docs: prune stale backlog sources

[nisavid]

Summary

• refresh the non-security backlog so it only carries active follow-up before GitHub Issues migration
• update the security backlog with current partial-handled status and missing Browser/Chrome, Computer Use, generated-app, and open-target review surfaces
• remove obsolete one-time upstream-sync plan and PR chore: sync upstream main #10 postmortem after folding their remaining live references into maintained docs

Verification

• git diff --check
• rg -n "2026-05-02-upstream-sync-doc-alignment|upstream-sync-doc-alignment|pr10-fork-sync|postmortems/pr10|PR #10 Fork Sync Post-Mortem|postmortem =" .
• rg -n "Computer Use desktop-control|Chrome native-host|generated-app Electron|open-target discovery|hash-refresh PRs|public package signing" docs/maintainers/security-backlog.md docs/maintainers/threat-model.md README.md

Notes

Docs-only cleanup; no app generation or package build required.

Summary by CodeRabbit

• Documentation

  • Updated docs: narrowed backlog to non-security follow-up and added a “Backlog” entry for tracking migration to issue tracker.
  • Removed several historical plan/postmortem pages and a trailing incident reference to streamline maintainer guidance.
  • Expanded security backlog and review guidance with additional control categories and clearer desired-state items.

• Chores

  • Cleaned configuration to remove an obsolete documentation reference.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 41616a74-06e7-4f24-a44f-8126ad21569e

📥 Commits

Reviewing files that changed from the base of the PR and between a2e96b6 and 95dc3ec.

📒 Files selected for processing (7)

• .agents/fork-sync-policy.toml
• docs/README.md
• docs/backlog.md
• docs/maintainers/fork-sync-policy.md
• docs/maintainers/postmortems/pr10-fork-sync.md
• docs/maintainers/security-backlog.md
• docs/superpowers/plans/2026-05-02-upstream-sync-doc-alignment.md

💤 Files with no reviewable changes (4)

• docs/maintainers/fork-sync-policy.md
• docs/superpowers/plans/2026-05-02-upstream-sync-doc-alignment.md
• .agents/fork-sync-policy.toml
• docs/maintainers/postmortems/pr10-fork-sync.md

---

📝 Walkthrough

Walkthrough

This PR consolidates and updates project documentation by removing PR #10 fork-sync postmortem and planning artifacts, rewriting the backlog structure to clarify non-security follow-up migration to GitHub Issues, and expanding security boundary review guidance across generated-app Electron/IPC, Linux desktop control, and browser native-host surfaces.

Changes

Documentation Consolidation and Backlog Updates

Layer / File(s)	Summary
Documentation index and reference updates docs/README.md	Removes PR #10 Fork Sync Post-Mortem from "Understand The Design" section and adds Backlog link under "Pick Up Agent Work" describing non-security follow-up tracking until migration to GitHub Issues.
Backlog documentation rewrite docs/backlog.md	Backlog content refocused on non-security follow-up only, removing "Recently Completed" and "Security Follow-Up" sections. New "Current Follow-Up" section lists migration to GitHub Issues (with preservation/link/cleanup steps) and README visual improvements as active items.
Security backlog scope and review guidance docs/maintainers/security-backlog.md	Expands @codex-security plugin scope to explicitly include Computer Use desktop control and other security boundaries. Adds Medium Priority sections for generated-app Electron/IPC/file-manager handling, Linux Computer Use desktop-control boundary, and bundled browser/Chrome native-host boundary with review expectations. Refines hash-refresh workflow, build-input pinning (including Rust bootstrap), and package signing/provenance descriptions. Replaces Lower Priority IPC section with Linux open-target discovery and .desktop entry review guidance including allowlist parsing and command-shape sanitization.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• nisavid/codex-app-linux#13: Added fork-sync guardrails and PR #10 postmortem wiring that this PR removes from configuration and documentation.

Poem

🐰
Old postmortems tucked away,
New backlog bounces bright,
Security lanes widened today,
Docs hop onward, light as night. 🥕

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'docs: prune stale backlog sources' accurately and concisely describes the primary change: removing obsolete documentation and reorganizing backlog files.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[greptile-apps]

Greptile Summary

This docs-only PR prunes two obsolete one-time documents (the PR #10 fork-sync post-mortem and the 2026-05-02 upstream-sync alignment plan) and refreshes both the general backlog and the security backlog to reflect current partial-handled status and newly identified review surfaces.

• Removes docs/maintainers/postmortems/pr10-fork-sync.md and docs/superpowers/plans/2026-05-02-upstream-sync-doc-alignment.md, updating all cross-references in .agents/fork-sync-policy.toml, docs/README.md, and docs/maintainers/fork-sync-policy.md accordingly — no dangling links remain.
• Rewrites docs/backlog.md to carry only active follow-up (issues migration and README visuals) and adds a backlog pointer in the "Pick Up Agent Work" section of docs/README.md.
• Expands docs/maintainers/security-backlog.md with three new sections covering generated-app Electron/IPC, Linux Computer Use desktop-control, and bundled browser/Chrome native-host boundaries, and clarifies partial-handled status on hash-refresh and package signing items.

Confidence Score: 5/5

Docs-only cleanup with no app code touched; all cross-references to deleted files have been verified absent from the repo.

