Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/grcengineering/daily-findings

Daily Findings is a desktop GRC learning app with guided sessions, quizzes, progress tracking, and curated GRC news.
https://github.com/grcengineering/daily-findings

compliance desktop-app governance grc nextjs risk-management security tauri training

Last synced: 3 months ago
JSON representation

Daily Findings is a desktop GRC learning app with guided sessions, quizzes, progress tracking, and curated GRC news.

Awesome Lists containing this project

README 

          
New release and updated content will be delivered tomorrow. I found an issue with the current release.



# Daily Findings (GRC Learning Platform)



Daily Findings is a GRC training platform with two runtime modes:



- a `Next.js` web app for development and browser usage

- a `Tauri` desktop wrapper that packages the app as a cross-platform desktop application (macOS and Windows)



The platform delivers daily modules that combine lesson content, scenarios, quizzes, progress tracking, and a news feed.



---



## Install and Go



For most users, the easiest path is to install a prebuilt desktop release (no local toolchains required):



1. Open the latest GitHub Release for this repository.

2. Download your platform installer:

   - macOS: `.dmg`

   - Windows: `.exe` or `.msi`

3. Install and launch.



Only build from source if you are developing. If you do, run:



```bash

npm install

npm run doctor:tauri

npm run tauri:build

```



If `doctor:tauri` fails, it prints exactly what to install next (for example Rust/Cargo or Xcode CLI tools).



---



## New User Quickstart (Non-Technical)



If you just want to install and use the app, follow these steps:



1. Open the latest release page:

   - https://github.com/grcengineering/daily-findings/releases/latest

2. Download your installer:

   - macOS: `.dmg`

   - Windows: `.exe` (or `.msi`)

3. Install:

   - macOS: open the `.dmg`, then drag **Daily Findings** to **Applications**

   - Windows: run the `.exe` or `.msi` and follow the prompts

4. First launch prompts (if installer is unsigned):

   - macOS: right-click `Daily Findings.app` -> **Open** -> **Open**

   - macOS alternate: **System Settings -> Privacy & Security** -> **Open Anyway**

   - Windows: if SmartScreen appears, click **More info** -> **Run anyway**

5. Start learning:

   - Open the app, click **Start Session** (or **Continue Session**), and complete your first module.



No terminal or coding setup is required for this install path.



For reusable GitHub repo-description/wiki copy, see `COMMUNITY_QUICKSTART_COPY.md`.



---



## Current Scope (Important)



This repository currently ships with the **legacy curriculum shape**:



- **8 domains**

- **15 modules per domain**

- **no capstone modules yet**



That expansion plan to 12 domains / 174 modules is tracked separately and has not been fully applied in this repo yet.



---



## Core Features



- Daily session recommendation based on completion history

- Module library grouped by domain/level with completion status

- Session flow: lesson -> scenario -> quiz

- XP, streak, and badge tracking

- Progress dashboard and history views

- RSS-based GRC news feed with source health/caching metadata

- AI-generated content pipeline with formatting/factual quality checks

- Desktop packaging via Tauri with bundled Node runtime

- Clean-share build mode (ships app with reset learner progress)



---



## Tech Stack



- **Frontend/App**: Next.js 16 (App Router), React 19, TypeScript, Tailwind

- **Desktop**: Tauri v2 (Rust launcher + packaged resources)

- **Database**: SQLite + Prisma ORM

- **Animations/UI**: Framer Motion, Lucide, shadcn/ui patterns

- **AI Content**: Anthropic SDK integration

- **News ingestion**: RSS parser + in-memory caching



---



## Repository Layout



- `src/app/` - Next.js routes/pages

- `src/app/api/` - API route handlers

- `src/components/` - UI components

- `src/lib/` - domain logic and shared utilities

- `data/curriculum.json` - curriculum source loaded by the app

- `prisma/schema.prisma` - DB schema

- `scripts/prepare-tauri-sidecar.mjs` - desktop resource packaging script

- `src-tauri/` - Tauri config, Rust launcher, icons, bundled resources



---



## API Surface (App Router)



- `GET /api/session/today` - returns current recommended session summary

- `GET /api/session/generate` - returns full generated session content

- `POST /api/session/complete` - marks completion, updates progress/streak/xp

- `GET /api/stats` - user stats + recent sessions + domain completion summary

- `GET /api/progress` - deep progress payload + badges + topic progress

- `GET /api/library` - library catalog grouped by domain + level

- `GET /api/news` - news articles + source status + cache metadata



---



## Data Model (Prisma / SQLite)



Primary models:



- `SessionContent` - generated module content by `topicId`

- `SessionCompletion` - completion events (topic/date/score)

- `TopicProgress` - long-term per-topic progress metrics

- `UserStats` - aggregated streak/xp/session stats

- `DailySession` - legacy session table



Schema file: `prisma/schema.prisma`



---



## Environment Variables



Common local variables:



- `DATABASE_URL` (SQLite connection string)

- `ANTHROPIC_API_KEY` (required for AI content generation paths)



Notes:



- local env files are in `.env` / `.env.local`

- avoid committing secrets



---



## Local Development



1. Install dependencies:



```bash

npm install

```



2. Run web app in dev mode:



```bash

npm run dev

```



Default dev URL is typically `http://localhost:3000` unless overridden.



---



## Web App Dev Quickstart (No DMG Required)



If your company blocks unsigned desktop installers, run Daily Findings in browser dev mode:



1. Install dependencies:



```bash

npm install

```



2. Create `.env.local`:



```bash

DATABASE_URL="file:./prisma/dev.db"

```



If you want AI generation features, add your `ANTHROPIC_API_KEY` to your local environment configuration.



3. Initialize database and seed module content:



```bash

npx prisma db push

npm run library:seed:expanded

```



4. Start the web app:



```bash

npm run dev

```



5. Open:



```text

http://localhost:3000

```



Notes:

- `ANTHROPIC_API_KEY` is only required for AI content-generation paths.

- The browser mode supports regular learning workflows without installing the desktop app.



---



## Desktop Development & Build (Tauri)



Before building from source, run:



```bash

npm run doctor:tauri

```



### Desktop dev mode



```bash

npm run tauri:dev

```



### Standard desktop build



```bash

npm run tauri:build

```



### Clean-share desktop build (recommended for distribution)



```bash

npm run tauri:build:clean

```



This build sanitizes learner-progress tables before packaging while preserving generated module content.



---



## Clean-Share Behavior



`tauri:build:clean` sets `TAURI_CLEAN_SHARE_BUILD=1`, which causes the packaging script to reset:



- `SessionCompletion`

- `DailySession`

- `TopicProgress`

- `UserStats`



and keeps:



- `SessionContent`



This gives recipients a fresh learner state but still includes pre-generated modules.



---



## macOS Desktop Packaging Notes



- Built app bundle:

  - `src-tauri/target/release/bundle/macos/Daily Findings.app`

- Built installer:

  - `src-tauri/target/release/bundle/dmg/Daily Findings__aarch64.dmg`



The current artifact is Apple Silicon (`aarch64`) unless an x64 build pipeline is added.



If Finder/Dock icon appears stale after rebuild, quit/reopen app; macOS icon cache may lag.



---



## Windows Distribution



This project can now build Windows desktop installers in GitHub Actions.



- Workflow: `.github/workflows/desktop-build.yml`

- Trigger:

  - manually via **Actions -> Desktop Build (macOS + Windows) -> Run workflow**

  - automatically on tags like `v0.1.1`

- Windows outputs are uploaded as artifacts:

  - `daily-findings-windows` (contains `nsis` and `msi` bundles)



Notes:



- Building Windows bundles from macOS locally is not supported in this setup.

- Use the workflow to generate shareable Windows installers reliably.



---



## Release Process



Desktop builds are produced by an automated workflow that runs a quality gate (lint, curriculum validation, build, QA) before packaging. Releases can be triggered manually or by pushing a version tag (e.g. `v0.1.0`).



- Manual trigger uploads build artifacts to the workflow run (can be unsigned).

- Tag trigger (`v*`) uploads artifacts and publishes a GitHub Release with attached installers (`.dmg`, `.exe`, `.msi`) plus checksums.

