Skip to content

refactor(rebrand): rename brand literals in public API/webhook payloads#5456

Merged
JSONbored merged 2 commits into
mainfrom
loopover/payload-literals
Jul 12, 2026
Merged

refactor(rebrand): rename brand literals in public API/webhook payloads#5456
JSONbored merged 2 commits into
mainfrom
loopover/payload-literals

Conversation

@JSONbored

Copy link
Copy Markdown
Owner

Summary

  • Rename the old brand name where it's baked into unauthenticated, publicly consumable data rather than code identifiers:
    • src/api/badge.ts's LABEL constant (README badge SVG/JSON), now exported so src/api/routes.ts's badge.json 404 fallback imports it instead of duplicating the literal.
    • /health and /v1/mcp/compatibility's service field (src/api/routes.ts, src/services/mcp-compatibility.ts).
    • Discord username + embed footer text, and the actor audit-ledger field, across src/services/notify-discord.ts and src/services/review-recap.ts.
    • The PagerDuty event source field and actor field (including the matching countRecentAuditEventsForActorAndTarget lookup argument, kept in sync) in src/services/notify-pagerduty.ts.
  • Fixed a drift this rename would otherwise have introduced: src/openapi/schemas.ts's HealthSchema/McpCompatibilitySchema still asserted the old service literal against the now-renamed runtime response — updated both, and regenerated apps/gittensory-ui/public/openapi.json (npm run ui:openapi, 2-line diff, exactly the two service literals).
  • Updated 8 stale test assertions across 5 test files that pinned the old literals.

Leaves untouched (each tracked by its own separate rebrand issue): gittensor (the permanent SN74 subnet brand), the repo's own name/domain literals, npm package identifiers (gittensory-mcp, etc.), and bot check-run/PR-comment branding (#5327).

Closes #5336

Test plan

  • npm run typecheck clean
  • npm run test:ci green (774/776 files, 2 pre-existing skips; one unrelated timing-flaky test confirmed passing standalone/on re-run)
  • npm audit --audit-level=moderate — 0 vulnerabilities
  • npm run ui:openapi regenerated with only the expected 2-line diff
  • Verified exact-count parity in routes.ts (57 pre-existing brand mentions → 55 after, confirming only the 2 intended lines changed) and actor value consistency across all 3 notification services (14 "loopover" occurrences = 7 + 6 + 1, matching pre-edit count)

Rename the old brand name where it was baked into unauthenticated,
publicly consumable data rather than code identifiers: the README badge
SVG/JSON label, the /health and MCP-compatibility service descriptors,
and the outbound Discord/Slack/PagerDuty notification payloads (the
Discord username + embed footer text, the audit-ledger actor field
across all three notification services, and the PagerDuty event source
field). Also consolidates the badge.json 404 fallback in routes.ts to
import badge.ts's LABEL constant instead of duplicating the literal, and
fixes the resulting drift in the OpenAPI Health/McpCompatibility zod
schemas plus the generated openapi.json, which otherwise would have kept
asserting the old service literal against the renamed runtime response.

Leaves gittensor (the permanent SN74 subnet brand), the repo's own name,
domain/hostname literals, npm package identifiers, and check-run/PR-
comment branding untouched — each is tracked by its own separate
rebrand issue.

Closes #5336
@superagent-security

Copy link
Copy Markdown
Contributor

Superagent didn't find any vulnerabilities or security issues in this PR.

@cloudflare-workers-and-pages

Copy link
Copy Markdown

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Preview URL Updated (UTC)
✅ Deployment successful!
View logs
gittensory-ui e14f34a Commit Preview URL

Branch Preview URL
Jul 12 2026, 08:11 PM

@codecov

codecov Bot commented Jul 12, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 94.44%. Comparing base (65fa28b) to head (0eb6b6d).
⚠️ Report is 11 commits behind head on main.
✅ All tests successful. No failed tests found.

