Skip to content

docs: fix documentation drift from codebase#9

Closed
Sbussiso wants to merge 1 commit into
masterfrom
claude/fervent-keller-0ycLK
Closed

docs: fix documentation drift from codebase#9
Sbussiso wants to merge 1 commit into
masterfrom
claude/fervent-keller-0ycLK

Conversation

@Sbussiso

@Sbussiso Sbussiso commented Apr 17, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Segment cache default: corrected from 15 → 60 and segment duration from 2s → 1s across README and AGENTS.md to match config.py
  • Memory sizing: updated calculation from 3.75 MB/camera (150 cameras/GB) to 7.5 MB/camera (~130 cameras/GB) based on the actual 60-segment × ~125 KB default
  • Missing env vars: added REDIS_URL, SENTRY_DSN, SENTRY_TRACES_SAMPLE_RATE to README, AGENTS.md, and .env.example
  • Project structure: added 6 missing core/ modules (audit, codec, migrations, plans, sentry, versions), mcp/activity.py, and DocsDiagrams.jsx
  • API reference: added undocumented GET /downloads/{os}/{arch} endpoint to both README and AGENTS.md
  • CORS: replaced inaccurate "all methods and headers" with actual allowed lists
  • SPA middleware: added /downloads/* to pass-through docs
  • SECURITY.md: added security headers middleware to the feature table
  • Dependencies: added redis, websockets, sentry-sdk to AGENTS.md key dependencies
  • Storage clarification: noted CloudNode storage is encrypted SQLite

Test plan

  • Verify all documented env var defaults match backend/app/core/config.py
  • Verify project structure listing matches actual files on disk
  • Verify API endpoints listed in README match actual routes in backend/app/api/
  • Spot-check AGENTS.md CORS section against main.py middleware config

https://claude.ai/code/session_01DdzBKawH6BhahW6BFiPsEW

@claude
docs: fix documentation drift from codebase
2cd1c6a 
- Correct SEGMENT_CACHE_MAX_PER_CAMERA default from 15 to 60 (README, AGENTS.md)
- Update segment duration from 2s to 1s to match CloudNode's actual default
- Fix memory sizing calculation (7.5 MB/camera, ~130 cameras per 1 GB)
- Add missing env vars: REDIS_URL, SENTRY_DSN, SENTRY_TRACES_SAMPLE_RATE
- Add 6 missing core/ modules to project structure (audit, codec, migrations, plans, sentry, versions)
- Add mcp/activity.py and DocsDiagrams.jsx to project structure
- Add /downloads/{os}/{arch} endpoint to API reference
- Fix CORS description: list actual allowed methods/headers instead of "all"
- Add /downloads/* to SPA middleware pass-through docs
- Add security headers to SECURITY.md feature table
- Add redis, websockets, sentry-sdk to AGENTS.md key dependencies
- Clarify CloudNode storage is encrypted SQLite

https://claude.ai/code/session_01DdzBKawH6BhahW6BFiPsEW
@github-actions

github-actions Bot commented Apr 17, 2026

Copy link
Copy Markdown

Hi @Sbussiso, thanks for taking the time to open this PR.

OpenSentry is source-available under AGPL-3.0 but does not currently accept external code contributions. This PR is being closed automatically — it is not a reflection of the quality of your work.

If you found a bug or have an idea, we would still love to hear about it:

See CONTRIBUTING.md for the full policy.

Thanks for your interest in OpenSentry.

@github-actions github-actions Bot closed this Apr 17, 2026
@Sbussiso Sbussiso deleted the claude/fervent-keller-0ycLK branch April 26, 2026 06:43
Sbussiso added a commit that referenced this pull request Apr 30, 2026
@Sbussiso @claude
ci: stop close-external-prs from closing your own PRs and bots
f7b0b44 
The auto-close gate was wrong in two ways and caused a real outage
window today:

1. It closed Dependabot's high-severity Clerk auth-bypass security PR
   nine seconds after it opened, leaving master vulnerable until the
   npm audit CI gate caught it on the next push and blocked the deploy
   of the mcp-setup banner fix.

