fix(dashboard): honesty pass on /notifications, /workflows, /analytics#165
Merged
operatoruplift merged 1 commit intomasterfrom Apr 27, 2026
Merged
fix(dashboard): honesty pass on /notifications, /workflows, /analytics#165operatoruplift merged 1 commit intomasterfrom
operatoruplift merged 1 commit intomasterfrom
Conversation
PR #164 fixed the dashboard home (`/app`) fabrication. Three sibling pages had the same pattern. Cleaning them up together. ## Changes ### app/(dashboard)/notifications/page.tsx Was: rendered `INITIAL_NOTIFICATIONS` (5 hardcoded fake notifications, "Blackwall: 3 threats blocked", "CodePilot Pro updated", "Knowledge base indexed: 1,247 new documents processed and embedded", etc.) then optionally prepended any real notifications from `getNotifications()`. A fresh user would see 5 fake events claiming the system did things it didn't do. Now: real notifications only. The existing empty state ("No notifications") renders for a fresh user. INITIAL_NOTIFICATIONS const removed entirely. ### app/(dashboard)/workflows/page.tsx Was: 5 demo workflows with hardcoded run counts (142, 891, 56, 23, 0) and timestamps ("2h ago", "15m ago", "3d ago", "1d ago", "Never"), three of them marked `status: 'active'`. Implied the user had Daily Code Review running 142 times, Issue Triage Bot 891 times, etc. Now: same 5 starter templates kept (they're useful as inspiration), all with `status: 'draft'`, `lastRun: 'Never'`, `runs: 0`. The templates are now honestly templates, not fabricated history. ### app/(dashboard)/analytics/page.tsx Already carried a small "DEMO" badge and a subline saying "Sample data, connect Supabase metrics for live analytics". The disclosure was real but the wording was developer-flavored. Rewrites: - subline: "Sample data, connect Supabase metrics for live analytics" -> "Example numbers shown here. Real numbers will appear once you start using the app." - "Top Agents" panel title -> "Top helpers" (matches /agents and /marketplace renames in #163) Range/seed sample data + chart left as-is, the disclosure is now clearer in plain English. ## Trust impact Closes the same fabrication class as #164 on three more dashboard surfaces. /workflows still ships templates the user can run, but the templates no longer pretend to have run already. ## Verified - pnpm exec tsc --noEmit: clean - pnpm check: 3 passed, 0 failed ## Rollback Single git revert. Three files.
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
operatoruplift
added a commit
that referenced
this pull request
Apr 27, 2026
…rs (#166) Five more surfaces still carried fake telemetry or sci-fi cosplay branding after #164/#165. This is the cleanup PR that closes the sweep. ## Changes ### app/(dashboard)/agents/[id]/page.tsx (helper detail) Was: 3 demo helpers with hardcoded - `sessions: 142` / `2847` / `89` - `memoryUsage: '2.4GB'` / '512MB' / '1.8GB' - `status: 'running'` plus a 5-event ACTIVITY_LOG with timestamps ("2m ago", "15m ago", etc.) claiming each helper had "Refactor auth middleware completed", "Memory indexed: 847 new embeddings", "Deployed from Agent Builder" done on the user's account. Now: same 3 helpers as starter detail pages but - `sessions: 0`, `memoryUsage: ','`, `status: 'idle'` - ACTIVITY_LOG empty by default; the panel renders an honest "No activity yet. Run this helper to see results here." placeholder - "CodePilot Pro" -> "Code Pilot", "Blackwall Guard" -> "Security Guard" (last Blackwall reference in user-facing surfaces) ### src/components/ui/CommandBar.tsx (cmd-K palette) Renamed entries to match the consumer/dashboard rewrites in #154/#163: - "Go to Agent Store" -> "Go to Helpers" - "Go to Agent Builder" -> "Go to Builder" - "Marketing homepage" -> "Public homepage" - "New Chat" -> "New chat" - "Build Agent" -> "Build a helper" - Security entry description "Blackwall security dashboard" -> "Encryption, receipts, and activity log" ### app/(dashboard)/integrations/page.tsx DD.xyz integration `howItWorks` description rewrite. Was: "Powers Blackwall threat assessment and compliance checks." Now: "used by security and compliance helpers." (drops the Blackwall brand). ### src/components/providers/AgentProvider.tsx `MOCK_AGENTS` was 4 agents named "Founder Ops" / "Growth Lead" / "DevRel" / "Support Bot" with status "online" / "busy" / "offline" and descriptions like "Orchestrating company operations" that implied real ongoing operations on the user's account. Now: 4 helpers named after what they actually do, - "Inbox helper", "Calendar helper", "Research helper", "Reminders" all with status "online" since they're available to run, not pretending to be running tasks behind the scenes. Default activeAgent flipped from "founder-ops" to "inbox" so the consumer use case is front and center. ### app/(dashboard)/onboarding/page.tsx Starter helper renames: "CodePilot" -> "Code Pilot", "Research Bot" -> "Researcher", "Security Guard" desc rewrite to match agents/[id]/page.tsx. ## Trust impact Final pass on the fabrication class started in PR #147. After this merges, a grep for "Blackwall|CodePilot|Founder Ops|Warp Network| Uplift Core|Gold Agent" returns zero hits in user-facing surfaces. ## Verified - pnpm exec tsc --noEmit: clean - pnpm check: 3 passed, 0 failed - Final fabrication sweep clean (only hit is the comment on notifications/page.tsx documenting what #165 removed) ## Rollback Single git revert. Five files.
