Skip to content

Add Security & Trust summary section to extension README #274

Description

@deffenda

FileMaker admins evaluating third-party tool against production data have three immediate questions: where do credentials live, what does the extension send out, what's the blast radius in an untrusted workspace. Short SECURITY-summary block in listing README answers all three before they have to dig through SECURITY.md.

{
  "scope": [
    "Add new ## Security & Trust section to extension/README.md placed after Product Tour and before existing feature/usage sections. Four short bullets: (1) passwords stored in OS keychain via VS Code Secret Storage API",
    "(2) no telemetry + no required cloud account (restate under security heading)",
    "(3) read-only default in Restricted/untrusted workspaces",
    "(4) link to full SECURITY.md for vulnerability reporting. Each claim must be factually accurate against current code — verify by grepping for SecretStorage",
    "telemetry flags",
    "isTrusted/untrusted-workspace handling before writing. If any claim does not hold",
    "file follow-up issue + weaken bullet rather than overstating. Keep section under 12 lines so it does not push feature list below the fold."
  ],
  "depends_on": [],
  "done_when": [
    "extension/README.md on main contains ## Security & Trust section with four bullets, each claim verifiable from extension source, section appears above feature/usage content on rendered Marketplace listing."
  ],
  "validation": {
    "local": [],
    "review": []
  },
  "references": [],
  "surfaces": [],
  "artifact_expectations": [],
  "review_points": []
}

Metadata

Metadata

Assignees

No one assigned

    Labels

    ai/ready-for-workRefined and actionable; ready for agent implementation

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions