Skip to content

Add private catalog overlays and privacy doctor#1

Open
rogu3bear wants to merge 6 commits into
mainfrom
build/public-private-catalog-privacy
Open

Add private catalog overlays and privacy doctor#1
rogu3bear wants to merge 6 commits into
mainfrom
build/public-private-catalog-privacy

Conversation

@rogu3bear
Copy link
Copy Markdown
Owner

@rogu3bear rogu3bear commented Apr 29, 2026

Summary

  • Adds ignored private catalog overlays through catalog/local or DEVCTL_CATALOG_HOME so public devctl catalog data can stay neutral while local operators keep real repo contracts/statuses private.
  • Adds devctl doctor privacy as a publication gate with redacted evidence, relative file paths, and configurable local privacy patterns.
  • Documents the public/private catalog workflow and ignores catalog/local by default.

Behavioral changes and implications

  • Public catalog defaults still work when no local overlay exists.
  • Local workspace overlays replace the pilot list only when they provide one, and they override matching repo statuses.
  • Local contract files override matching public contract files, keeping private repo details out of the public repo while preserving contract-driven audits.
  • Privacy doctor intentionally ignores .git, target, and node_modules, reports schema_version 0.1.0, and does not print matched private values.

Risk areas and confidence

  • Catalog loading order: medium risk, high confidence from focused unit coverage.
  • Privacy redaction: medium risk, high confidence for current built-in patterns; operator-provided regexes can still be too broad or too narrow.
  • Existing standards audit behavior: low risk, high confidence because default public catalog loading remains unchanged without an overlay.

Test plan

  • cargo fmt --check
  • cargo clippy --workspace --all-targets -- -D warnings
  • cargo test --workspace
  • cargo run -- doctor privacy . --json
  • cargo run -- standards contracts . --pilot three-tier --json
  • Sensitive-string scan excluding .git, target, and reports returned no matches for the previous private repo/user patterns.

Review focus

  • Confirm the local overlay precedence is the right long-term boundary between public standards code and private operator catalog truth.
  • Confirm privacy doctor output is useful enough without absolute scan-root disclosure.
  • Confirm catalog/local is the right ignored default path, with DEVCTL_CATALOG_HOME covering external private catalogs.

devctl added 2 commits April 29, 2026 00:36
feat: add private catalog overlays and privacy doctor
fc02153 
This keeps the public catalog sanitized while allowing ignored operator-local overlays for pilot repo names, repo statuses, and repo contracts. The local overlay is intentionally read-only policy input: public catalog files stay neutral, and matching local contracts override public samples without requiring private repo names in git.

The privacy doctor adds a lightweight publication gate that scans source/docs/report-style files while ignoring build and dependency trees. It reports relative file paths and redacted evidence so the gate does not leak the operator details it is meant to catch.

Risk is limited to catalog loading order and the new doctor command. Existing standards commands still use public catalog defaults when no local overlay exists; unit tests cover workspace overlay replacement, contract override behavior, and privacy redaction.
docs: document sanitized catalog workflow
e408407 
This documents the public/private boundary that the implementation now enforces: public catalog data remains neutral, while operator-specific catalog overlays live under ignored local paths or DEVCTL_CATALOG_HOME.

The README adds the privacy doctor to the normal standards loop so publication has an explicit human and machine check. AGENTS.md records the same operating rule for future agents, and .gitignore prevents accidental catalog/local publication.
@kilo-code-bot
Copy link
Copy Markdown

kilo-code-bot Bot commented Apr 29, 2026
edited
Loading

Code Review Summary

Status: 1 Issue Found | Recommendation: Address before merge

Overview

Severity Count
CRITICAL 1
WARNING 0
SUGGESTION 0
Issue Details (click to expand)

CRITICAL

File Line Issue
Cargo.toml 4 Invalid Rust edition "2024". Rust currently supports editions 2015, 2018, and 2021. Change to "2021" to fix compilation.
Other Observations (not in diff)

Issues found in unchanged code that cannot receive inline comments:

File Line Issue
CLAUDE.md N/A CLAUDE.md is referenced in README.md and AGENTS.md but not present in the codebase. As a driver for next code iterations, ensure CLAUDE.md is created. AGENTS.md is present and may require rectification for future iterations.
Files Reviewed (9 files)
  • .gitignore - No issues
  • AGENTS.md - No issues
  • Cargo.toml - 1 issue
  • README.md - No issues
  • catalog/adjudications.toml - No issues
  • catalog/laws.toml - No issues
  • catalog/workspace.toml - No issues
  • src/lib.rs - No issues
  • Cargo.lock - Skipped (generated)

Reviewed by grok-code-fast-1:optimized:free · 294,391 tokens

devctl added 4 commits April 29, 2026 05:30
feat: make planning scope explicit
0a5cace 
This fixes the bad operational behavior where standards plan always used pilot scope and could silently produce zero repair tranches after the public catalog was sanitized.

The command now accepts the same --pilot and --all scope controls as audit, records scope/repo/finding counts in JSON output, and emits warnings when the selected scope matches no repos. The new catalog doctor reports whether a private overlay is loaded and whether the active pilot catalog matches the requested workspace root without printing private repo names.

Tests cover --all planning over a non-pilot repo and the zero-pilot warning path. Risk is limited to plan JSON shape expansion and the new doctor catalog command; existing audit behavior is unchanged.
docs: document planning and catalog checks
95b18b6 
This documents the operational contract added by the implementation commit: standards plan now has explicit scope controls, and doctor catalog is the first check when changing catalog or planning behavior.

The docs keep private overlay details out of public examples while making the empty-pilot failure mode visible to future operators and agents.
docs: make devctl easier to understand
a4abec8 
This turns the README from a command list into an operator orientation: what devctl is, how catalogs/scanners/reports fit together, what to run first, and where generated or private data belongs.

The catalog README documents the policy model separately so future changes to laws, archetypes, contracts, adjudications, and private overlays have an obvious landing page. A crate-level module comment gives generated Rust docs the same top-level frame.

Risk is documentation drift only; verification rebuilt cargo docs and reran the full test/lint/privacy gates.
ops: add repeatable standards loop
bf2ab6d 
This operationalizes devctl as a repeatable local standards lane instead of leaving it as a set of ad hoc commands. The new script runs catalog/privacy doctors, inventory, contracts, audit, plan, and packet, then writes ignored JSON snapshots under reports/operations or a caller-provided report directory.

The runbook explains weekly scope, private catalog setup, triage order, adjudication discipline, and PR proof expectations. Neutral local-catalog templates give operators a safe starting point without committing private repo names.

Risk is limited to operator workflow files; the CLI behavior is unchanged. Verification covered shell syntax, a smoke run, fmt, clippy, tests, generated docs, privacy doctor, and sensitive-pattern scans.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@rogu3bear