Add new pages for security, aider, and CursorAI project documentation

- Create page for handling secrets on the command line
- Add aider installation documentation
- Introduce page for cursor-ai-sdlc GitHub repository
- Update existing pages with new references and links
- Add environment variable alias page

Author: codekiln

journals/2025_03_09.md

@@ -1,12 +1,21 @@
 ## #[[AI Coding]]
 	- ### Cursor
 		- #Updated [[CursorAI Project Rule Test]] with a list of current tests
-		- [[CursorAI/How To/Share Cursor Project Rules Across Repositories and Users]]
+		- #Filed
+			- [[CursorAI/How To/Share Cursor Project Rules Across Repositories and Users]]
+			- [[CursorAI/Forum/25/03/Scan for Project Rules in Subdirectories of .cursor/rules]]
+			- [[Person/codekiln/GitHub/cursor-ai-sdlc]]
+	- ### [[aider/Installation]]
+		- #Filed [[GitHub/Issue]] [For security reasons, default installation docs should not instruct users to divulge their API keys at the command line · Issue #3475 · Aider-AI/aider](https://github.com/Aider-AI/aider/issues/3475)
+		-
 - ## #[[Agentic Systems]]
 	- ### [[Anthropic/Blog/24/12/Building Effective Agents]]
 		- #### #Wordsmithing
 			- [[Agentic Spectrum]] refers to the spread between Agentic Systems that are more deterministic and pre-specified [[AI Workflows]], and those Agentic Systems where the AI is given freedom to "choose" the next best move or what to do next, [[AI Agents]]. It seems that this spectrum is mapped to the space between 0 and 1, from "non-agentic" workflows to "fully agentic" agents.
 			- [[Poka-yoke]] when you bake something into a process or a technology that prevents a class of errors
 				- > [⁠⁠Poka-yoke](https://en.wikipedia.org/wiki/Poka-yoke) your tools. Change the arguments so that it is harder to make mistakes.
 - GitHub Pages
-	- I don't think I quite understood before that [[GitHub/Pages/User Site]] was a thing; it's possible to have a domain like `<username>.github.io`
+	- I don't think I quite understood before that [[GitHub/Pages/User Site]] was a thing; it's possible to have a domain like `<username>.github.io`
+- ## #Security
+	- [[smallstep/Blog/24/05/How to Handle Secrets on the Command Line]]
+		- {{embed ((67cdafc5-8105-48cc-a41b-adb7d83f5c10))}}

pages/AI___Coding___Technique___Phased Planning___ai-coding dir.md

@@ -1,6 +1,8 @@
 alias:: [[AI/Coding/Technique/Phased Planning]]
 
 - #  AI Coding technique - Using an `.ai-coding/TICKET/` dir for staging [[SDLC]] planning artifacts by SDLC Phase
+	- [[My Notes]]
+		- An early prototype of this technique is available in [[Person/codekiln/GitHub/cursor-ai-sdlc]]
 	- ## Summary of the `/.ai-coding/TICKET-feature-name/` directory
 	  id:: 67c180c4-95f6-4d0b-b787-60d11eed3ff9
 		- Named after the ticket and a brief description of the feature; preferably the name of this directory matches the end of the branch name; `TICKET` is an external project management ticket reference.

pages/CursorAI___Forum___25___03___Scan for Project Rules in Subdirectories of .cursor___rules.md

@@ -4,6 +4,7 @@ date-created:: [[2025/03]]
 - # [Scan for Project Rules in Subdirectories of .cursor/rules - Feature Requests - Cursor - Community Forum](https://forum.cursor.com/t/scan-for-project-rules-in-subdirectories-of-cursor-rules/61534)
 	- ## #OP
 		- According to [my tests](https://codekiln.github.io/logseq-encode-garden/#/page/cursorai%2Fproject%20rule%2Ftest), as of `v0.46.11`, Cursor does not activate project rules which are stored in sub-directories of the `.cursor/rules/` location. See [codekiln/cursor-project-rule-test: Testing the Cursor Project Rule feature](https://github.com/codekiln/cursor-project-rule-test/tree/main) for an independent repository you can clone and test.
-		- If Cursor did, then we would be able to use [Git Submodules](https://git-scm.com/book/en/v2/Git-Tools-Submodules) to reference Cursor Project Rules stored in a centralized repository and shared among many users and projects. This would unlock a whole new way to share project rules between users and repositories. In my opinion, it’s very important that Cursor enable its community develop to collaborate together on developing mature, open source cursor rules, and adding this feature would be an important step in that direction.
-		  A number of users in the community have been interested in this functionality; see [Mastering Cursor Rules: A Developer’s Guide to Smart AI Integration - DEV Community](https://dev.to/dpaluy/mastering-cursor-rules-a-developers-guide-to-smart-ai-integration-1k65) for an example.
+		- If Cursor did, then we would be able to use [Git Submodules](https://git-scm.com/book/en/v2/Git-Tools-Submodules) to reference Cursor Project Rules stored in a centralized repository, shared among many users and projects. This would unlock a whole new way to share project rules between users and repositories. In my opinion, it’s very important that Cursor enable its community to collaborate together on developing mature, open source cursor rules, and adding this feature would be an important step in that direction.
+		- An example of the types of repositories that could be contributed on by multiple people is [[Person/codekiln/GitHub/cursor-ai-sdlc]], which proposes a way to use a particular directory to be a bridge between external tools like [[JIRA]] and the [[SDLC]].
+		- A number of users in the community have been interested in this functionality; see [Mastering Cursor Rules: A Developer’s Guide to Smart AI Integration - DEV Community](https://dev.to/dpaluy/mastering-cursor-rules-a-developers-guide-to-smart-ai-integration-1k65) for an example.
 		- I’ve listed a number of dynamics and workarounds at [CursorAI/How To/Share Cursor Project Rules Across Repositories and Users](https://codekiln.github.io/logseq-encode-garden/#/page/cursorai%2Fhow%20to%2Fshare%20cursor%20project%20rules%20across%20repositories%20and%20users).

