chore(docs): resolve Copilot review comments from PR #67/#69#70
Merged
ahmetabdullahgultekin merged 1 commit intoMay 28, 2026
Merged
Conversation
Low-risk doc/config polish for items Copilot flagged on PR #67 (and PR #69 where those files reached master). No behavior change to running services; the only executable change is a more-robust docs-site healthcheck path. - archive/.../OPERATOR_ACTIONS_2026-05-12.md: - redact partial live secret (API_KEY_SECRET=fcb06b7… → <redacted>) - main update: normal fast-forward `git push origin master:main`, reserve --force-with-lease for documented recovery only - add LOW to the severity legend (items 9-11 use it) - make item-count self-reference consistent (states 11; notes five→11 growth) - grammar: "a deliberately misuse" → "a deliberate misuse" - docs-site/html/identity/index.html: fallback copy now says the OpenAPI spec is publicly available at /identity/openapi.json (it ships public) - landing-website/src/index.css: comment now accurately describes the locale-aware :lang(en) uppercasing; drop the false belt-and-braces / codepoint-forcing claim and the duplicate text-transform line - docs-site/docker-compose.prod.yml: healthcheck probes /health (the dedicated nginx endpoint) instead of / - infra/traefik/README.md: add a Traefik-config dry-run validate step (compose config only validates the Compose file) and note access logs go to /var/log/traefik/access.log per accessLog.filePath, not stdout Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
There was a problem hiding this comment.
Pull request overview
Resolves prior Copilot review feedback across docs/config files, including a small operational improvement to the docs-site container healthcheck by probing the dedicated /health endpoint.
Changes:
- Polishes operator/runbook docs (severity legend, wording fixes, safer git push guidance, and secret redaction).
- Updates docs-site Identity fallback copy to correctly point to the public OpenAPI spec URL.
- Improves infra/docs operational guidance (Traefik validation/verification steps) and makes docs-site healthchecks more robust.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
archive/2026-05/plans/OPERATOR_ACTIONS_2026-05-12.md |
Runbook wording/legend updates, secret redaction, and safer branch reconciliation instructions. |
docs-site/html/identity/index.html |
Corrects fallback text to link to the public /identity/openapi.json. |
landing-website/src/index.css |
Refines locale-aware uppercasing comment/selector and removes redundant declaration. |
docs-site/docker-compose.prod.yml |
Updates container healthcheck to probe /health instead of /. |
infra/traefik/README.md |
Splits validation steps and updates access-log verification instructions. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
199
to
+203
| biometric API key plaintext into `web-app/.env.production`. The bio-side | ||
| key was rotated 2026-04-30 05:05 UTC and confirmed dead — the live value | ||
| is now `API_KEY_SECRET=fcb06b7…` (verified by the 2026-05-12 security | ||
| review). However the on-disk template at | ||
| is now `API_KEY_SECRET=<redacted>` (verified by the 2026-05-12 security | ||
| review; fetch the real value from the host `.env.prod` / secret store, not | ||
| this doc). However the on-disk template at |
Comment on lines
+31
to
+37
| # boot a throwaway container against the live config and watch for | ||
| # "configuration error" lines. It exits non-zero on a fatal parse error. | ||
| docker run --rm \ | ||
| -v /opt/projects/infra/traefik/config/traefik.yml:/etc/traefik/traefik.yml:ro \ | ||
| -v /opt/projects/infra/traefik/config/dynamic.yml:/etc/traefik/dynamic.yml:ro \ | ||
| traefik:v3 traefik --configfile=/etc/traefik/traefik.yml 2>&1 \ | ||
| | grep -iE "error|invalid" || echo "no config errors detected" |
ahmetabdullahgultekin
added a commit
that referenced
this pull request
May 28, 2026
api rebuilt (8 security fixes live + JWT-aud env fix + #112 go-offline fix); scan merges (#70/#94/#101/#102/#99 + bio #104/#106/#108/#109), closes (#18/#68/#107), and holds (#105/#90/#54/#56); card detection now client-side but the deployed model is the 51MB YOLOv8m — Ayşenur's 12MB nano binary is not in the repo (gitignored) and must be delivered. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
ahmetabdullahgultekin
added a commit
that referenced
this pull request
May 31, 2026
…5-31) (#112) api: SMS-OTP prefix constant + dead authz service removed + email-token log dropped (#171). web: dead userEnrollment feature deleted, useCamera relocated (#146); dashboard chip (#145). spoof: amispoof single-source weight badges (#70) + UNCERTAIN tri-state (#69). Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Low-risk doc/config polish resolving the Copilot review comments left on PR #67 (
infra(traefik+ops), merged) and PR #69 (which carried the same docs-site / landing-website files intomaster). No behavior change to running services; the only executable change is a more-robust docs-site healthcheck path (probes the dedicated/healthendpoint instead of/).Each change was re-verified against the actual file/config on
masterbefore editing — none had already been fixed.Changes ↔ Copilot comments
archive/2026-05/plans/OPERATOR_ACTIONS_2026-05-12.mdAPI_KEY_SECRET=fcb06b7…→API_KEY_SECRET=<redacted>, keeping the surrounding instruction and pointing operators at the host.env.prod/ secret store.main: the preceding ancestor check already proves a fast-forward, so the apply step is nowgit push origin master:main;--force-with-leaseis explicitly reserved for a documented recovery scenario only.LOWentry to the legend (items 9–11 use it).docs-site/html/identity/index.html(~:237)/identity/openapi.jsonand that file ships publicly in the docs site. The fallback paragraph now states the spec is publicly available and links to/identity/openapi.json, instead of claiming it is "available for authenticated users".landing-website/src/index.css(~:33)text-transform: uppercase; it does not force any I/İ codepoints or font-fallback behavior. Removed the "belt-and-braces" / codepoint-forcing claim and the duplicatetext-transformline, and rewrote the comment to accurately describe the locale-aware:lang(en)uppercasing (so English-attributed nodes get Latin/dotless "I" casing).docs-site/docker-compose.prod.yml(~:17)location /health { return 200 'OK'; }. Changed the container healthcheck to probe/healthinstead of/(independent of SPA routing / index.html).infra/traefik/README.md(~:34-35)docker compose ... configonly validates the Compose file, not Traefik's YAML. Split into 2a (Compose, with a note that it does not cover Traefik config) and 2b (a one-shot throwaway-container Traefik dry-run against the livetraefik.yml/dynamic.yml).traefik.ymlsetsaccessLog.filePath: /var/log/traefik/access.log, so access logs go to that file, not stdout. The verify step now reads/var/log/traefik/access.logviadocker exec, and notes thatdocker logs traefikonly shows the runtime/error log.Notes
origin/master; the dirty live checkout was not touched.🤖 Generated with Claude Code