Skip to content

chore(deprivatize): scrub private references for public release#2

Open
m-szymanska wants to merge 4 commits into
mainfrom
chore/deprivatize
Open

chore(deprivatize): scrub private references for public release#2
m-szymanska wants to merge 4 commits into
mainfrom
chore/deprivatize

Conversation

@m-szymanska

Copy link
Copy Markdown

Deprivatize pass + second-pass residual scrub for public-release hygiene.

A read-only leak audit over HEAD flagged residual private fingerprints that the
initial sweep missed; this PR removes them (genericized private-org paths /
bundle ids / build profiles). Re-audited clean afterward. Brand/product
identifiers (vetcoders, loctree, etc.) intentionally retained.

🤖 Generated with Claude Code

m-szymanska and others added 4 commits June 28, 2026 19:55
Remove personal initials (M&K), real developer name + Apple Team ID, and a
private GitHub owner from public-facing surfaces, collapsing them to the
vetcoders org per brand naming rules:

- "Created by M&K (c)2026 VetCoders" -> "Created by vetcoders (c)2026" across
  Makefile, build-dmg.sh, core/ffi lib.rs and all app view headers.
- README clone/issue/wiki/license-shield URLs: Szowesgad -> vetcoders (matches
  the canonical git remote vetcoders/mudd.one).
- dmg-signed target: hardcoded "Developer ID Application: Maciej Gad (MW223P3NPX)"
  -> env-overridable placeholder "Your Name (TEAMID)".

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- Cargo.toml workspace authors: "VetCoders" -> "Vetcoders" (brand is
  Capital-first, never interior-capital per naming rules).
- segmentation.rs: replace the "same pattern as CodeScribe silero_ort.rs"
  comment (a sibling-repo fingerprint) with a neutral description of the ort
  Value API usage.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The notarization helper text embedded a real App Store Connect API key id
(ZT6AXN3759), which fingerprints the developer account. Replaced with the
<YOUR_KEY_ID> placeholder already used for the issuer id.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Second-pass cleanup of references the initial sweep missed (private-org
paths / bundle ids / build profile). Genericized to neutral defaults.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request updates repository ownership references, copyright headers, and documentation links to reflect the transition to the "vetcoders" organization. Additionally, it updates the macOS DMG build script and Makefile to use generic placeholders and environment fallbacks for signing identities and notary profiles instead of hardcoded personal credentials. The feedback suggests using a descriptive placeholder like <YOUR_NOTARY_PROFILE> as a default for NOTARY_PROFILE in the build script to prevent empty arguments in printed notarytool commands.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

Comment thread scripts/build-dmg.sh
DMG_PATH="${BUILD_DIR}/${DMG_NAME}.dmg"
SIGNING_IDENTITY="${SIGNING_IDENTITY:--}"
NOTARY_PROFILE="${NOTARY_PROFILE:-vista-build}"
NOTARY_PROFILE="${NOTARY_PROFILE:-}"

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

When NOTARY_PROFILE is not provided, defaulting to an empty string results in invalid/empty arguments in the printed notarytool commands (e.g., --keychain-profile ''). Using a descriptive placeholder like <YOUR_NOTARY_PROFILE> makes the printed instructions clear and actionable.

Suggested change
NOTARY_PROFILE="${NOTARY_PROFILE:-}"
NOTARY_PROFILE="${NOTARY_PROFILE:-<YOUR_NOTARY_PROFILE>}"

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 9679198db4

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread Makefile

dmg-signed:
@SIGNING_IDENTITY="Developer ID Application: Maciej Gad (MW223P3NPX)" ./scripts/build-dmg.sh
@SIGNING_IDENTITY="$${SIGNING_IDENTITY:-Developer ID Application: Your Name (TEAMID)}" ./scripts/build-dmg.sh

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Require a real signing identity for signed DMGs

When a developer runs make dmg-signed without exporting SIGNING_IDENTITY, this now passes the literal placeholder Developer ID Application: Your Name (TEAMID) into scripts/build-dmg.sh. The script treats any value other than - as a real Developer ID and feeds it to the Xcode/codesign signing path, so the target fails with an opaque missing-identity error instead of either using ad-hoc signing or requiring the caller to provide a valid identity.

Useful? React with 👍 / 👎.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant