Skip to content

chore(docs): resolve Copilot review comments from PR #67/#69#70

Merged
ahmetabdullahgultekin merged 1 commit into
masterfrom
chore/doc-copilot-polish-2026-05-21
May 28, 2026
Merged

chore(docs): resolve Copilot review comments from PR #67/#69#70
ahmetabdullahgultekin merged 1 commit into
masterfrom
chore/doc-copilot-polish-2026-05-21

Conversation

@ahmetabdullahgultekin

Copy link
Copy Markdown
Contributor

Summary

Low-risk doc/config polish resolving the Copilot review comments left on PR #67 (infra(traefik+ops), merged) and PR #69 (which carried the same docs-site / landing-website files into master). No behavior change to running services; the only executable change is a more-robust docs-site healthcheck path (probes the dedicated /health endpoint instead of /).

Each change was re-verified against the actual file/config on master before editing — none had already been fixed.

Changes ↔ Copilot comments

archive/2026-05/plans/OPERATOR_ACTIONS_2026-05-12.md

docs-site/html/identity/index.html (~:237)

landing-website/src/index.css (~:33)

docs-site/docker-compose.prod.yml (~:17)

infra/traefik/README.md (~:34-35)

  • Copilot (PR infra(traefik+ops): XFF strip + OPERATOR_ACTIONS 2026-05-12 #67, line 34) — Validate step: docker compose ... config only validates the Compose file, not Traefik's YAML. Split into 2a (Compose, with a note that it does not cover Traefik config) and 2b (a one-shot throwaway-container Traefik dry-run against the live traefik.yml/dynamic.yml).
  • Copilot (PR infra(traefik+ops): XFF strip + OPERATOR_ACTIONS 2026-05-12 #67, line 35) — verify step / access logs: traefik.yml sets accessLog.filePath: /var/log/traefik/access.log, so access logs go to that file, not stdout. The verify step now reads /var/log/traefik/access.log via docker exec, and notes that docker logs traefik only shows the runtime/error log.

Notes

  • Worked in an isolated worktree off origin/master; the dirty live checkout was not touched.
  • DO NOT MERGE — opened for review only.

🤖 Generated with Claude Code

Low-risk doc/config polish for items Copilot flagged on PR #67 (and PR #69
where those files reached master). No behavior change to running services;
the only executable change is a more-robust docs-site healthcheck path.

- archive/.../OPERATOR_ACTIONS_2026-05-12.md:
  - redact partial live secret (API_KEY_SECRET=fcb06b7… → <redacted>)
  - main update: normal fast-forward `git push origin master:main`,
    reserve --force-with-lease for documented recovery only
  - add LOW to the severity legend (items 9-11 use it)
  - make item-count self-reference consistent (states 11; notes five→11 growth)
  - grammar: "a deliberately misuse" → "a deliberate misuse"
- docs-site/html/identity/index.html: fallback copy now says the OpenAPI
  spec is publicly available at /identity/openapi.json (it ships public)
- landing-website/src/index.css: comment now accurately describes the
  locale-aware :lang(en) uppercasing; drop the false belt-and-braces /
  codepoint-forcing claim and the duplicate text-transform line
- docs-site/docker-compose.prod.yml: healthcheck probes /health (the
  dedicated nginx endpoint) instead of /
- infra/traefik/README.md: add a Traefik-config dry-run validate step
  (compose config only validates the Compose file) and note access logs
  go to /var/log/traefik/access.log per accessLog.filePath, not stdout

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings May 21, 2026 16:21

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Resolves prior Copilot review feedback across docs/config files, including a small operational improvement to the docs-site container healthcheck by probing the dedicated /health endpoint.

Changes:

  • Polishes operator/runbook docs (severity legend, wording fixes, safer git push guidance, and secret redaction).
  • Updates docs-site Identity fallback copy to correctly point to the public OpenAPI spec URL.
  • Improves infra/docs operational guidance (Traefik validation/verification steps) and makes docs-site healthchecks more robust.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
archive/2026-05/plans/OPERATOR_ACTIONS_2026-05-12.md Runbook wording/legend updates, secret redaction, and safer branch reconciliation instructions.
docs-site/html/identity/index.html Corrects fallback text to link to the public /identity/openapi.json.
landing-website/src/index.css Refines locale-aware uppercasing comment/selector and removes redundant declaration.
docs-site/docker-compose.prod.yml Updates container healthcheck to probe /health instead of /.
infra/traefik/README.md Splits validation steps and updates access-log verification instructions.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment on lines 199 to +203
biometric API key plaintext into `web-app/.env.production`. The bio-side
key was rotated 2026-04-30 05:05 UTC and confirmed dead — the live value
is now `API_KEY_SECRET=fcb06b7…` (verified by the 2026-05-12 security
review). However the on-disk template at
is now `API_KEY_SECRET=<redacted>` (verified by the 2026-05-12 security
review; fetch the real value from the host `.env.prod` / secret store, not
this doc). However the on-disk template at
Comment thread infra/traefik/README.md
Comment on lines +31 to +37
# boot a throwaway container against the live config and watch for
# "configuration error" lines. It exits non-zero on a fatal parse error.
docker run --rm \
-v /opt/projects/infra/traefik/config/traefik.yml:/etc/traefik/traefik.yml:ro \
-v /opt/projects/infra/traefik/config/dynamic.yml:/etc/traefik/dynamic.yml:ro \
traefik:v3 traefik --configfile=/etc/traefik/traefik.yml 2>&1 \
| grep -iE "error|invalid" || echo "no config errors detected"
@ahmetabdullahgultekin ahmetabdullahgultekin merged commit b256215 into master May 28, 2026
5 checks passed
ahmetabdullahgultekin added a commit that referenced this pull request May 28, 2026
api rebuilt (8 security fixes live + JWT-aud env fix + #112 go-offline fix);
scan merges (#70/#94/#101/#102/#99 + bio #104/#106/#108/#109), closes
(#18/#68/#107), and holds (#105/#90/#54/#56); card detection now client-side
but the deployed model is the 51MB YOLOv8m — Ayşenur's 12MB nano binary is
not in the repo (gitignored) and must be delivered.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
ahmetabdullahgultekin added a commit that referenced this pull request May 31, 2026
…5-31) (#112)

api: SMS-OTP prefix constant + dead authz service removed + email-token log dropped (#171).
web: dead userEnrollment feature deleted, useCamera relocated (#146); dashboard chip (#145).
spoof: amispoof single-source weight badges (#70) + UNCERTAIN tri-state (#69).

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants