chore(docs): track only operator-facing docs (guides/runbooks/images/README); internal docs go local#695
Closed
remyluslosius wants to merge 2 commits into
Closed
chore(docs): track only operator-facing docs (guides/runbooks/images/README); internal docs go local#695remyluslosius wants to merge 2 commits into
remyluslosius wants to merge 2 commits into
Conversation
js-yaml@4.1.1 (transitive dev dependency via eslint -> @eslint/eslintrc and openapi-typescript -> @redocly/openapi-core) is vulnerable to a quadratic-complexity DoS in YAML merge-key handling (GHSA-h67p-54hq-rp68, medium, availability-only, dev scope). Pin via package.json 'overrides' to ^4.2.0 (the patched release); npm dedups both consumers to 4.2.0. npm audit: 0 vulnerabilities; eslint + tsc green. Not in the shipped SPA bundle. Signed-off-by: Remylus Losius <remyluslosius@gonaibo.com>
GA docs policy: only docs/guides, docs/runbooks, docs/images and
docs/README.md remain tracked. Engineering/planning/architecture/vision
docs, security reviews, and STATUS.md are now local-only (gitignored).
- .gitignore: docs/* ignored except docs/{guides,runbooks,images} + README.md.
- Move STATUS.md -> docs/engineering/STATUS.md (now local).
- Untrack 36 internal docs (kept on disk via git rm --cached): all of
docs/engineering/, docs/architecture/, docs/INTRODUCTION.md,
docs/KENSA_OPENWATCH_*, the vision/Q-plan docs, and the security reviews.
- De-link the now-local docs from the tracked public docs (README + guides +
runbooks) by flattening their markdown links to plain text, so the public
guides ship with zero dead links. Inline-code path mentions (non-links) are
left as-is.
Docs + .gitignore only; no code touched.
Signed-off-by: Remylus Losius <remyluslosius@gonaibo.com>
github-actions
Bot
added
documentation
This was referenced Jun 26, 2026
remyluslosius
added a commit
that referenced
this pull request
Jun 27, 2026
…v launcher, guide review (#698) * fix(frontend): bump js-yaml to >=4.2.0 (CVE-2026-53550, Dependabot #140) js-yaml@4.1.1 (transitive dev dependency via eslint -> @eslint/eslintrc and openapi-typescript -> @redocly/openapi-core) is vulnerable to a quadratic-complexity DoS in YAML merge-key handling (GHSA-h67p-54hq-rp68, medium, availability-only, dev scope). Pin via package.json 'overrides' to ^4.2.0 (the patched release); npm dedups both consumers to 4.2.0. npm audit: 0 vulnerabilities; eslint + tsc green. Not in the shipped SPA bundle. Signed-off-by: Remylus Losius <remyluslosius@gonaibo.com> * chore(docs): track only operator-facing docs; internal docs go local GA docs policy: only docs/guides, docs/runbooks, docs/images and docs/README.md remain tracked. Engineering/planning/architecture/vision docs, security reviews, and STATUS.md are now local-only (gitignored). - .gitignore: docs/* ignored except docs/{guides,runbooks,images} + README.md. - Move STATUS.md -> docs/engineering/STATUS.md (now local). - Untrack 36 internal docs (kept on disk via git rm --cached): all of docs/engineering/, docs/architecture/, docs/INTRODUCTION.md, docs/KENSA_OPENWATCH_*, the vision/Q-plan docs, and the security reviews. - De-link the now-local docs from the tracked public docs (README + guides + runbooks) by flattening their markdown links to plain text, so the public guides ship with zero dead links. Inline-code path mentions (non-links) are left as-is. Docs + .gitignore only; no code touched. Signed-off-by: Remylus Losius <remyluslosius@gonaibo.com> * chore: move KEYS to security/; keep BACKLOG + SESSION_LOG local - security/: new directory for the GPG release-signing public keyring. KEYS moved there; updated the two repo-path references (release.yml release-asset upload, RELEASING.md link). Operator commands (gpg/rpm --import KEYS) are unchanged — they import the file downloaded from the GitHub Release by basename, not a repo path. - BACKLOG.md + SESSION_LOG.md: now gitignored (internal working docs go local, consistent with CLAUDE.md and the docs-local policy). Kept on disk. LICENSE deliberately NOT moved to licensing/: it stays at the repo root so GitHub license detection and SPDX/packaging conventions keep working (a non-root LICENSE makes GitHub report 'no license detected'). Signed-off-by: Remylus Losius <remyluslosius@gonaibo.com> * fix(dev): inject version ldflags in the dev launcher scripts/openwatch.sh built dist/openwatch with a bare 'go build' (no ldflags), so the dev app always reported version 'dev' (the internal/version default) regardless of packaging/version.env — the /settings/about page and '--version' showed the wrong version. Inject Version/Commit/BuildTime the same way the Makefile does (sourced from packaging/version.env + git rev-parse + date), so dev builds report the real version (e.g. 0.2.0-rc.16). Verified: dev app now serves rc.16. Signed-off-by: Remylus Losius <remyluslosius@gonaibo.com> * docs(guides): apply final GA review state (truthfulness + internal-ref scrub + style) Supersedes the interim guide de-linking from #695 with the full GA review: truthfulness fixes, complete internal-reference removal (source paths, doc names, escaping links), and the style-guide sweep across all 22 guides. --------- Signed-off-by: Remylus Losius <remyluslosius@gonaibo.com>
Contributor
Author
|
Superseded by #698 (consolidated GA-prep merge to avoid the rebase cascade). The same changes landed there. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
GA docs policy change: the public repo ships only operator-facing docs; engineering/planning/internal docs become local-only.
Policy
.gitignore:docs/*ignored exceptdocs/guides/,docs/runbooks/,docs/images/, anddocs/README.md.Changes
STATUS.md->docs/engineering/STATUS.md(now local/ignored).git rm --cached): all ofdocs/engineering/,docs/architecture/,docs/INTRODUCTION.md,docs/KENSA_OPENWATCH_*, the vision/Q-plan docs, and the security reviews. They remain in local checkouts; they just leave the public repo.docs/README.md+ guides + runbooks): markdown links to internal docs are flattened to plain text so the public guides ship with zero dead links. (Inline-code path mentions are non-links and left as-is.)Scope
Docs +
.gitignoreonly — no code touched. Tracked underdocs/after this:guides/,runbooks/,images/,README.md.