Additional details and impacted files
@@            Coverage Diff             @@
##             main    #5456      +/-   ##
==========================================
- Coverage   94.48%   94.44%   -0.04%     
==========================================
  Files         554      554              
  Lines       44450    44451       +1     
  Branches    14663    14663              
==========================================
- Hits        41999    41983      -16     
- Misses       1776     1793      +17     
  Partials      675      675              
Flag Coverage Δ
shard-1 44.09% <30.00%> (-0.01%) ⬇️
shard-2 34.88% <30.00%> (-0.07%) ⬇️
shard-3 31.99% <70.00%> (+0.02%) ⬆️
shard-4 31.27% <30.00%> (+<0.01%) ⬆️
shard-5 33.31% <10.00%> (-0.01%) ⬇️
shard-6 43.55% <40.00%> (-0.03%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines Coverage Δ
src/api/badge.ts 100.00% <100.00%> (ø)
src/api/routes.ts 94.30% <100.00%> (ø)
src/openapi/schemas.ts 100.00% <ø> (ø)
src/services/mcp-compatibility.ts 100.00% <ø> (ø)
src/services/notify-discord.ts 100.00% <100.00%> (ø)
src/services/notify-pagerduty.ts 100.00% <100.00%> (ø)
src/services/review-recap.ts 100.00% <ø> (ø)

... and 1 file with indirect coverage changes

🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@gittensory-orb gittensory-orb Bot added the gittensor:bug Gittensor-scored bug fix — scores a 0.05x multiplier. label Jul 12, 2026
@gittensory-orb

gittensory-orb Bot commented Jul 12, 2026

Copy link
Copy Markdown

Warning

🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨

⏸️ Gittensory review result - manual review recommended

Review updated: 2026-07-12 20:23:45 UTC

13 files · 1 AI reviewer · no blockers · readiness 100/100 · CI green · clean

⏸️ Suggested Action - Manual Review

  • Touches a guarded path — held for manual review: This PR changes guardrail-protected path(s): apps/gittensory-ui/public/openapi.json (matched apps/gittensory-ui/**), src/services/mcp-compatibility.ts (matched src/services/**), src/services/notify-discord.ts (matched src/services/**), src/services/notify-pagerduty.ts (matched src/services/**), src/services/review-recap.ts (matched src/services/**).

Review summary
This is a mechanical rename of the old brand literal ("gittensory"/"Gittensory") to "loopover" in public-facing, unauthenticated payloads: /health and MCP compatibility service fields, Discord username/footer text, audit actor fields, PagerDuty source/actor fields (with the matching cooldown-lookup argument kept in sync), and the badge LABEL constant now exported and reused instead of duplicated. OpenAPI schemas and the regenerated openapi.json were updated in lockstep with the runtime literals, avoiding schema drift, and all 8 stale test assertions across 5 files were updated to match. The diff is internally consistent — every renamed literal has a corresponding schema/test update — and CI is green.

Blockers

  • src/services/notify-pagerduty.ts:175 changes countRecentAuditEventsForActorAndTarget to look up only actor "loopover", so any recent pre-deploy "gittensory" audit event for the same dedupKey is ignored and the cooldown gate can send a duplicate page; either keep the audit actor stable or query both actors during the transition, for example count old+new actors before deciding cooldown_active.
Nits — 7 non-blocking
  • src/api/routes.ts: the badge.json 404 fallback now imports `PUBLIC_BADGE_LABEL` from ./badge — good dedup, but worth double-checking no other route still hardcodes the old literal independently (the PR description notes a 57→55 count check was done manually rather than via a shared constant everywhere).
  • src/services/notify-pagerduty.ts:11 comment now reads "loopover has" awkwardly after the substitution — a plain literal-substitution artifact worth a quick grammar pass.
  • Magic numbers 300/404 in src/api/routes.ts:1006 predate this diff and aren't introduced by this change, so not actionable here.
  • Consider a single shared brand-string constant (already done for the badge LABEL) for the Discord username/footer and PagerDuty source to prevent future rename drift across notify-discord.ts and notify-pagerduty.ts.
  • Confirm the linked issue Rename brand literals embedded in public API/webhook data payloads #5336's scope is fully covered — the external brief flags 'partial' coverage; verify no other public-facing literal (e.g. error messages, other webhook payloads) was missed.
  • PR author also opened the linked issue — Link an issue that was opened by a different contributor, or provide a rationale for why this self-authored issue represents genuine discovery work.
  • Touches a guarded path — held for manual review — A maintainer must review and merge this change.
Signal Result Evidence
Code review ✅ No blockers 1 reviewer
Linked issue ✅ Linked #5336
Related work ✅ No active overlap found No same-issue or scoped active PR overlap found.
Change scope ✅ 20/20 Low review scope from cached public metadata (1 linked issue).
Validation posture ✅ 25/25 PR body includes validation/test evidence.
Contributor workload ✅ 10/10 Author activity: 44 registered-repo PR(s), 36 merged, 457 issue(s).
Contributor context ✅ Confirmed Gittensor contributor JSONbored; Gittensor profile; 44 PR(s), 457 issue(s).
Gate result ⚠️ Not blocking Advisory; not blocking this PR.
Improvement ✅ Minor risk: clean · value: minor — Code changes are accompanied by test evidence.
Review context
  • Author: JSONbored
  • Role context: owner (maintainer lane)
  • Public audience mode: oss maintainer
  • Lane context: Repository is configured for direct PR review.
  • Public profile languages: not available
  • Official Gittensor activity: 44 PR(s), 457 issue(s).
  • PR-specific overlap: none found.
Contributor next steps
  • Treat this as maintainer-lane context rather than normal contributor-lane activity.
Signal definitions
  • Related work = same linked issue, overlapping active PRs, or title/path similarity.
  • Change scope = cached public metadata such as size labels, draft state, and review-burden hints.
  • Validation posture = whether the PR provides enough public validation/test evidence for maintainer review.
  • Contributor workload = public contributor activity and cleanup pressure, not a repo-wide quality failure.
  • Contributor context = public GitHub/Gittensor identity context; non-Gittensor status is not a blocker.
[BETA] Chat with Gittensory

Ask Gittensory a question about this PR directly in a comment — grounded only in the same cached, public-safe facts shown above, never a new claim.

  • @gittensory ask &lt;question&gt; answers contribution-quality Q&A with source citations and freshness.
  • @gittensory chat &lt;question&gt; answers in natural prose from cached decision-pack facts via local inference (maintainer/collaborator; read-only).
  • A plain-language @gittensory mention with a real question is routed to the closest matching read-only command automatically -- no exact syntax required.

Full command reference: https://gittensory.aethereal.dev/docs/gittensory-commands

Visual preview
Route Viewport Before (production) After (this PR's preview) Diff
/ desktop before / after /
/ mobile before / (mobile) after / (mobile)

Click any thumbnail to open the full-size screenshot. Before = production · After = this PR's preview deploy.

🟩 Safe / merged · 🟦 Advisory · 🟨 Held for review · 🟥 Blocked / closed


💰 Earn for open-source contributions like this. Gittensor lets GitHub contributors earn for the work they already do — register to start earning →.

Checked by Gittensory, a quiet PR intelligence layer for OSS maintainers.

  • Re-run Gittensory review

@gittensory-orb gittensory-orb Bot added the manual-review Gittensor contributor context label Jul 12, 2026
The paging cooldown check queried only the new "loopover" actor, so a
page recorded under the pre-rebrand "gittensory" actor just before this
deploy would no longer suppress a duplicate page after it, for as long
as the configured cooldown window reaches back across the deploy
boundary. Count both the current and legacy actor and sum the results —
one extra indexed count, but it removes the whole risk category instead
of requiring a precisely-timed follow-up cleanup.
@JSONbored JSONbored merged commit d251c07 into main Jul 12, 2026
18 checks passed
@JSONbored JSONbored deleted the loopover/payload-literals branch July 12, 2026 20:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

gittensor:bug Gittensor-scored bug fix — scores a 0.05x multiplier. manual-review Gittensor contributor context

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Rename brand literals embedded in public API/webhook data payloads

1 participant