Sanitize repo for public release (case study + full scrub)#51
Merged
Conversation
Public, employer-neutral case study for the SaaS status dashboard. Grounded in real code (normalizer, resilience, alert routing, dependency graph) with verified metrics (356 tests, ~16k LOC). Embedded Mermaid architecture diagram. No org names, internal channels, paths, or secrets.
Remove employer-identifying information from all documentation and the build scripts that generate it: - employer name (Box), internal Slack channels (#it-help, #service-validation), and internal-network/VPN references → generic - real SaaS tool inventory (Okta, Workday, Salesforce, Zoom, etc.) → generic category labels (identity provider, HR system, CRM, video, ...) - monitored-source vendor names (Slack/Google status feeds) → generic format labels; Statuspage.io kept (public third-party format); Slack retained only as the alert destination Delete rendered binaries (deck PDF/PPTX, architecture + exec-view PNGs) that embed the same identifiers and cannot be regenerated in this env; they rebuild from the now-clean build scripts. Author byline + public repo link retained as portfolio attribution. No code/README/CI changes.
pulse.html, PORTFOLIO-DISPOSITION.md, and the deck/diagram build scripts referenced an outdated 276; actual suite is 356 tests. No identifier or logic changes.
Replace the hardcoded 'okta' service_id special-case (and 'Okta' wording) in the impact-statement engine with a generic, configurable SSO broker: - new SSO_BROKER_SERVICE_ID setting (default unset) - okta_* templates renamed to sso_* with vendor-neutral wording - tests updated + new coverage for the unset (generic) path Removes the only hardcoded vendor name from shipped logic. 378 tests pass.
Genericize employer name, real SaaS tool inventory, internal Slack channels, VPN/internal-infra references, and com.box.* plist names in IMPLEMENTATION-ROADMAP.md and PRODUCTION-ROADMAP.md. Aligned impact-template key references to the sso_* naming. No code changes.
…private The committed services.yaml/dependencies.yaml previously contained the real organization's SaaS inventory (vendor names, status-page URLs, tiers, dependency graph). Replace with a generic, functional example that monitors public developer-tool status pages (GitHub, Cloudflare, PyPI, etc.). - loader now prefers gitignored *.local.yaml when present, so the operator's real registry lives outside version control (deployment unaffected) - test_seeder loads the committed example via explicit paths (deterministic regardless of a local override) with assertions updated to the example - .gitignore: backend/config/*.local.yaml + backend/uv.lock 378 tests pass.
- rename com.box.* launchd plists -> com.company.* (label + references) - Caddyfile/litestream examples: genericize internal hostname, ops email, S3 bucket, backup host - pyproject.toml description: 'Box IT' -> 'enterprise IT' - seed_demo_data: remap demo incidents to the generic example service ids (matches the committed config; was both a leak and stale post-genericize) No test logic changed. 378 tests pass.
'#it-help' -> 'the help channel' in a non-asserted reason string.
- 'used by Box IT' -> enterprise IT; corporate-VPN/internal-host refs genericized - Service Categories table: real inventory -> generic categories + the public example services the committed config monitors - curl examples + manual-update section: real service_ids -> generic - com.box.* plist names -> com.company.*; internal channel names -> ops-alert - architecture source labels genericized; Splunk/JSM/ThousandEyes -> generic - test count 356 -> 378 (current suite); Slack retained as alert destination
google/slack/salesforce/zendesk/ringcentral pollers -> product_feed / current_status / trust_incidents / active_incidents / service_array. Renames modules, functions, the poll_type enum, scheduler dispatch, normalizer symbols, and the integration test (mock data genericized). Poller logic unchanged (URL-param-driven format parsers). Slack as the alert *destination* is untouched. 378 tests pass, ruff clean.
… + example data - PRODUCT_FEED_NAMES -> generic example mapping (operator-populated) - vendor-id test fixtures (okta/duo/box/workday/...) -> generic ids across test_routing/graph/admin/services/postmortems/slack_ack/slack_slash/burn_rate, loading the committed example config via explicit paths so the suite is deterministic with OR without a local override (fixes a CI-only breakage) - example/mock URLs (status.box.com, slack-status.com, google appsstatus) -> example.com - IMPLEMENTATION-ROADMAP.md: vendor names, real URLs, and pre-rename poller filenames -> generic / current names Slack as the alert destination retained throughout. 378 tests pass both with and without the gitignored real config; ruff clean.
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 4d9199b8b9
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Comment on lines
+231
to
+233
| current_status_svcs = services_by_type.get("current_status_api", []) | ||
| if current_status_svcs: | ||
| svc = current_status_svcs[0] |
There was a problem hiding this comment.
When a local registry contains more than one service using the new neutral current_status_api poll type, this block only selects current_status_svcs[0] and returns a result for that single service, so every other configured current-status service is omitted from all_results and detect_changes never updates it. The old vendor-specific Slack type was inherently single-service, but after genericizing the type this needs to loop over all matching services (or group by URL) like the other single-service pollers.
Useful? React with 👍 / 👎.
| img_x, Inches(6.9), img_w, Inches(0.22), | ||
| size=9, color=TEXT_MUTED, font=MONO_FONT, | ||
| align=PP_ALIGN.CENTER) | ||
| s.shapes.add_picture(img_path, img_x, Inches(1.85), width=img_w, height=img_h) |
There was a problem hiding this comment.
This commit deletes docs/executive-view-redesign/screenshots/exec-major.png and docs/architecture-diagram/architecture.png, but the deck builder still embeds those paths. In a clean checkout, once python-pptx is available, slide_exec() fails at add_picture before the sanitized deck can be regenerated, which is especially problematic because the generated pulse-hdi.pptx was also removed.
Useful? React with 👍 / 👎.
# Conflicts: # CLAUDE.md
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Makes the repository safe to publish: removes all employer-identifying
information while keeping the app fully working and the test suite green.
What changed
services.yaml/dependencies.yamlreplaced with a generic, runnableexample that monitors public dev-tool status pages (GitHub, Cloudflare, PyPI, …).
The real org registry now lives in gitignored
*.local.yaml, loaded preferentially.oktaimpact special-case is now config-driven(
SSO_BROKER_SERVICE_ID); the 5 vendor pollers were renamed to neutral format names(
product_feed/current_status/trust_incidents/active_incidents/service_array).com.box.*plists,pyproject, and the demo seeder all genericized.
test_graph/test_admin_api/test_services_apinow load the committed example via explicit paths (deterministic with or without a local override).
Verification
378 passedwith and without the gitignored real config (CI-safe on a fresh clone).Operator notes
backend/config/*.local.yamloutside the repo (fresh clone won't have them).com.box.*→com.company.*(re-bootstrap launchd on next deploy).SSO_BROKER_SERVICE_IDin env to re-enable the SSO impact template.