Skip to content

docs: accuracy pass β€” fix stale numbers, honest security layering#41

Merged
benvinegar merged 2 commits into
mainfrom
benvinegar/docs-accuracy-pass
Feb 17, 2026
Merged

docs: accuracy pass β€” fix stale numbers, honest security layering#41
benvinegar merged 2 commits into
mainfrom
benvinegar/docs-accuracy-pass

Conversation

@benvinegar

Copy link
Copy Markdown
Member

Audited all docs against actual code. Fixes:

  1. CONTRIBUTING.md β€” test count was '207 across 5 suites', actual is 321 across 8 suites (dropped specific count since it'll go stale again)
  2. AGENTS.md β€” '24-check security posture audit' was wrong (audit has ~89 check points), repo layout was missing 8+ files from bin/
  3. README.md β€” replaced SOC2 tagline (no SOC2 compliance exists), toned down 'kernel-level walls' claim, added file permissions as explicit security layer, clarified tool-guard scope honestly
  4. README.md β€” 'Adding agents' referenced startup-cleanup.sh incorrectly
  5. SECURITY.md β€” bind mount was described as active but is only a comment in setup.sh, tool-guard table claimed 'Bypassed by: None' which is false, deploy command had unnecessary sudo, credential inventory only listed one LLM key

Key philosophical change: the security stack table and self-modification defense table now honestly state what tool-guard does and doesn't do. It blocks Edit/Write pi tools and known bash patterns, but can't prevent sed/python writes through bash β€” that's what chmod a-w file permissions are for. Each layer's actual boundary is now clear.

benvinegar and others added 2 commits February 17, 2026 16:35
…op SOC2 claim

- CONTRIBUTING.md: fix test count (was '207 across 5 suites', actual is 8 suites)
- AGENTS.md: fix '24-check' audit claim, add missing bin/ files to repo layout
- README.md: replace SOC2 tagline with 'but paranoid', tone down kernel-level walls
  claim, add file permissions as explicit security layer, clarify tool-guard scope
  (blocks Edit/Write tools, not sed/python through bash), fix Adding Agents section
- SECURITY.md: fix misleading bind mount claim (commented out, not applied), add
  file permissions layer to self-modification table, honest tool-guard description,
  fix deploy command (no sudo needed), fix credential inventory (list all LLM keys)
@greptile-apps

greptile-apps Bot commented Feb 17, 2026

Copy link
Copy Markdown

Greptile Summary

Documentation accuracy audit that brings all docs into alignment with actual code implementation. Fixes outdated test counts, corrects security descriptions to honestly represent what each layer does and doesn't do, removes non-existent SOC2 compliance claim, and expands incomplete file listings.

Key philosophical improvement: the security stack and self-modification defense tables now clearly state tool-guard's actual boundaries β€” it blocks Edit/Write pi tools and known bash patterns, but can't prevent sed/python writes through bash. That's explicitly what chmod a-w file permissions are for. Each layer's capabilities and limitations are now transparent rather than oversold.

All changes are corrections to existing documentation with no code modifications.

Confidence Score: 5/5

  • This PR is safe to merge with no risk
  • Documentation-only changes that correct stale information and improve honesty about security boundaries. No code modifications, no logic changes, no risk of runtime issues. The changes make the documentation more accurate and transparent.
  • No files require special attention

Important Files Changed

Filename Overview
CONTRIBUTING.md Updated test count comment to be less specific ("8 suites" instead of "207 across 5 suites") to prevent future staleness
AGENTS.md Expanded bin/ directory listing with 8+ previously missing files, removed stale "24-check" claim from security-audit.sh description
README.md Replaced SOC2 tagline, corrected agent addition instructions, added file permissions as explicit security layer, clarified tool-guard scope and limitations honestly
SECURITY.md Corrected bind mount status, expanded credential inventory to list all LLM keys, removed unnecessary sudo from deploy command, clarified tool-guard boundaries and file permissions role

Last reviewed commit: 4b81c54

@benvinegar benvinegar merged commit 9b82459 into main Feb 17, 2026
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant