{"id":45904376,"url":"https://github.com/grcengineering/daily-findings","last_synced_at":"2026-03-06T07:01:30.897Z","repository":{"id":341092488,"uuid":"1168863052","full_name":"grcengineering/daily-findings","owner":"grcengineering","description":"Daily Findings is a desktop GRC learning app with guided sessions, quizzes, progress tracking, and curated GRC news.","archived":false,"fork":false,"pushed_at":"2026-03-04T21:20:49.000Z","size":4248,"stargazers_count":8,"open_issues_count":1,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-03-05T09:00:31.130Z","etag":null,"topics":["compliance","desktop-app","governance","grc","nextjs","risk-management","security","tauri","training"],"latest_commit_sha":null,"homepage":"https://github.com/grcengineering/daily-findings/releases/latest","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/grcengineering.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-02-27T22:08:55.000Z","updated_at":"2026-03-04T19:53:59.000Z","dependencies_parsed_at":null,"dependency_job_id":"8e69762a-9d85-4967-85a1-e5b91d74175d","html_url":"https://github.com/grcengineering/daily-findings","commit_stats":null,"previous_names":["grcengineering/daily-findings"],"tags_count":25,"template":false,"template_full_name":null,"purl":"pkg:github/grcengineering/daily-findings","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/grcengineering%2Fdaily-findings","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/grcengineering%2Fdaily-findings/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/grcengineering%2Fdaily-findings/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/grcengineering%2Fdaily-findings/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/grcengineering","download_url":"https://codeload.github.com/grcengineering/daily-findings/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/grcengineering%2Fdaily-findings/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30164880,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-06T04:43:31.446Z","status":"ssl_error","status_checked_at":"2026-03-06T04:40:30.133Z","response_time":250,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["compliance","desktop-app","governance","grc","nextjs","risk-management","security","tauri","training"],"created_at":"2026-02-28T01:25:20.424Z","updated_at":"2026-03-06T07:01:30.744Z","avatar_url":"https://github.com/grcengineering.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"New release and updated content will be delivered tomorrow. I found an issue with the current release.\n\n# Daily Findings (GRC Learning Platform)\n\nDaily Findings is a GRC training platform with two runtime modes:\n\n- a `Next.js` web app for development and browser usage\n- a `Tauri` desktop wrapper that packages the app as a cross-platform desktop application (macOS and Windows)\n\nThe platform delivers daily modules that combine lesson content, scenarios, quizzes, progress tracking, and a news feed.\n\n---\n\n## Install and Go\n\nFor most users, the easiest path is to install a prebuilt desktop release (no local toolchains required):\n\n1. Open the latest GitHub Release for this repository.\n2. Download your platform installer:\n   - macOS: `.dmg`\n   - Windows: `.exe` or `.msi`\n3. Install and launch.\n\nOnly build from source if you are developing. If you do, run:\n\n```bash\nnpm install\nnpm run doctor:tauri\nnpm run tauri:build\n```\n\nIf `doctor:tauri` fails, it prints exactly what to install next (for example Rust/Cargo or Xcode CLI tools).\n\n---\n\n## New User Quickstart (Non-Technical)\n\nIf you just want to install and use the app, follow these steps:\n\n1. Open the latest release page:\n   - https://github.com/grcengineering/daily-findings/releases/latest\n2. Download your installer:\n   - macOS: `.dmg`\n   - Windows: `.exe` (or `.msi`)\n3. Install:\n   - macOS: open the `.dmg`, then drag **Daily Findings** to **Applications**\n   - Windows: run the `.exe` or `.msi` and follow the prompts\n4. First launch prompts (if installer is unsigned):\n   - macOS: right-click `Daily Findings.app` -\u003e **Open** -\u003e **Open**\n   - macOS alternate: **System Settings -\u003e Privacy \u0026 Security** -\u003e **Open Anyway**\n   - Windows: if SmartScreen appears, click **More info** -\u003e **Run anyway**\n5. Start learning:\n   - Open the app, click **Start Session** (or **Continue Session**), and complete your first module.\n\nNo terminal or coding setup is required for this install path.\n\nFor reusable GitHub repo-description/wiki copy, see `COMMUNITY_QUICKSTART_COPY.md`.\n\n---\n\n## Current Scope (Important)\n\nThis repository currently ships with the **legacy curriculum shape**:\n\n- **8 domains**\n- **15 modules per domain**\n- **no capstone modules yet**\n\nThat expansion plan to 12 domains / 174 modules is tracked separately and has not been fully applied in this repo yet.\n\n---\n\n## Core Features\n\n- Daily session recommendation based on completion history\n- Module library grouped by domain/level with completion status\n- Session flow: lesson -\u003e scenario -\u003e quiz\n- XP, streak, and badge tracking\n- Progress dashboard and history views\n- RSS-based GRC news feed with source health/caching metadata\n- AI-generated content pipeline with formatting/factual quality checks\n- Desktop packaging via Tauri with bundled Node runtime\n- Clean-share build mode (ships app with reset learner progress)\n\n---\n\n## Tech Stack\n\n- **Frontend/App**: Next.js 16 (App Router), React 19, TypeScript, Tailwind\n- **Desktop**: Tauri v2 (Rust launcher + packaged resources)\n- **Database**: SQLite + Prisma ORM\n- **Animations/UI**: Framer Motion, Lucide, shadcn/ui patterns\n- **AI Content**: Anthropic SDK integration\n- **News ingestion**: RSS parser + in-memory caching\n\n---\n\n## Repository Layout\n\n- `src/app/` - Next.js routes/pages\n- `src/app/api/` - API route handlers\n- `src/components/` - UI components\n- `src/lib/` - domain logic and shared utilities\n- `data/curriculum.json` - curriculum source loaded by the app\n- `prisma/schema.prisma` - DB schema\n- `scripts/prepare-tauri-sidecar.mjs` - desktop resource packaging script\n- `src-tauri/` - Tauri config, Rust launcher, icons, bundled resources\n\n---\n\n## API Surface (App Router)\n\n- `GET /api/session/today` - returns current recommended session summary\n- `GET /api/session/generate` - returns full generated session content\n- `POST /api/session/complete` - marks completion, updates progress/streak/xp\n- `GET /api/stats` - user stats + recent sessions + domain completion summary\n- `GET /api/progress` - deep progress payload + badges + topic progress\n- `GET /api/library` - library catalog grouped by domain + level\n- `GET /api/news` - news articles + source status + cache metadata\n\n---\n\n## Data Model (Prisma / SQLite)\n\nPrimary models:\n\n- `SessionContent` - generated module content by `topicId`\n- `SessionCompletion` - completion events (topic/date/score)\n- `TopicProgress` - long-term per-topic progress metrics\n- `UserStats` - aggregated streak/xp/session stats\n- `DailySession` - legacy session table\n\nSchema file: `prisma/schema.prisma`\n\n---\n\n## Environment Variables\n\nCommon local variables:\n\n- `DATABASE_URL` (SQLite connection string)\n- `ANTHROPIC_API_KEY` (required for AI content generation paths)\n\nNotes:\n\n- local env files are in `.env` / `.env.local`\n- avoid committing secrets\n\n---\n\n## Local Development\n\n1. Install dependencies:\n\n```bash\nnpm install\n```\n\n2. Run web app in dev mode:\n\n```bash\nnpm run dev\n```\n\nDefault dev URL is typically `http://localhost:3000` unless overridden.