chore(privacy): anonymise dogfood examples + enforce a name denylist#163
Merged
Conversation
The inventory-guard doc named a private downstream project by name (and its
routes) as its worked example. privacy:check never caught it because nothing
was on the denylist — the mechanism existed but was unarmed.
- Generalise the doc's example ("a real dashboard app", no project name); the
illustrative nav items stay, they aren't identifying on their own.
- Add .styleproof-privacy-denylist with the project names so privacy:check
(prepublishOnly) now fails on any future reintroduction. The file isn't packed,
so the names never ship.
- Export denylist() and add a test asserting the shipped file loads and blocks
those names end to end — so the guard can't silently regress.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
🗺️ StyleProof report📊 View the side-by-side visual report →To accept: rebuild the map with |
Fallow audit reportNo GitHub PR/MR findings. Generated by fallow. |
Fallow audit report0 inline findings selected for GitHub review. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why
The inventory-guard doc used a private downstream project (by name, plus its routes and component labels) as its worked example.
privacy:checknever flagged it because nothing was on the denylist — the enforcement mechanism shipped, but unarmed. This anonymises the example and arms the guard so a name can't leak into the public package again.What
docs/inventory-guard.md— the example now reads "a real dashboard app" with no project name. The illustrative nav items stay (they aren't identifying on their own); only the attribution changed..styleproof-privacy-denylist(new) — lists the private project names.privacy:check(run inprepublishOnly) now exits 1 on any future reintroduction in a public/packed file. The file itself isn't in the packagefiles, so the names never ship.scripts/privacy-check.mjs—denylist()is now exported so it's testable.test/privacy-check.test.mjs— a new test asserts the shipped denylist file loads and blocks those names end to end, so the guard can't silently regress.Verification
npm run privacy:check— scans 66 public text files, 0 findings.node --test test/privacy-check.test.mjs— 5/5 (was 4; +1 for the shipped-denylist guard).privacy:checkexit 1 (denylist token: <name>); removed after.No version bump: nothing here ships in the npm tarball (docs guide, denylist,
scripts/, and tests are all outside the packedfiles), so there's no release to cut.Proof
Not applicable — docs + repo tooling only, nothing browser-observable.