chore: prepare repo for public-readiness audit#217
Merged
Conversation
Subdomain provisioned 2026-05-06 (sharp-api-go #340). Recommend `https://mcp.sharpapi.io/mcp` as the canonical setup URL across the Claude Desktop / Claude Code / generic-MCP-client tabs and the callout banner. `https://api.sharpapi.io/mcp` continues to serve indefinitely as a legacy alias — no breaking change for existing users. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
test-api.sh now reads the API key from $SHARPAPI_API_KEY at runtime instead of containing a hardcoded value. TEST_REPORT.md now shows [redacted] in the metadata block. This is paired with a history rewrite that removed the previously committed key from every commit in the repo. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Clean up internal cruft, add standard public-repo files, and tighten
the docs site theme.
Removed (internal artifacts not appropriate for a public repo):
- INFRASTRUCTURE_TIER_ANALYSIS.md, pricing-update.md, TEST_REPORT.md,
test-results.json, test-api.sh — internal tier-audit docs and test
fixtures that referenced upstream service internals.
- .claude/agents/{doc-sync,openapi-validator}.md — stale (targeted the
archived TS API) and disclosed dev-server filesystem layout +
staging hostname.
- package-lock.json — npm lockfile coexisting with pnpm-lock.yaml; the
project uses pnpm.
Added:
- LICENSE — proprietary / all-rights-reserved.
- SECURITY.md — vulnerability disclosure address and scope.
- CONTRIBUTING.md — local-dev steps, PR guidelines, style notes.
Updated:
- README.md — replaced stale "Pricing Page Update COMPLETED" changelog
with a real overview, build/dev commands, and project layout.
- .gitignore — explicit ignores for .env, .local/, .worktrees/, ~/.
- cliff.toml — repo owner was wrong (sharpapi -> Mlaz-code).
- app/[lang]/layout.tsx + styles/globals.css — extract inline styles
to CSS classes, polish footer with link grid, soften navbar CTA.
|
The latest updates on your projects. Learn more about Vercel for GitHub. 1 Skipped Deployment
|
…files Adds entries for: - OS clutter: macOS (.DS_Store, .Spotlight-V100), Windows (Thumbs.db, Desktop.ini) - Editors: .idea/, .vscode/* (with allow-list for shared settings/extensions), swap files, fleet, zed - Caches: .turbo, .swc, .eslintcache, .stylelintcache, next-env.d.ts.local - Test/coverage: coverage/, *.lcov, .nyc_output/ - Logs: pnpm-debug.log* and friends - Alt lockfiles: package-lock.json, yarn.lock, bun.lockb (project uses pnpm) - Cert/key files: *.pem, *.key, *.crt, *.p12, *.pfx - More Claude / agent paths: memory/, projects/, settings.local.json, local/ - Misc: .sentryclirc, .envrc, *.pid, *.bak/orig/rej/tmp, .tdev/ Verified that no currently-tracked files are now matched.
Mlaz-code
force-pushed
the
chore/public-readiness-cleanup
branch
from
278bc13 to
aa35ca2
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Public-readiness pass found in this session's audit. Companion to the earlier history-rewrite commit (
cb92c7b) that already scrubbed the leakedsk_live_*token.Changes
Removed (internal artifacts not appropriate for a public repo):
INFRASTRUCTURE_TIER_ANALYSIS.md,pricing-update.md,TEST_REPORT.md,test-results.json,test-api.sh— internal tier-audit docs and test fixtures with stale numbers and references to upstream service internals (OddsJam proxy, internal Redis schema)..claude/agents/doc-sync.md,.claude/agents/openapi-validator.md— stale (pointed at the archived TS API at/root/sharp-api) and disclosed dev-server filesystem layout + the staging hostnameapi.sharpapi.dev.package-lock.json— npm lockfile coexisting withpnpm-lock.yaml; project uses pnpm.Added:
LICENSE— proprietary / all-rights-reserved (matches the existing OpenAPI spec license declaration).SECURITY.md— vulnerability disclosure address and scope.CONTRIBUTING.md— local-dev steps, PR guidelines, style notes.Updated:
README.md— replaced stale "Pricing Page Update COMPLETED" changelog with a real overview, build/dev commands, and project layout..gitignore— explicit ignores for.env,.local/,.worktrees/,~/so dev-box artifacts don't get committed.cliff.toml— repo owner wassharpapi(no such org); fixed toMlaz-code.app/[lang]/layout.tsx+styles/globals.css— extract inline styles to CSS classes, add multi-link footer (Home / Pricing / Status / GitHub), soften navbar CTA, light typography polish on tables and code.Test plan
pnpm typecheckpassesdevbranch — this PR targetsmain, will be validated by the Deploy Production workflow's validate stage on PR push)Notes for the reviewer
root@api-dev.hs.chocopancake.com/root@api-dev.local— that's a separate clean-up if you want to remove the internal hostname from author metadata. This PR only sets the localgit config user.emailto your GitHub noreply for future commits; rewriting historical author emails would be a separate destructive op.public/openapi.jsonhad a working-tree timestamp drift (build-stamp output) that I deliberately did not include in this PR — it'll be regenerated naturally on the next CI build.🤖 Generated with Claude Code