- If macOS signing/notarization secrets are missing, tag releases still publish unsigned installers and use an unsigned fallback path for macOS DMG creation.



For full details, prerequisites, and troubleshooting, see [DISTRIBUTION.md](DISTRIBUTION.md).



---



## Signed vs Unsigned Artifacts



Manual builds run successfully with or without code signing. When signing secrets are configured, macOS artifacts are notarized and Windows installers are signed. Unsigned builds are suitable for internal testing.



For public distribution, use a tag release (`v*`). When signing secrets are configured, macOS artifacts are signed/notarized; otherwise unsigned installers are published with standard platform trust warnings. See [DISTRIBUTION.md](DISTRIBUTION.md) for optional signing secrets.



---



## Install Guidance



### macOS



1. Download the DMG from the release artifacts (or the `.app` bundle directly).

2. Open the DMG and drag **Daily Findings** into Applications.

3. On first launch, if macOS blocks the app (unsigned or unverified), use one of these:

   - right-click `Daily Findings.app` -> **Open** -> **Open**

   - or open **System Settings -> Privacy & Security** and click **Open Anyway**

4. If macOS still blocks launch from quarantine, run:



```bash

xattr -dr com.apple.quarantine "/Applications/Daily Findings.app"

```



### Windows



1. Download the NSIS installer (`.exe`) or MSI package from the release artifacts.

2. Run the installer and follow the prompts.

3. If SmartScreen blocks an unsigned installer, choose **More info** → **Run anyway** (or use a signed build when available).



---



## Checksum Verification



Each release includes a `CHECKSUMS.txt` file (SHA256). To verify a download:



1. Download the bundle artifact and the corresponding checksums artifact.

2. From the project root, regenerate checksums for the extracted bundle directories and compare:



```bash

node scripts/generate-checksums.mjs  [bundle-dir2 ...]

diff -u downloaded-checksums.txt CHECKSUMS.txt

```



If the files match, the download is intact. The file paths must match the extracted artifact layout; if you extract to a different location, regenerate from that exact location before comparing.



---



## Versioning Cadence



Versions follow semantic versioning (e.g. `0.1.8`). Release tags use the `v` prefix (e.g. `v0.1.8`). Pushing a tag triggers the desktop build workflow and produces artifacts for that version. There is no fixed schedule; releases are cut as needed.



---



## Troubleshooting



### App looks like an older build



- Kill stale app/sidecar processes and relaunch from `/Applications`.

- Ensure port `1430` is not served by an older process.

- Rebuild with a clean Next output if needed:



```bash

rm -rf .next

npm run tauri:build:clean

```



### Shared build opens with old progress



- Use `npm run tauri:build:clean` (not `tauri:build`) before sharing.



### Desktop build succeeds but DMG step fails



- `.app` can still be installed directly from the macOS bundle path.

- Re-run build if you need fresh `.dmg`.



---



## Security & Privacy



- Do not commit API keys or local secret files.

- Review `.env` handling before first push.

- Validate clean-share artifacts before external distribution.



### Local Pre-Commit Secret Scan



A local pre-commit hook is configured to run:



```bash

node scripts/check-secrets.mjs --staged

```



Behavior:



- scans staged files for common token/key patterns

- blocks commits when possible secrets are detected

- prints a short masked sample so you can identify and remove the leak quickly



If you need to test it manually:



```bash

node scripts/check-secrets.mjs --staged

```



---



## Roadmap Snapshot



Planned but not fully implemented in this repo yet:



- competency-driven expansion to 12 domains / 174 modules

- capstone modules per domain

- module type tagging (`core`, `depth`, `specialization`, `capstone`)

- prerequisite graphing and bridge track logic



This is a [Next.js](https://nextjs.org) project bootstrapped with [`create-next-app`](https://nextjs.org/docs/app/api-reference/cli/create-next-app).



## Getting Started



First, run the development server:



```bash

npm run dev

# or

yarn dev

# or

pnpm dev

# or

bun dev

```



Open [http://localhost:3000](http://localhost:3000) with your browser to see the result.