Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
34 changes: 29 additions & 5 deletions docs/demo-proof/public-fixture/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -35,17 +35,41 @@ From the sibling Portfolio Command Center repo:

```sh
pnpm install
pnpm demo:desktop
pnpm demo:desktop:fixture
```

Then set the output directory in the app header to:
The fixture launch script preloads the public-safe fixture output directory in
the app header.

```text
../GithubRepoAuditor/output/demo
```
Use `pnpm demo:desktop` only for manual live or custom-output review. Do not use
the live local default output directory for public recording.

## Captured Frames

Public-safe frames are included under `screenshots/`:

- `00-ops-tauri-window.png` - desktop shell proof.
- `01-portfolio.png` - portfolio table.
- `02-risk-security.png` - risk and security posture.
- `03-burndown.png` - grouped remediation view.
- `04-trends.png` - history and security drift.
- `05-weekly-digest.png` - weekly digest and next move.

The frames show only fixture repos (`RepoA`, `RepoB`, `RepoC`), synthetic
packages, synthetic advisory ids, relative fixture paths, and the fixture output
directory.

## Safety Claim

This package proves the demo can be produced from fixture data. It does not
prove that a recording is visually redacted. A final public recording still
needs a human pass for frame-level privacy review.

## What Stays Private

Do not publish live local portfolio output, real repo names, local absolute
paths, security findings from the real portfolio, terminals, account menus,
Notion, email, calendar, Slack, bridge-db, personal-ops, SecondBrain, tokens,
cookies, env values, or raw agent/session state. The public asset is the pattern:
fixture-backed truth, visible risk, grouped remediation, trend evidence, and one
operator-approved next move.
10 changes: 8 additions & 2 deletions docs/demo-proof/public-fixture/RECORDING-CHECKLIST.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,8 @@ Use this checklist for a public-safe Portfolio Command Center recording.
## Preflight

- [ ] Run `make demo` from `GithubRepoAuditor`.
- [ ] Run `pnpm demo:desktop` from `PortfolioCommandCenter`.
- [ ] Point Portfolio Command Center at `GithubRepoAuditor/output/demo`.
- [ ] Run `pnpm demo:desktop:fixture` from `PortfolioCommandCenter`.
- [ ] Confirm Portfolio Command Center is pointed at the fixture output directory.
- [ ] Confirm the visible data is fixture data, not the private live portfolio.
- [ ] Hide terminals, path bars, desktop clutter, account menus, and notification banners.

Expand All @@ -30,3 +30,9 @@ Use this checklist for a public-safe Portfolio Command Center recording.
- real security advisory details;
- Notion, email, calendar, Slack, bridge-db, or SecondBrain content;
- terminal scrollback, env vars, tokens, cookies, or config files.

## Existing Public-Safe Frames

Use the included `screenshots/` frames as still-image evidence or as the visual
source for a website case-study block. If recording new video, treat these
frames as the reference for what safe output looks like.
23 changes: 17 additions & 6 deletions docs/demo-proof/public-fixture/SUMMARY.md
Original file line number Diff line number Diff line change
@@ -1,18 +1,29 @@
# Public Fixture Demo Summary

Status: fixture proof package, pending visual capture.
Status: fixture proof package with public-safe visual capture.

This package establishes the safe public data path for the Operator OS /
Portfolio Command Center demo:

- fixture input: `fixtures/demo/sample-report.json`;
- generated artifacts: `output/demo/`, including the PortfolioCommandCenter
`projects` schema, weekly digest, burndown, trend snapshots, and empty
proposal queue;
schema `0.7.0` `projects` payload, weekly digest, burndown, trend snapshots,
and empty proposal queue;
- desktop consumer: `PortfolioCommandCenter` pointed at `output/demo`;
- private services required: none;
- live writes performed: none.

The next step before publishing is to capture screenshots or video frames from
Portfolio Command Center while it is pointed at the fixture output directory,
then add those images to this package.
Captured public-safe frames:

- `screenshots/00-ops-tauri-window.png`: Tauri desktop shell reading the fixture
output directory.
- `screenshots/01-portfolio.png`: Portfolio tab.
- `screenshots/02-risk-security.png`: Risk + Security tab.
- `screenshots/03-burndown.png`: Burndown tab.
- `screenshots/04-trends.png`: Trends tab.
- `screenshots/05-weekly-digest.png`: Weekly Digest tab.

The tab frames were captured from the PortfolioCommandCenter React surface with
Tauri IPC mocked to the same fixture files under `output/demo/`. The desktop
shell frame was captured from the live Tauri window launched with the fixture
output path preselected.
46 changes: 46 additions & 0 deletions docs/demo-proof/public-fixture/VERIFICATION-NOTES.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
# Public Fixture Verification Notes

Date: 2026-06-27

## Fixture Truth

- Fixture input: `fixtures/demo/sample-report.json`.
- Generated output directory: `output/demo`.
- Portfolio truth schema: `0.7.0`.
- Visible project names: `RepoA`, `RepoB`, `RepoC`.
- Visible workspace root: `fixtures/demo`.

## Commands Run

```sh
./.venv/bin/python scripts/build_demo_artifacts.py
./.venv/bin/python scripts/validate_proof_package.py docs/demo-proof/public-fixture/proof-package.json
pnpm typecheck
pnpm test
pnpm build
pnpm demo:desktop:fixture
```

## Visual Capture

- Desktop shell frame captured from the live Tauri window with `screencapture -l`.
- Tab frames captured from the PortfolioCommandCenter React app served by Vite,
with Tauri IPC mocked to the same fixture files in `output/demo`.
- Captured tabs: Portfolio, Risk + Security, Burndown, Trends, Weekly Digest.

## Public-Safety Review

Manual inspection confirmed the retained frames show fixture labels only:

- repo names are `RepoA`, `RepoB`, `RepoC`;
- paths are relative fixture paths such as `fixtures/demo/RepoA`;
- app output directory is the public fixture output directory;
- advisories and packages are synthetic (`demo-runtime`, `demo-ui-kit`,
`GHSA-DEMO-0001`, `GHSA-DEMO-0002`);
- no terminal, browser chrome, account menu, local absolute path, token, email,
calendar, Slack, Notion row, bridge-db row, personal-ops data, SecondBrain
content, or real security finding is visible.

Known visible caveat: the fixture date is intentionally `2026-04-12`, so the app
shows a stale-data banner on 2026-06-27. That banner is public-safe, but a future
polish pass may choose to make fixture freshness deterministic for public demos.
49 changes: 49 additions & 0 deletions docs/demo-proof/public-fixture/WEBSITE-CONTENT.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
# Website-Ready Demo Block

## Operator OS Demo: Portfolio Command Center

Portfolio Command Center is the public-safe cockpit for the Operator OS idea: a
local-first truth engine turns a small repo portfolio into risk posture,
security burndown, trend evidence, and one operator-approved next move.

This demo uses fixture data only. The app is pointed at generated
GithubRepoAuditor artifacts under `output/demo`, not the private live portfolio.
The screenshots show three synthetic repos (`RepoA`, `RepoB`, `RepoC`), two
synthetic advisory groups, and a weekly digest that reduces the fixture
portfolio to one decision.

### What The Frames Show

- Portfolio: each project carries risk, attention state, context quality, tool
provenance, and open high/critical alert counts.
- Risk + Security: elevated projects and alert totals become a portfolio-level
attention map.
- Burndown: two synthetic advisories are grouped by the package fix that clears
the affected repos.
- Trends: fixture history shows whether risk is improving or getting noisier.
- Weekly Digest: the system produces one headline, one decision, and one next
move.

### What Stays Private

The public demo does not expose the real local portfolio, real repo names, local
absolute paths, live security findings, terminals, account state, Notion, email,
calendar, Slack, bridge-db, personal-ops, SecondBrain, tokens, cookies, env
values, or raw agent/session records. The shareable product is the operating
pattern: generated truth, visible risk, grouped remediation, trend evidence, and
human approval gates.

### Suggested Page Copy

Operator OS is the missing control plane for AI-assisted builders: it turns
scattered agent work and repo sprawl into verified truth, visible risk, and one
operator-approved next move.

Pair the copy with these local assets:

- `screenshots/00-ops-tauri-window.png`
- `screenshots/01-portfolio.png`
- `screenshots/02-risk-security.png`
- `screenshots/03-burndown.png`
- `screenshots/04-trends.png`
- `screenshots/05-weekly-digest.png`
80 changes: 71 additions & 9 deletions docs/demo-proof/public-fixture/proof-package.json
Original file line number Diff line number Diff line change
Expand Up @@ -12,14 +12,14 @@
"commands": [
"make demo",
"python scripts/validate_proof_package.py docs/demo-proof/public-fixture/proof-package.json",
"pnpm demo:desktop"
"pnpm demo:desktop:fixture"
]
},
"source_state": {
"source_data_mode": "fixture",
"fixture": "../../../fixtures/demo/sample-report.json",
"generated_output_dir": "../../../output/demo",
"source_truth_schema": "demo-pcc-v1",
"source_truth_schema": "0.7.0",
"freshness_window_hours": null
},
"claims": [
Expand Down Expand Up @@ -72,29 +72,35 @@
},
{
"id": "visual-capture",
"statement": "Final public screenshots or video frames still need a frame-level privacy review after capture.",
"status": "partial",
"statement": "Public-safe Portfolio Command Center frames were captured from the fixture-backed desktop shell and React tab surfaces.",
"status": "passed",
"evidence": [
"summary"
"summary",
"verification-notes",
"screenshot-ops-shell",
"screenshot-portfolio",
"screenshot-risk-security",
"screenshot-burndown",
"screenshot-trends",
"screenshot-weekly-digest"
]
}
],
"verification": {
"overall": "partial",
"overall": "passed",
"checks": [
{
"name": "manifest references fixture input and generated output paths",
"status": "passed"
},
{
"name": "visual capture from Portfolio Command Center",
"status": "partial"
"status": "passed"
}
],
"missing_receipts": [],
"known_gaps": [
"This package proves the data path and recording boundary. It does not include captured public screenshots yet.",
"Portfolio Command Center must be pointed at output/demo during recording."
"The fixture date is intentionally static, so screenshots show the app stale-data banner when viewed after the fixture date."
]
},
"safety": {
Expand Down Expand Up @@ -222,6 +228,62 @@
"path": "../../../output/demo/portfolio-warehouse.db",
"description": "Generated demo warehouse snapshot.",
"required": true
},
{
"id": "verification-notes",
"kind": "verification-notes",
"path": "VERIFICATION-NOTES.md",
"description": "Commands run, capture method, and public-safety review notes.",
"required": true
},
{
"id": "website-content",
"kind": "website-copy",
"path": "WEBSITE-CONTENT.md",
"description": "Website-ready Operator OS demo content block and what-stays-private copy.",
"required": true
},
{
"id": "screenshot-ops-shell",
"kind": "screenshot",
"path": "screenshots/00-ops-tauri-window.png",
"description": "Tauri desktop shell pointed at fixture output.",
"required": true
},
{
"id": "screenshot-portfolio",
"kind": "screenshot",
"path": "screenshots/01-portfolio.png",
"description": "Portfolio tab rendered from fixture truth.",
"required": true
},
{
"id": "screenshot-risk-security",
"kind": "screenshot",
"path": "screenshots/02-risk-security.png",
"description": "Risk and Security tab rendered from fixture truth.",
"required": true
},
{
"id": "screenshot-burndown",
"kind": "screenshot",
"path": "screenshots/03-burndown.png",
"description": "Burndown tab rendered from fixture security burndown.",
"required": true
},
{
"id": "screenshot-trends",
"kind": "screenshot",
"path": "screenshots/04-trends.png",
"description": "Trends tab rendered from fixture truth history.",
"required": true
},
{
"id": "screenshot-weekly-digest",
"kind": "screenshot",
"path": "screenshots/05-weekly-digest.png",
"description": "Weekly Digest tab rendered from fixture digest.",
"required": true
}
]
}
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
2 changes: 1 addition & 1 deletion output/demo/dashboard-sample-user-2026-04-12.html
Original file line number Diff line number Diff line change
Expand Up @@ -723,7 +723,7 @@ <h2>Writeback Results</h2>
<h2>Tech Radar</h2>
<table>
<thead><tr><th>Language</th><th>Repos</th><th>Trend</th><th>Category</th></tr></thead>
<tbody><tr><td>TypeScript</td><td class="num">44</td><td class="sparkline">▁▂▆▆▆▆▆▇▇█</td><td style="color:#166534;font-weight:bold">Adopt</td></tr><tr><td>Rust</td><td class="num">32</td><td class="sparkline">▁▁▁▁▁▁▁███</td><td style="color:#6B7280;font-weight:bold">Hold</td></tr><tr><td>Python</td><td class="num">19</td><td class="sparkline">▁▂▄▄▄▄▄▅██</td><td style="color:#166534;font-weight:bold">Adopt</td></tr><tr><td>Swift</td><td class="num">16</td><td class="sparkline">▅▅▅▅▅▅▅▅▅▅</td><td style="color:#6B7280;font-weight:bold">Hold</td></tr><tr><td>Shell</td><td class="num">4</td><td class="sparkline">▁▁▁▁▂▂▂▂██</td><td style="color:#1565C0;font-weight:bold">Trial</td></tr><tr><td>Makefile</td><td class="num">3</td><td class="sparkline">▁█▆▆▆▆▆▆▆▆</td><td style="color:#1565C0;font-weight:bold">Trial</td></tr><tr><td>GDScript</td><td class="num">3</td><td class="sparkline">▅▅▅▅▅▅▅▅▅▅</td><td style="color:#6B7280;font-weight:bold">Hold</td></tr><tr><td>JavaScript</td><td class="num">2</td><td class="sparkline">▅▅▅▅▅▅▅▅▅▅</td><td style="color:#6B7280;font-weight:bold">Hold</td></tr><tr><td>PLpgSQL</td><td class="num">1</td><td class="sparkline">▅▅▅▅▅▅▅▅▅▅</td><td style="color:#6B7280;font-weight:bold">Hold</td></tr><tr><td>Go</td><td class="num">1</td><td class="sparkline">▁▁████████</td><td style="color:#1565C0;font-weight:bold">Trial</td></tr></tbody>
<tbody><tr><td>Python</td><td class="num">2</td><td class="sparkline"></td><td style="color:#6B7280;font-weight:bold">Hold</td></tr><tr><td>TypeScript</td><td class="num">1</td><td class="sparkline"></td><td style="color:#6B7280;font-weight:bold">Hold</td></tr></tbody>
</table>
</div>

Expand Down
18 changes: 18 additions & 0 deletions output/demo/demo-report.json
Original file line number Diff line number Diff line change
Expand Up @@ -553,5 +553,23 @@
"next_best_action_rationale": null
}
}
],
"language_trends": [
{
"language": "Python",
"current_count": 2,
"category": "Hold",
"repos_per_run": [
2
]
},
{
"language": "TypeScript",
"current_count": 1,
"category": "Hold",
"repos_per_run": [
1
]
}
]
}
Binary file modified output/demo/demo-workbook.xlsx
Binary file not shown.
Loading