operatoruplift
added a commit
that referenced
this pull request
Apr 27, 2026
…167) Two improvements in one PR. ## (1) Trust-gate coverage 11/44 -> 16/44 Five small routes adopted the @/lib/apiHelpers withRequestMeta pattern that the larger /api/tools/* routes already use (PR #123) and the observability sweep extended to the receipts/memory/agents/ notifications/audit families (PR #130). Now every response from these routes carries `X-Request-Id`, supporting the request-id propagation contract trust-gate enforces. Routes: - app/api/providers/route.ts (6 lines) - app/api/capabilities/route.ts (25 lines) - app/api/receipts/public-key/route.ts (26 lines) - app/api/health/llm/route.ts (27 lines) - app/api/dashboard/stats/route.ts (31 lines) ## (2) Fix the residual fabrication in /api/dashboard/stats While adding apiHelpers I found one more fabrication leftover: when the route's auth check fails, it was returning a hardcoded fallback payload: { activeAgents: 14, chatSessions: 8, memoryNodes: 12400, securityBlocks: 47, } These are the **exact same fake values** PR #164 removed from the rendered dashboard. The dashboard now reads from localStorage directly so it doesn't call this route, but anything else that hits /api/dashboard/stats unauthenticated still got the lie. Now: returns zeros on the unauthenticated path. No fake demo data. ## Trust impact Closes the dashboard fabrication arc started in #164/#165/#166. Adds the request-id contract to 5 more routes. ## Verified - pnpm exec tsc --noEmit: clean - pnpm check: 3 passed, 0 failed - trust-gate: 16/44 route files (was 11/44) ## Rollback Single git revert. 5 files.
operatoruplift
added a commit
that referenced
this pull request
Apr 27, 2026
Locks in the user-specific fabrication fixes that PRs #164/#165 shipped to /app, /notifications, /workflows. If a future PR drifts back toward fake stats, fabricated activity, or zombie "Blackwall" language, CI fails before merge. ## tests/e2e/dashboard-honesty.spec.ts (new) Three scoped specs running against the dashboard-gated routes via the auth-bypass helpers from #151. | Test | Asserts | |---|---| | /app dashboard | "Helpers installed / Chat sessions / Memories saved" labels present, no "12.4K", "47", "Security Threats Blocked", "Gold Agent", "0.0847", "Blackwall", "Uplift Core Online", "Warp Network", "Event Stream", "US-EAST-1" anywhere in the rendered DOM. Activity feed is empty-state OR real notifications, never the old 5-event fake feed. | | /notifications | No "Blackwall: 3 threats", no "CodePilot Pro updated", no "1,247 new documents". | | /workflows | No "142 runs" / "891 runs" hardcoded fake counts. | The test deliberately uses contextual assertions rather than blanket banned-string match because some numerals are legitimate (e.g. "47" on its own can appear elsewhere; what we're banning is "47 Security Threats Blocked" together). ## .github/workflows/ci.yml dashboard-honesty.spec.ts joins consumer-copy + chat-honesty in the hermetic Playwright run. ## Verified - pnpm exec tsc --noEmit: clean - pnpm check: 3 passed, 0 failed - pnpm exec playwright test dashboard-honesty.spec.ts: 3 passed (37s) ## Rollback Single git revert. 2 files.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Continuation of #164's honesty work
PR #164 fixed the dashboard home (
/app) fabrication — fake stats, fake activity feed, fake "Gold Agent" widget. Three sibling pages had the same pattern. Cleaning them up together.Changes
app/(dashboard)/notifications/page.tsxBefore: rendered
INITIAL_NOTIFICATIONS(5 hardcoded fake notifications: "Blackwall: 3 threats blocked", "CodePilot Pro updated", "Knowledge base indexed: 1,247 new documents processed and embedded", etc.) then optionally prepended any real notifications. A fresh user saw 5 fake events claiming the system did things it didn't do.After: real notifications only. The existing empty state ("No notifications") renders for fresh users.
INITIAL_NOTIFICATIONSconst removed entirely.app/(dashboard)/workflows/page.tsxBefore: 5 demo workflows with hardcoded run counts (142, 891, 56, 23, 0) and timestamps ("2h ago", "15m ago", "3d ago", "1d ago", "Never"), three marked
status: 'active'. Implied the user had Daily Code Review running 142 times, Issue Triage Bot 891 times, etc.After: same 5 starter templates kept (they're useful as inspiration), all with
status: 'draft',lastRun: 'Never',runs: 0. The templates are now honestly templates, not fabricated history.app/(dashboard)/analytics/page.tsxAlready had a small "DEMO" badge and disclosure. Cleaning up the wording:
The chart + range data themselves stay — disclosure is now in plain English instead of dev jargon ("Supabase metrics").
Trust impact
Closes the same fabrication class as #164 on three more dashboard surfaces. /workflows still ships templates the user can run, but the templates no longer pretend to have run already.
Verified
Net diff
Rollback
Single
git revert. Three files.