-
Notifications
You must be signed in to change notification settings - Fork 0
Add public-safe Portfolio Command Center fixture proof package #120
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit
Hold shift + click to select a range
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,18 +1,29 @@ | ||
| # Public Fixture Demo Summary | ||
|
|
||
| Status: fixture proof package, pending visual capture. | ||
| Status: fixture proof package with public-safe visual capture. | ||
|
|
||
| This package establishes the safe public data path for the Operator OS / | ||
| Portfolio Command Center demo: | ||
|
|
||
| - fixture input: `fixtures/demo/sample-report.json`; | ||
| - generated artifacts: `output/demo/`, including the PortfolioCommandCenter | ||
| `projects` schema, weekly digest, burndown, trend snapshots, and empty | ||
| proposal queue; | ||
| schema `0.7.0` `projects` payload, weekly digest, burndown, trend snapshots, | ||
| and empty proposal queue; | ||
| - desktop consumer: `PortfolioCommandCenter` pointed at `output/demo`; | ||
| - private services required: none; | ||
| - live writes performed: none. | ||
|
|
||
| The next step before publishing is to capture screenshots or video frames from | ||
| Portfolio Command Center while it is pointed at the fixture output directory, | ||
| then add those images to this package. | ||
| Captured public-safe frames: | ||
|
|
||
| - `screenshots/00-ops-tauri-window.png`: Tauri desktop shell reading the fixture | ||
| output directory. | ||
| - `screenshots/01-portfolio.png`: Portfolio tab. | ||
| - `screenshots/02-risk-security.png`: Risk + Security tab. | ||
| - `screenshots/03-burndown.png`: Burndown tab. | ||
| - `screenshots/04-trends.png`: Trends tab. | ||
| - `screenshots/05-weekly-digest.png`: Weekly Digest tab. | ||
|
|
||
| The tab frames were captured from the PortfolioCommandCenter React surface with | ||
| Tauri IPC mocked to the same fixture files under `output/demo/`. The desktop | ||
| shell frame was captured from the live Tauri window launched with the fixture | ||
| output path preselected. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,46 @@ | ||
| # Public Fixture Verification Notes | ||
|
|
||
| Date: 2026-06-27 | ||
|
|
||
| ## Fixture Truth | ||
|
|
||
| - Fixture input: `fixtures/demo/sample-report.json`. | ||
| - Generated output directory: `output/demo`. | ||
| - Portfolio truth schema: `0.7.0`. | ||
| - Visible project names: `RepoA`, `RepoB`, `RepoC`. | ||
| - Visible workspace root: `fixtures/demo`. | ||
|
|
||
| ## Commands Run | ||
|
|
||
| ```sh | ||
| ./.venv/bin/python scripts/build_demo_artifacts.py | ||
| ./.venv/bin/python scripts/validate_proof_package.py docs/demo-proof/public-fixture/proof-package.json | ||
| pnpm typecheck | ||
| pnpm test | ||
| pnpm build | ||
| pnpm demo:desktop:fixture | ||
| ``` | ||
|
|
||
| ## Visual Capture | ||
|
|
||
| - Desktop shell frame captured from the live Tauri window with `screencapture -l`. | ||
| - Tab frames captured from the PortfolioCommandCenter React app served by Vite, | ||
| with Tauri IPC mocked to the same fixture files in `output/demo`. | ||
| - Captured tabs: Portfolio, Risk + Security, Burndown, Trends, Weekly Digest. | ||
|
|
||
| ## Public-Safety Review | ||
|
|
||
| Manual inspection confirmed the retained frames show fixture labels only: | ||
|
|
||
| - repo names are `RepoA`, `RepoB`, `RepoC`; | ||
| - paths are relative fixture paths such as `fixtures/demo/RepoA`; | ||
| - app output directory is the public fixture output directory; | ||
| - advisories and packages are synthetic (`demo-runtime`, `demo-ui-kit`, | ||
| `GHSA-DEMO-0001`, `GHSA-DEMO-0002`); | ||
| - no terminal, browser chrome, account menu, local absolute path, token, email, | ||
| calendar, Slack, Notion row, bridge-db row, personal-ops data, SecondBrain | ||
| content, or real security finding is visible. | ||
|
|
||
| Known visible caveat: the fixture date is intentionally `2026-04-12`, so the app | ||
| shows a stale-data banner on 2026-06-27. That banner is public-safe, but a future | ||
| polish pass may choose to make fixture freshness deterministic for public demos. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,49 @@ | ||
| # Website-Ready Demo Block | ||
|
|
||
| ## Operator OS Demo: Portfolio Command Center | ||
|
|
||
| Portfolio Command Center is the public-safe cockpit for the Operator OS idea: a | ||
| local-first truth engine turns a small repo portfolio into risk posture, | ||
| security burndown, trend evidence, and one operator-approved next move. | ||
|
|
||
| This demo uses fixture data only. The app is pointed at generated | ||
| GithubRepoAuditor artifacts under `output/demo`, not the private live portfolio. | ||
| The screenshots show three synthetic repos (`RepoA`, `RepoB`, `RepoC`), two | ||
| synthetic advisory groups, and a weekly digest that reduces the fixture | ||
| portfolio to one decision. | ||
|
|
||
| ### What The Frames Show | ||
|
|
||
| - Portfolio: each project carries risk, attention state, context quality, tool | ||
| provenance, and open high/critical alert counts. | ||
| - Risk + Security: elevated projects and alert totals become a portfolio-level | ||
| attention map. | ||
| - Burndown: two synthetic advisories are grouped by the package fix that clears | ||
| the affected repos. | ||
| - Trends: fixture history shows whether risk is improving or getting noisier. | ||
| - Weekly Digest: the system produces one headline, one decision, and one next | ||
| move. | ||
|
|
||
| ### What Stays Private | ||
|
|
||
| The public demo does not expose the real local portfolio, real repo names, local | ||
| absolute paths, live security findings, terminals, account state, Notion, email, | ||
| calendar, Slack, bridge-db, personal-ops, SecondBrain, tokens, cookies, env | ||
| values, or raw agent/session records. The shareable product is the operating | ||
| pattern: generated truth, visible risk, grouped remediation, trend evidence, and | ||
| human approval gates. | ||
|
|
||
| ### Suggested Page Copy | ||
|
|
||
| Operator OS is the missing control plane for AI-assisted builders: it turns | ||
| scattered agent work and repo sprawl into verified truth, visible risk, and one | ||
| operator-approved next move. | ||
|
|
||
| Pair the copy with these local assets: | ||
|
|
||
| - `screenshots/00-ops-tauri-window.png` | ||
| - `screenshots/01-portfolio.png` | ||
| - `screenshots/02-risk-security.png` | ||
| - `screenshots/03-burndown.png` | ||
| - `screenshots/04-trends.png` | ||
| - `screenshots/05-weekly-digest.png` |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Binary file not shown.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.