2. It also closed your own Claude-authored PRs (e.g. PR #9, opened by
   Sbussiso). author_association came back as something other than
   OWNER / MEMBER / COLLABORATOR even though you own the repo —
   probably because the org is SourceBox-LLC and your account isn't
   formally registered as a MEMBER of that org for GitHub's
   contributor-graph purposes.

Three skip rules now, OR'd together:

  - author_association in OWNER / MEMBER / COLLABORATOR (existing rule,
    rewritten as a single contains() for readability)
  - user.type == 'Bot' (covers Dependabot, GitHub Actions, the GitHub
    Security Advisory bot, and any future Claude / AI GitHub App you
    install on the repo — bots come from GitHub Apps you have to
    deliberately install, so the install itself is the trust gate)
  - user.login in EXPLICIT_ALLOWLIST (currently just "Sbussiso" — needed
    because Claude Code's GitHub integration opens PRs as the
    configured user account, not a bot)

Random external contributors still get the close treatment: not in the
core-team list, not a bot, not in the explicit allowlist → all three
skip rules fail, workflow runs, PR closed.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Sbussiso added a commit that referenced this pull request May 28, 2026
@Sbussiso @claude
fix(ci): unblock the deploy pipeline — red for ~6 days, prod stuck at f…
75b30bc 
…af4300

Discovered during a from-cold project review: production has been
running commit faf4300 (May 17) for ~6 days.  The two commits after
it — b84a893 (GDPR Article 17 self-serve delete) and bcc00cb (WS node
credentials → headers) — both failed CI and never deployed.  So a
live compliance fix AND a live security fix have been sitting on
master, unshipped, with no alert.  (Root-cause for the "no alert"
part is SaaS-readiness item #9: a red deploy doesn't page anyone.
Filed separately.)

Four distinct breakages, two of mine and two that drifted in while
the repo sat idle:

1. ruff I001 in tests/test_ws_auth.py — the file I added in bcc00cb
   had blank lines inside the import block.  I ran pytest + npm build
   locally last session but NOT `ruff check`, which is CI's first
   backend gate.  Fixed via `ruff check --fix` (import regroup).
   Process lesson: run all four CI gates locally, not just tests.

2. npm audit high: js-cookie <=3.0.5 (GHSA-qjx8-664m-686j, per-instance
   prototype hijack in assign()).  Pulled in transitively by
   @clerk/shared 3.47.5.  This is NOT from our code — the advisory
   landed in the npm DB ~May 21 and started failing the frontend
   `npm audit --audit-level=high --omit=dev` gate on every commit
   regardless of content.  Added `js-cookie: ^3.0.7` to the existing
   package.json `overrides` block (same pattern as the postcss
   override already there).  js-cookie's get/set/remove API has been
   stable since 3.0.0 so the bump is API-safe for Clerk.

3. pip-audit: idna 3.11 → CVE-2026-45409 (fixed 3.15).  Transitive via
   httpx/anyio.  Advisory surfaced during the idle week.  Constrained
   to >=3.15; uv resolved to 3.17.

4. pip-audit: starlette 1.0.0 → PYSEC-2026-161 (fixed 1.0.1).
   Transitive via fastapi.  Constrained to >=1.0.1; uv resolved to
   1.2.0.  All 617 backend tests pass on the bumped starlette, so
   fastapi compatibility holds across the minor bump.

After this commit, all four CI gates pass locally: ruff clean,
pip-audit --strict clean, 617 backend tests pass, npm audit
high+prod 0 vulns, 95 frontend tests pass.  The deploy should go
green and finally ship the GDPR + WS fixes that have been stranded.

No application code changed — this is purely lint + dependency
constraints + a lockfile.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Sbussiso @claude