Skip to content

Commit 9a93561

Browse files
authored
Add public-safe Portfolio Command Center fixture proof package (#120)
* docs(demo): add public fixture proof package * fix(demo): keep fixture proof outputs isolated
1 parent 99df92c commit 9a93561

20 files changed

Lines changed: 537 additions & 40 deletions

docs/demo-proof/public-fixture/README.md

Lines changed: 29 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -35,17 +35,41 @@ From the sibling Portfolio Command Center repo:
3535

3636
```sh
3737
pnpm install
38-
pnpm demo:desktop
38+
pnpm demo:desktop:fixture
3939
```
4040

41-
Then set the output directory in the app header to:
41+
The fixture launch script preloads the public-safe fixture output directory in
42+
the app header.
4243

43-
```text
44-
../GithubRepoAuditor/output/demo
45-
```
44+
Use `pnpm demo:desktop` only for manual live or custom-output review. Do not use
45+
the live local default output directory for public recording.
46+
47+
## Captured Frames
48+
49+
Public-safe frames are included under `screenshots/`:
50+
51+
- `00-ops-tauri-window.png` - desktop shell proof.
52+
- `01-portfolio.png` - portfolio table.
53+
- `02-risk-security.png` - risk and security posture.
54+
- `03-burndown.png` - grouped remediation view.
55+
- `04-trends.png` - history and security drift.
56+
- `05-weekly-digest.png` - weekly digest and next move.
57+
58+
The frames show only fixture repos (`RepoA`, `RepoB`, `RepoC`), synthetic
59+
packages, synthetic advisory ids, relative fixture paths, and the fixture output
60+
directory.
4661

4762
## Safety Claim
4863

4964
This package proves the demo can be produced from fixture data. It does not
5065
prove that a recording is visually redacted. A final public recording still
5166
needs a human pass for frame-level privacy review.
67+
68+
## What Stays Private
69+
70+
Do not publish live local portfolio output, real repo names, local absolute
71+
paths, security findings from the real portfolio, terminals, account menus,
72+
Notion, email, calendar, Slack, bridge-db, personal-ops, SecondBrain, tokens,
73+
cookies, env values, or raw agent/session state. The public asset is the pattern:
74+
fixture-backed truth, visible risk, grouped remediation, trend evidence, and one
75+
operator-approved next move.

docs/demo-proof/public-fixture/RECORDING-CHECKLIST.md

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -5,8 +5,8 @@ Use this checklist for a public-safe Portfolio Command Center recording.
55
## Preflight
66

77
- [ ] Run `make demo` from `GithubRepoAuditor`.
8-
- [ ] Run `pnpm demo:desktop` from `PortfolioCommandCenter`.
9-
- [ ] Point Portfolio Command Center at `GithubRepoAuditor/output/demo`.
8+
- [ ] Run `pnpm demo:desktop:fixture` from `PortfolioCommandCenter`.
9+
- [ ] Confirm Portfolio Command Center is pointed at the fixture output directory.
1010
- [ ] Confirm the visible data is fixture data, not the private live portfolio.
1111
- [ ] Hide terminals, path bars, desktop clutter, account menus, and notification banners.
1212

@@ -30,3 +30,9 @@ Use this checklist for a public-safe Portfolio Command Center recording.
3030
- real security advisory details;
3131
- Notion, email, calendar, Slack, bridge-db, or SecondBrain content;
3232
- terminal scrollback, env vars, tokens, cookies, or config files.
33+
34+
## Existing Public-Safe Frames
35+
36+
Use the included `screenshots/` frames as still-image evidence or as the visual
37+
source for a website case-study block. If recording new video, treat these
38+
frames as the reference for what safe output looks like.
Lines changed: 17 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,18 +1,29 @@
11
# Public Fixture Demo Summary
22

3-
Status: fixture proof package, pending visual capture.
3+
Status: fixture proof package with public-safe visual capture.
44

55
This package establishes the safe public data path for the Operator OS /
66
Portfolio Command Center demo:
77

88
- fixture input: `fixtures/demo/sample-report.json`;
99
- generated artifacts: `output/demo/`, including the PortfolioCommandCenter
10-
`projects` schema, weekly digest, burndown, trend snapshots, and empty
11-
proposal queue;
10+
schema `0.7.0` `projects` payload, weekly digest, burndown, trend snapshots,
11+
and empty proposal queue;
1212
- desktop consumer: `PortfolioCommandCenter` pointed at `output/demo`;
1313
- private services required: none;
1414
- live writes performed: none.
1515