\n\n---\n\n## Web App Dev Quickstart (No DMG Required)\n\nIf your company blocks unsigned desktop installers, run Daily Findings in browser dev mode:\n\n1. Install dependencies:\n\n```bash\nnpm install\n```\n\n2. Create `.env.local`:\n\n```bash\nDATABASE_URL=\"file:./prisma/dev.db\"\n```\n\nIf you want AI generation features, add your `ANTHROPIC_API_KEY` to your local environment configuration.\n\n3. Initialize database and seed module content:\n\n```bash\nnpx prisma db push\nnpm run library:seed:expanded\n```\n\n4. Start the web app:\n\n```bash\nnpm run dev\n```\n\n5. Open:\n\n```text\nhttp://localhost:3000\n```\n\nNotes:\n- `ANTHROPIC_API_KEY` is only required for AI content-generation paths.\n- The browser mode supports regular learning workflows without installing the desktop app.\n\n---\n\n## Desktop Development \u0026 Build (Tauri)\n\nBefore building from source, run:\n\n```bash\nnpm run doctor:tauri\n```\n\n### Desktop dev mode\n\n```bash\nnpm run tauri:dev\n```\n\n### Standard desktop build\n\n```bash\nnpm run tauri:build\n```\n\n### Clean-share desktop build (recommended for distribution)\n\n```bash\nnpm run tauri:build:clean\n```\n\nThis build sanitizes learner-progress tables before packaging while preserving generated module content.\n\n---\n\n## Clean-Share Behavior\n\n`tauri:build:clean` sets `TAURI_CLEAN_SHARE_BUILD=1`, which causes the packaging script to reset:\n\n- `SessionCompletion`\n- `DailySession`\n- `TopicProgress`\n- `UserStats`\n\nand keeps:\n\n- `SessionContent`\n\nThis gives recipients a fresh learner state but still includes pre-generated modules.\n\n---\n\n## macOS Desktop Packaging Notes\n\n- Built app bundle:\n  - `src-tauri/target/release/bundle/macos/Daily Findings.app`\n- Built installer:\n  - `src-tauri/target/release/bundle/dmg/Daily Findings_\u003cversion\u003e_aarch64.dmg`\n\nThe current artifact is Apple Silicon (`aarch64`) unless an x64 build pipeline is added.\n\nIf Finder/Dock icon appears stale after rebuild, quit/reopen app; macOS icon cache may lag.\n\n---\n\n## Windows Distribution\n\nThis project can now build Windows desktop installers in GitHub Actions.\n\n- Workflow: `.github/workflows/desktop-build.yml`\n- Trigger:\n  - manually via **Actions -\u003e Desktop Build (macOS + Windows) -\u003e Run workflow**\n  - automatically on tags like `v0.1.1`\n- Windows outputs are uploaded as artifacts:\n  - `daily-findings-windows` (contains `nsis` and `msi` bundles)\n\nNotes:\n\n- Building Windows bundles from macOS locally is not supported in this setup.\n- Use the workflow to generate shareable Windows installers reliably.\n\n---\n\n## Release Process\n\nDesktop builds are produced by an automated workflow that runs a quality gate (lint, curriculum validation, build, QA) before packaging. Releases can be triggered manually or by pushing a version tag (e.g. `v0.1.0`).\n\n- Manual trigger uploads build artifacts to the workflow run (can be unsigned).\n- Tag trigger (`v*`) uploads artifacts and publishes a GitHub Release with attached installers (`.dmg`, `.exe`, `.msi`) plus checksums.\n- If macOS signing/notarization secrets are missing, tag releases still publish unsigned installers and use an unsigned fallback path for macOS DMG creation.\n\nFor full details, prerequisites, and troubleshooting, see [DISTRIBUTION.md](DISTRIBUTION.md).\n\n---\n\n## Signed vs Unsigned Artifacts\n\nManual builds run successfully with or without code signing. When signing secrets are configured, macOS artifacts are notarized and Windows installers are signed. Unsigned builds are suitable for internal testing.\n\nFor public distribution, use a tag release (`v*`). When signing secrets are configured, macOS artifacts are signed/notarized; otherwise unsigned installers are published with standard platform trust warnings. See [DISTRIBUTION.md](DISTRIBUTION.md) for optional signing secrets.\n\n---\n\n## Install Guidance\n\n### macOS\n\n1. Download the DMG from the release artifacts (or the `.app` bundle directly).