Every reference to the two deleted documents has been removed from the live codebase, and the backlog and security-backlog updates are consistent with the rest of the maintained docs. No broken links, no configuration keys pointing to non-existent paths.

No files require special attention.

Important Files Changed

Filename	Overview
.agents/fork-sync-policy.toml	Removes the postmortem key pointing to the deleted file; the rest of the policy config is unchanged and consistent.
docs/README.md	Removes the postmortem link from the maintainer section and adds a backlog pointer in the agent-work section; structure is coherent.
docs/backlog.md	Replaces completed-history entries with two current follow-up items; updated preamble clarifies the file's lifecycle intent.
docs/maintainers/fork-sync-policy.md	Removes the ## Incident Reference section that linked to the now-deleted postmortem; no other content changed.
docs/maintainers/postmortems/pr10-fork-sync.md	Deleted historical document; all references to it have been removed from the rest of the repo.
docs/maintainers/security-backlog.md	Adds three new review-surface sections and clarifies partial-handled status on existing items; the Lower Priority section's IPC entry is correctly replaced by the elevated version in the main section.
docs/superpowers/plans/2026-05-02-upstream-sync-doc-alignment.md	Deleted completed one-time plan; no references to it remain in the repository.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[docs/README.md] -->|links to| B[docs/backlog.md]
    A -->|links to| C[docs/maintainers/fork-sync-policy.md]
    A -->|links to| D[docs/maintainers/security-backlog.md]
    C -->|was linking to - REMOVED| E[~~postmortems/pr10-fork-sync.md~~]
    F[.agents/fork-sync-policy.toml] -->|policy.sync_procedure| C
    F -->|policy.canonical_inventory| G[docs/maintainers/fork-divergences.md]
    F -->|postmortem key - REMOVED| E
    H[~~2026-05-02-upstream-sync-doc-alignment.md~~] -->|deleted one-time plan| Z[archived]
    E -->|deleted historical doc| Z

    style E fill:#ffcccc,stroke:#cc0000
    style H fill:#ffcccc,stroke:#cc0000
    style Z fill:#f0f0f0,stroke:#999

Loading

_{Reviews (2): Last reviewed commit: "docs: prune stale backlog sources" | Re-trigger Greptile}

[Copilot]

Pull request overview

This PR prunes stale, one-time documentation sources and refreshes the maintainer backlogs so they only track active follow-up work ahead of the planned migration to GitHub Issues.

Changes:

• Remove the obsolete upstream-sync doc alignment plan and the PR #10 fork-sync postmortem, including all inbound references.
• Refresh docs/backlog.md and wire it into the docs index as the canonical non-security follow-up list until Issues migration.
• Expand and re-prioritize the security backlog to include additional review surfaces (generated-app Electron/IPC, Computer Use desktop control, bundled browser / Chrome native-host, and open-target discovery).

Reviewed changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
docs/superpowers/plans/2026-05-02-upstream-sync-doc-alignment.md	Removed obsolete one-time plan now that remaining guidance is folded into maintained docs.
docs/maintainers/postmortems/pr10-fork-sync.md	Removed PR #10 postmortem document after pruning/relocating remaining live references.
docs/README.md	Drops the postmortem link and adds a pointer to the canonical non-security backlog.
docs/backlog.md	Replaces the stale “Recently Completed” content with a short, current non-security follow-up list and migration note.
docs/maintainers/security-backlog.md	Updates the workflow scope and adds missing/updated security review surfaces and priorities.
docs/maintainers/fork-sync-policy.md	Removes the “Incident Reference” section linking to the deleted postmortem.
.agents/fork-sync-policy.toml	Removes the postmortem pointer now that the postmortem doc has been deleted.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@docs/maintainers/security-backlog.md`:
- Around line 77-80: The sentence in docs/maintainers/security-backlog.md that
mentions `main`, refreshed Nix SRI hashes, and a separate Apple DMG verification
workflow is a run-on and should be split for clarity: refactor the long sentence
into two (or three) concise sentences so each clause is its own statement—for
example, one sentence describing that the refresh updates `main` and Nix SRI
hashes, a second noting the repository maintains a separate Apple DMG
verification workflow, and a final sentence stating the remaining requirements
(machine-produced upstream version/build and Apple signature/notarization
evidence) before accepting a changed Nix trust root; update the surrounding
punctuation and conjunctions accordingly.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: e3521094-72de-450a-a9d9-4056a44def98

📥 Commits

Reviewing files that changed from the base of the PR and between 940e41c and a2e96b6.

📒 Files selected for processing (7)

• .agents/fork-sync-policy.toml
• docs/README.md
• docs/backlog.md
• docs/maintainers/fork-sync-policy.md
• docs/maintainers/postmortems/pr10-fork-sync.md
• docs/maintainers/security-backlog.md
• docs/superpowers/plans/2026-05-02-upstream-sync-doc-alignment.md

💤 Files with no reviewable changes (4)

• docs/maintainers/postmortems/pr10-fork-sync.md
• .agents/fork-sync-policy.toml
• docs/maintainers/fork-sync-policy.md
• docs/superpowers/plans/2026-05-02-upstream-sync-doc-alignment.md