16-
The next step before publishing is to capture screenshots or video frames from
17-
Portfolio Command Center while it is pointed at the fixture output directory,
18-
then add those images to this package.
16+
Captured public-safe frames:
17+
18+
- `screenshots/00-ops-tauri-window.png`: Tauri desktop shell reading the fixture
19+
output directory.
20+
- `screenshots/01-portfolio.png`: Portfolio tab.
21+
- `screenshots/02-risk-security.png`: Risk + Security tab.
22+
- `screenshots/03-burndown.png`: Burndown tab.
23+
- `screenshots/04-trends.png`: Trends tab.
24+
- `screenshots/05-weekly-digest.png`: Weekly Digest tab.
25+
26+
The tab frames were captured from the PortfolioCommandCenter React surface with
27+
Tauri IPC mocked to the same fixture files under `output/demo/`. The desktop
28+
shell frame was captured from the live Tauri window launched with the fixture
29+
output path preselected.
Lines changed: 46 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,46 @@
1+
# Public Fixture Verification Notes
2+
3+
Date: 2026-06-27
4+
5+
## Fixture Truth
6+
7+
- Fixture input: `fixtures/demo/sample-report.json`.
8+
- Generated output directory: `output/demo`.
9+
- Portfolio truth schema: `0.7.0`.
10+
- Visible project names: `RepoA`, `RepoB`, `RepoC`.
11+
- Visible workspace root: `fixtures/demo`.
12+
13+
## Commands Run
14+
15+
```sh
16+
./.venv/bin/python scripts/build_demo_artifacts.py
17+
./.venv/bin/python scripts/validate_proof_package.py docs/demo-proof/public-fixture/proof-package.json
18+
pnpm typecheck
19+
pnpm test
20+
pnpm build
21+
pnpm demo:desktop:fixture
22+
```
23+
24+
## Visual Capture
25+
26+
- Desktop shell frame captured from the live Tauri window with `screencapture -l`.
27+
- Tab frames captured from the PortfolioCommandCenter React app served by Vite,
28+
with Tauri IPC mocked to the same fixture files in `output/demo`.
29+
- Captured tabs: Portfolio, Risk + Security, Burndown, Trends, Weekly Digest.
30+
31+
## Public-Safety Review
32+
33+
Manual inspection confirmed the retained frames show fixture labels only:
34+
35+
- repo names are `RepoA`, `RepoB`, `RepoC`;
36+
- paths are relative fixture paths such as `fixtures/demo/RepoA`;
37+
- app output directory is the public fixture output directory;
38+
- advisories and packages are synthetic (`demo-runtime`, `demo-ui-kit`,
39+
`GHSA-DEMO-0001`, `GHSA-DEMO-0002`);
40+
- no terminal, browser chrome, account menu, local absolute path, token, email,
41+
calendar, Slack, Notion row, bridge-db row, personal-ops data, SecondBrain
42+
content, or real security finding is visible.
43+
44+
Known visible caveat: the fixture date is intentionally `2026-04-12`, so the app
45+
shows a stale-data banner on 2026-06-27. That banner is public-safe, but a future
46+
polish pass may choose to make fixture freshness deterministic for public demos.
Lines changed: 49 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,49 @@
1+
# Website-Ready Demo Block
2+
3+
## Operator OS Demo: Portfolio Command Center
4+
5+
Portfolio Command Center is the public-safe cockpit for the Operator OS idea: a
6+
local-first truth engine turns a small repo portfolio into risk posture,
7+
security burndown, trend evidence, and one operator-approved next move.
8+
9+
This demo uses fixture data only. The app is pointed at generated
10+
GithubRepoAuditor artifacts under `output/demo`, not the private live portfolio.
11+
The screenshots show three synthetic repos (`RepoA`, `RepoB`, `RepoC`), two
12+
synthetic advisory groups, and a weekly digest that reduces the fixture
13+
portfolio to one decision.
14+
15+
### What The Frames Show
16+
17+
- Portfolio: each project carries risk, attention state, context quality, tool
18+
provenance, and open high/critical alert counts.
19+
- Risk + Security: elevated projects and alert totals become a portfolio-level
20+
attention map.
21+
- Burndown: two synthetic advisories are grouped by the package fix that clears
22+
the affected repos.
23+
- Trends: fixture history shows whether risk is improving or getting noisier.
24+
- Weekly Digest: the system produces one headline, one decision, and one next
25+
move.
26+
27+
### What Stays Private
28+
29+
The public demo does not expose the real local portfolio, real repo names, local
30+
absolute paths, live security findings, terminals, account state, Notion, email,
31+
calendar, Slack, bridge-db, personal-ops, SecondBrain, tokens, cookies, env
32+
values, or raw agent/session records. The shareable product is the operating
33+
pattern: generated truth, visible risk, grouped remediation, trend evidence, and
34+
human approval gates.
35+
36+
### Suggested Page Copy
37+
38+
Operator OS is the missing control plane for AI-assisted builders: it turns
39+
scattered agent work and repo sprawl into verified truth, visible risk, and one
40+
operator-approved next move.
41+
42+
Pair the copy with these local assets:
43+
44+
- `screenshots/00-ops-tauri-window.png`
45+
- `screenshots/01-portfolio.png`
46+
- `screenshots/02-risk-security.png`
47+
- `screenshots/03-burndown.png`
48+
- `screenshots/04-trends.png`
49+
- `screenshots/05-weekly-digest.png`

docs/demo-proof/public-fixture/proof-package.json

Lines changed: 71 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -12,14 +12,14 @@
1212
"commands": [
1313
"make demo",
1414
"python scripts/validate_proof_package.py docs/demo-proof/public-fixture/proof-package.json",
15-
"pnpm demo:desktop"
15+
"pnpm demo:desktop:fixture"
1616
]
1717
},
1818
"source_state": {
1919
"source_data_mode": "fixture",
2020
"fixture": "../../../fixtures/demo/sample-report.json",
2121
"generated_output_dir": "../../../output/demo",
22-
"source_truth_schema": "demo-pcc-v1",
22+
"source_truth_schema": "0.7.0",
2323
"freshness_window_hours": null
2424
},
2525
"claims": [
@@ -72,29 +72,35 @@
7272
},
7373
{
7474
"id": "visual-capture",
75-
"statement": "Final public screenshots or video frames still need a frame-level privacy review after capture.",
76-
"status": "partial",
75+
"statement": "Public-safe Portfolio Command Center frames were captured from the fixture-backed desktop shell and React tab surfaces.",
76+
"status": "passed",
7777
"evidence": [
78-
"summary"
78+
"summary",
79+
"verification-notes",
80+
"screenshot-ops-shell",
81+
"screenshot-portfolio",
82+
"screenshot-risk-security",
83+
"screenshot-burndown",
84+
"screenshot-trends",
85+
"screenshot-weekly-digest"
7986
]
8087
}
8188
],
8289
"verification": {
83-
"overall": "partial",
90+
"overall": "passed",
8491
"checks": [
8592
{
8693
"name": "manifest references fixture input and generated output paths",
8794
"status": "passed"
8895
},
8996
{
9097
"name": "visual capture from Portfolio Command Center",
91-
"status": "partial"
98+
"status": "passed"
9299
}
93100
],
94101
"missing_receipts": [],
95102
"known_gaps": [
96-
"This package proves the data path and recording boundary. It does not include captured public screenshots yet.",
97-
"Portfolio Command Center must be pointed at output/demo during recording."
103+
"The fixture date is intentionally static, so screenshots show the app stale-data banner when viewed after the fixture date."
98104
]
99105
},
100106
"safety": {
@@ -222,6 +228,62 @@
222228
"path": "../../../output/demo/portfolio-warehouse.db",
223229
"description": "Generated demo warehouse snapshot.",
224230
"required": true
231+
},
232+
{
233+
"id": "verification-notes",
234+
"kind": "verification-notes",
235+
"path": "VERIFICATION-NOTES.md",
236+
"description": "Commands run, capture method, and public-safety review notes.",
237+
"required": true
238+
},
239+
{
240+
"id": "website-content",
241+
"kind": "website-copy",
242+
"path": "WEBSITE-CONTENT.md",
243+
"description": "Website-ready Operator OS demo content block and what-stays-private copy.",
244+
"required": true
245+
},
246+
{
247+
"id": "screenshot-ops-shell",
248+
"kind": "screenshot",
249+
"path": "screenshots/00-ops-tauri-window.png",
250+
"description": "Tauri desktop shell pointed at fixture output.",
251+
"required": true
252+
},
253+
{
254+
"id": "screenshot-portfolio",
255+
"kind": "screenshot",
256+
"path": "screenshots/01-portfolio.png",
257+
"description": "Portfolio tab rendered from fixture truth.",
258+
"required": true
259+
},
260+
{
261+
"id": "screenshot-risk-security",
262+
"kind": "screenshot",
263+
"path": "screenshots/02-risk-security.png",
264+
"description": "Risk and Security tab rendered from fixture truth.",
265+
"required": true
266+
},
267+
{
268+
"id": "screenshot-burndown",
269+
"kind": "screenshot",
270+
"path": "screenshots/03-burndown.png",
271+
"description": "Burndown tab rendered from fixture security burndown.",
272+
"required": true
273+
},
274+
{
275+
"id": "screenshot-trends",
276+
"kind": "screenshot",
277+
"path": "screenshots/04-trends.png",
278+
"description": "Trends tab rendered from fixture truth history.",
279+
"required": true
280+
},
281+
{
282+
"id": "screenshot-weekly-digest",
283+
"kind": "screenshot",
284+
"path": "screenshots/05-weekly-digest.png",
285+
"description": "Weekly Digest tab rendered from fixture digest.",
286+
"required": true
225287
}
226288
]
227289
}
374 KB
Loading
144 KB
Loading
154 KB
Loading
127 KB
Loading

0 commit comments

Comments
 (0)