Skip to content

chore(privacy): anonymise dogfood examples + enforce a name denylist#163

Merged
BenSheridanEdwards merged 1 commit into
mainfrom
chore/privacy-denylist
Jul 5, 2026
Merged

chore(privacy): anonymise dogfood examples + enforce a name denylist#163
BenSheridanEdwards merged 1 commit into
mainfrom
chore/privacy-denylist

Conversation

@BenSheridanEdwards

Copy link
Copy Markdown
Owner

Why

The inventory-guard doc used a private downstream project (by name, plus its routes and component labels) as its worked example. privacy:check never flagged it because nothing was on the denylist — the enforcement mechanism shipped, but unarmed. This anonymises the example and arms the guard so a name can't leak into the public package again.

What

  • docs/inventory-guard.md — the example now reads "a real dashboard app" with no project name. The illustrative nav items stay (they aren't identifying on their own); only the attribution changed.
  • .styleproof-privacy-denylist (new) — lists the private project names. privacy:check (run in prepublishOnly) now exits 1 on any future reintroduction in a public/packed file. The file itself isn't in the package files, so the names never ship.
  • scripts/privacy-check.mjsdenylist() is now exported so it's testable.
  • test/privacy-check.test.mjs — a new test asserts the shipped denylist file loads and blocks those names end to end, so the guard can't silently regress.

Verification

  • npm run privacy:check — scans 66 public text files, 0 findings.
  • node --test test/privacy-check.test.mjs5/5 (was 4; +1 for the shipped-denylist guard).
  • Manual proof the arming works: temporarily re-adding the name to a scanned file makes privacy:check exit 1 (denylist token: <name>); removed after.
  • Full pre-commit gate green: build, typecheck, lint, format, fallow.

No version bump: nothing here ships in the npm tarball (docs guide, denylist, scripts/, and tests are all outside the packed files), so there's no release to cut.

Proof

Not applicable — docs + repo tooling only, nothing browser-observable.

The inventory-guard doc named a private downstream project by name (and its
routes) as its worked example. privacy:check never caught it because nothing
was on the denylist — the mechanism existed but was unarmed.

- Generalise the doc's example ("a real dashboard app", no project name); the
  illustrative nav items stay, they aren't identifying on their own.
- Add .styleproof-privacy-denylist with the project names so privacy:check
  (prepublishOnly) now fails on any future reintroduction. The file isn't packed,
  so the names never ship.
- Export denylist() and add a test asserting the shipped file loads and blocks
  those names end to end — so the guard can't silently regress.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@github-actions

github-actions Bot commented Jul 5, 2026

Copy link
Copy Markdown

🗺️ StyleProof report

📊 View the side-by-side visual report →


To accept: rebuild the map with styleproof-map, then rerun the report.

@github-actions

github-actions Bot commented Jul 5, 2026

Copy link
Copy Markdown

Fallow audit report

No GitHub PR/MR findings.

Generated by fallow.

@github-actions

github-actions Bot commented Jul 5, 2026

Copy link
Copy Markdown

Fallow audit report

0 inline findings selected for GitHub review.

@BenSheridanEdwards BenSheridanEdwards merged commit 7f80e3f into main Jul 5, 2026
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant