What would you like?
I’m looking for review and feedback on StarLedger’s template safety model, especially the “no central key custody” design.
Current model
StarLedger is designed so that:
- there is no StarLedger-hosted backend
- there is no shared service key
- there is no central OAuth app
- users own their GitHub token
- users own their Telegram bot token if they enable notifier features
- optional AI execution happens outside the trusted repo pipeline
- generated artifacts are committed through deterministic workflows
- template repos ship without personal data or live secrets
Areas to review
Feedback welcome on:
- GitHub token permission guidance
- template repository defaults
- workflow defaults
- manual-only vs scheduled workflows
- setup doctor checks
- generated artifact boundaries
- optional AI artifact trust model
- notifier state branch behavior
- anything that could surprise a template user
Why this is useful
One of StarLedger’s main goals is to be self-owned and reusable without requiring users to trust a central hosted service.
Before wider promotion, I’d like more eyes on whether the setup is clear, safe, and honest about its trust boundaries.
Non-goals
This issue is not asking for:
- central hosting
- shared token custody
- automatic GitHub account actions
- auto-star behavior
- AI auto-merge behavior
Notes
Please do not paste secrets, tokens, private URLs, or private repository data.
What would you like?
I’m looking for review and feedback on StarLedger’s template safety model, especially the “no central key custody” design.
Current model
StarLedger is designed so that:
Areas to review
Feedback welcome on:
Why this is useful
One of StarLedger’s main goals is to be self-owned and reusable without requiring users to trust a central hosted service.
Before wider promotion, I’d like more eyes on whether the setup is clear, safe, and honest about its trust boundaries.
Non-goals
This issue is not asking for:
Notes
Please do not paste secrets, tokens, private URLs, or private repository data.