Skip to content

Review wanted: no-central-key-custody / template safety model #34

Description

@F-e-u-e-r

What would you like?

I’m looking for review and feedback on StarLedger’s template safety model, especially the “no central key custody” design.

Current model

StarLedger is designed so that:

  • there is no StarLedger-hosted backend
  • there is no shared service key
  • there is no central OAuth app
  • users own their GitHub token
  • users own their Telegram bot token if they enable notifier features
  • optional AI execution happens outside the trusted repo pipeline
  • generated artifacts are committed through deterministic workflows
  • template repos ship without personal data or live secrets

Areas to review

Feedback welcome on:

  • GitHub token permission guidance
  • template repository defaults
  • workflow defaults
  • manual-only vs scheduled workflows
  • setup doctor checks
  • generated artifact boundaries
  • optional AI artifact trust model
  • notifier state branch behavior
  • anything that could surprise a template user

Why this is useful

One of StarLedger’s main goals is to be self-owned and reusable without requiring users to trust a central hosted service.

Before wider promotion, I’d like more eyes on whether the setup is clear, safe, and honest about its trust boundaries.

Non-goals

This issue is not asking for:

  • central hosting
  • shared token custody
  • automatic GitHub account actions
  • auto-star behavior
  • AI auto-merge behavior

Notes

Please do not paste secrets, tokens, private URLs, or private repository data.

Metadata

Metadata

Assignees

No one assigned

    Labels

    feedbackUser feedback and product discussionreview-wantedReview requestedsecuritySecurity, trust, and safety reviewtemplateReusable template and fork model

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions