a/docs/launch-readiness-checklist.md +++ b/docs/launch-readiness-checklist.md @@ -36,7 +36,7 @@ Only true last-mile maintainer/admin steps are left unchecked. ## 5) Last-mile admin (maintainer-owned) - [ ] Configure GitHub repo description, topics, homepage, and social preview image. - [x] Canonical public clone URL selected and reflected in README (`https://github.com/reesepj/agentwall.git`). -- [ ] Push the launch branch once GitHub auth is available. Current blocker: local GitHub HTTPS auth is unavailable (`fatal: could not read Username for 'https://github.com'`). Exact next command: `gh auth login && git push -u origin gnhf/mission-finish-agent-7891a0`. +- [ ] Push the launch branch once GitHub auth is available. Current blocker: local GitHub HTTPS auth is unavailable (`fatal: could not read Username for 'https://github.com'`). Exact next command: `gh auth login && git push -u origin launch/agentwall-public-ready`. - [ ] Enable GitHub Pages source as `GitHub Actions` after the repo is public. If GitHub auth is unavailable locally, run: `gh auth login`, then push this branch and enable Pages from Actions in repository settings. - [ ] Create initial release tag (`v0.1.0`) and attach release notes. - [ ] Publish announcement post (problem, why now, demo, quickstart, roadmap).