\n2. Open the DMG and drag **Daily Findings** into Applications.\n3. On first launch, if macOS blocks the app (unsigned or unverified), use one of these:\n   - right-click `Daily Findings.app` -\u003e **Open** -\u003e **Open**\n   - or open **System Settings -\u003e Privacy \u0026 Security** and click **Open Anyway**\n4. If macOS still blocks launch from quarantine, run:\n\n```bash\nxattr -dr com.apple.quarantine \"/Applications/Daily Findings.app\"\n```\n\n### Windows\n\n1. Download the NSIS installer (`.exe`) or MSI package from the release artifacts.\n2. Run the installer and follow the prompts.\n3. If SmartScreen blocks an unsigned installer, choose **More info** → **Run anyway** (or use a signed build when available).\n\n---\n\n## Checksum Verification\n\nEach release includes a `CHECKSUMS.txt` file (SHA256). To verify a download:\n\n1. Download the bundle artifact and the corresponding checksums artifact.\n2. From the project root, regenerate checksums for the extracted bundle directories and compare:\n\n```bash\nnode scripts/generate-checksums.mjs \u003cbundle-dir1\u003e [bundle-dir2 ...]\ndiff -u downloaded-checksums.txt CHECKSUMS.txt\n```\n\nIf the files match, the download is intact. The file paths must match the extracted artifact layout; if you extract to a different location, regenerate from that exact location before comparing.\n\n---\n\n## Versioning Cadence\n\nVersions follow semantic versioning (e.g. `0.1.8`). Release tags use the `v` prefix (e.g. `v0.1.8`). Pushing a tag triggers the desktop build workflow and produces artifacts for that version. There is no fixed schedule; releases are cut as needed.\n\n---\n\n## Troubleshooting\n\n### App looks like an older build\n\n- Kill stale app/sidecar processes and relaunch from `/Applications`.\n- Ensure port `1430` is not served by an older process.\n- Rebuild with a clean Next output if needed:\n\n```bash\nrm -rf .next\nnpm run tauri:build:clean\n```\n\n### Shared build opens with old progress\n\n- Use `npm run tauri:build:clean` (not `tauri:build`) before sharing.\n\n### Desktop build succeeds but DMG step fails\n\n- `.app` can still be installed directly from the macOS bundle path.\n- Re-run build if you need fresh `.dmg`.\n\n---\n\n## Security \u0026 Privacy\n\n- Do not commit API keys or local secret files.\n- Review `.env` handling before first push.\n- Validate clean-share artifacts before external distribution.\n\n### Local Pre-Commit Secret Scan\n\nA local pre-commit hook is configured to run:\n\n```bash\nnode scripts/check-secrets.mjs --staged\n```\n\nBehavior:\n\n- scans staged files for common token/key patterns\n- blocks commits when possible secrets are detected\n- prints a short masked sample so you can identify and remove the leak quickly\n\nIf you need to test it manually:\n\n```bash\nnode scripts/check-secrets.mjs --staged\n```\n\n---\n\n## Roadmap Snapshot\n\nPlanned but not fully implemented in this repo yet:\n\n- competency-driven expansion to 12 domains / 174 modules\n- capstone modules per domain\n- module type tagging (`core`, `depth`, `specialization`, `capstone`)\n- prerequisite graphing and bridge track logic\n\nThis is a [Next.js](https://nextjs.org) project bootstrapped with [`create-next-app`](https://nextjs.org/docs/app/api-reference/cli/create-next-app).\n\n## Getting Started\n\nFirst, run the development server:\n\n```bash\nnpm run dev\n# or\nyarn dev\n# or\npnpm dev\n# or\nbun dev\n```\n\nOpen [http://localhost:3000](http://localhost:3000) with your browser to see the result.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgrcengineering%2Fdaily-findings","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgrcengineering%2Fdaily-findings","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgrcengineering%2Fdaily-findings/lists"}