docs: reorganize root .md tree + spell out the 7 isolation layers in README#11
Merged
Conversation
Declutter the workspace root. Canonical entry points stay at root (README, CLAUDE, SPECIFICATION, SPEC_INTROSPECTION, RELEASE_NOTES); planning/process docs move to docs/, security docs to docs/security/, and the sandy<->alice handoffs to research/ (where the alice submodule lives). git mv preserves history; the only two clickable cross-links (README -> THREAT_MODEL/ISOLATION_STRESS) are updated. The sandy script references none of the moved files, so no code change. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
- M2.7_HANDOFF.md — M2.7 merged + shipped as v0.14.0; the handoff says to delete it once merged. Durable content lives in docs/ROADMAP_1.0.md, SPECIFICATION.md, and docs/POST_1.0_IDEAS.md. - refactor-prompt.md — spent one-shot prompt; the refactor shipped in v0.13.0 and its outputs are in analysis/. - TECH_DEBT_REVIEW_FINDINGS.md — March 2026 / v0.7.10 session-migration findings, zero inbound references, seven minor versions stale. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
…e gap TODO.md was an analysis of Anthropic's sandbox-runtime; its one headline item (domain-based network filtering) already shipped as the M2.7 egress proxy. The still-relevant engineering items are consolidated into docs/POST_1.0_IDEAS.md; the non-isolation/marketing items are dropped. TODO.md removed. Surfaced a concrete residual while reconciling: .env/.env.* secret files are NOT in sandy's protected-paths list, so a prompt-injected agent can read (and, in permissive egress, exfiltrate) project secrets. Added as residual R2b in THREAT_MODEL.md with the fix (add .env* to protected paths, RO or masked). Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Add an 'Isolation layers' section enumerating the full set (network, filesystem, credentials, process/privilege, resources, config trust-tier, per-instance) with a one-line each and a link to docs/security/THREAT_MODEL.md for the adversary model + residuals. The marketing intro bullets stay; this is the authoritative, complete reference. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Cleans up the pile of loose
.mdfiles at the repo root and makes the full isolation story discoverable from the README.What changed
Reorganize root docs into a tree (commit
b422756)docs/—ROADMAP_1.0.md,POST_1.0_IDEAS.md,TESTING_PLAN.mddocs/security/—THREAT_MODEL.md,ISOLATION_STRESS.md,ISOLATION_STRESS_LINUX_PROMPT.mdresearch/—HANDOFF_TO_ALICE.md,HANDOFF_TO_SANDY.md(the alice handoffs are research artifacts)Delete obsolete root docs (commit
1fdbc24)M2.7_HANDOFF.md(M2.7 shipped in v0.14.0),refactor-prompt.md,TECH_DEBT_REVIEW_FINDINGS.md(stale). No inbound links to any of them.Fold the live TODO + capture a residual (commit
b8d944f)TODO.mditems intodocs/POST_1.0_IDEAS.mdandgit rm'dTODO.md..envsecrets are readable — not in the protected-paths list) todocs/security/THREAT_MODEL.md.Spell out all seven isolation layers in README (commit
d18c226)docs/security/THREAT_MODEL.mdfor the adversary model and residuals.Root after this PR
README.md,CLAUDE.md,SPECIFICATION.md,SPEC_INTROSPECTION.md,RELEASE_NOTES.md— the five canonical top-level docs.Verification
test/regen-config-docs.sh --checkclean (autogen blocks untouched).🤖 Generated with Claude Code