pages/EnvVar.md

@@ -0,0 +1 @@
+alias:: [[Environment Variable]], [[Environment Variables]], [[EnvVars]]

pages/Person___codekiln___GitHub___cursor-ai-sdlc.md

@@ -0,0 +1 @@
+# [codekiln/cursor-ai-sdlc: Cursor rules for the phases and stages of the Software Development Life Cycle (SDLC)](https://github.com/codekiln/cursor-ai-sdlc)

pages/aider.md

@@ -22,4 +22,5 @@
 	- ## More info
 		- [Documentation](https://aider.chat/)
 	- ## Kind words from users
-		- > The best free open source AI coding assistant
+		- > The best free open source AI coding assistant
+	- ## [[aider/Installation]]

pages/aider___Installation.md

@@ -0,0 +1,3 @@
+# [Installing aider](https://aider.chat/docs/install.html)
+	- ## installation with [[uv]]
+		- `uv tool install --force --python python3.12 aider-chat@latest`

pages/smallstep___Blog___24___05___How to Handle Secrets on the Command Line.md

@@ -0,0 +1,28 @@
+tags:: [[Security]], [[Secrets]], [[CLI]], [[Article]]
+
+- # [How to Handle Secrets on the Command Line](https://smallstep.com/blog/command-line-secrets/)
+	- ### [[tldr]] #Summary
+	  id:: 67cdafc5-8105-48cc-a41b-adb7d83f5c10
+		- TL;DR: Best practices for #CLI secrets: (1) Use credential files with proper permissions and disk encryption; (2) Use pipes to pass secrets directly between programs; (3) Avoid [[EnvVars]] environment variables when possible; (4) **Never pass secrets directly in command arguments**; (5) Consider using a keyring facility like [[Linux/keyring]] for in-memory storage; (6) For specific tools, use their built-in credential storage (like [[dotfiles/.netrc]] for [[curl]]).
+	- The command line really wasn't designed for secrets. So, keeping secrets secret on the command line requires some extra care and effort.
+	- All of these values, including the precious contents of the private key file, can be seen via `ps` when these commands are running. [[ps]] finds them via `/proc/<pid>/cmdline`, which is globally readable for any process ID.
+	- ### Credentials Files
+		- What's not to love about a file? It's got an owner. It has permissions and access control.
+		- Give each secret a file! Any program that accepts secrets should be able to accept them by passing a filename or by redirecting a file into `STDIN`. You can also use files to pass secrets into Docker containers with mounted volumes.
+		- Be sure your disk is encrypted at rest, eg. with LUKS
+		- Using environment variables for secrets is very convenient. And we don't recommend it because it's so easy to leak things
+		- Some operating systems still make every process's environment variables world readable.
+		- In Docker, anyone with access to the [[Docker]] daemon can use `docker inspect` to see all of the environment variables for any running container.
+		- Variables can easily end up in shell history. In many shells, adding an extra space before a command will exclude it from shell history.
+	- ### What About A Secrets Manager?
+		- Speaking of lightweight solutions, there is an keyring facility in the Linux kernel
+		- The [[Linux/keyring]] offers several scopes for storing keys safely in memory that will never be swapped to disk. A process or even a single thread can have its own keyring, or you can have a keyring that is inherited across all processes in a user's session. To manage the keyrings and keys, use the [`keyctl`](https://man7.org/linux/man-pages/man1/keyctl.1.html) command or [`keyctl`](https://man7.org/linux/man-pages/man2/keyctl.2.html) system calls.
+	- ### Directly in the command
+		- In case it isn't already abundantly clear, this is very unsafe. There is no way for the caller of a command to choose to hide the command line from being world readable.
+		- any CLI command worth its salt should not accept passwords directly.
+		- The alternative for [[curl]] is a credential file: A [`.netrc` file](https://everything.curl.dev/usingcurl/netrc) can be used to store credentials for servers you need to connect to.
+	- ### Author
+		- [[Person/Carl Tashian]]
+			- [Website](https://tashian.com)
+			- [LinkedIn](https://www.linkedin.com/in/tashian/)
+			- is an engineer, writer, exec coach, and startup all-rounder. He's currently an Offroad Engineer at Smallstep. He co-founded and built the engineering team at Trove, and he wrote the code that opens your Zipcar. He lives in San Francisco with his wife Siobhan and he loves to play the modular synthesizer 🎛️🎚️

pages/tldw.tube.md

@@ -1,4 +1,4 @@
-tags:: [[YouTube]], [[Tool]], [[Summarization]]
+tags:: [[YouTube]], [[Tool]], [[Summary/Summarization]]
 
 - #Website https://tldw.tube/ - "To Long, Didn't Watch"
 - YouTube summarizer