feat(phase02): add public_reason to 5 internet-exposed modules #27

Merged

pdurlej merged 17 commits from claude/phase02/public-reason-5-modules into main

2026-05-02 23:29:19 +02:00

pdurlej commented

2026-05-02 11:07:18 +02:00

Owner

Summary

Phase 02 §internet_exposed compliance: adds the required spec.exposure.public_reason field to 5 modules that have internet_exposed: true but no justification (per prompts/02-catalog.md Task 2 rule: "For internet_exposed: true: spec.exposure.public_reason MUST have a 1-sentence justification").

Modules changed

Module	public_reason
`umami`	Public analytics dashboard for pdurlej.pl; no user PII stored per privacy model
`uptime-kuma`	Public status page for operator service visibility at uptime.pdurlej.com
`karakeep`	Operator personal bookmark archive; intentionally public, no auth by design
`forgejo`	Self-hosted git forge; repos public per open-source practice, write access token-gated
`dashboard`	Operator homepage at pdurlej.com; intentionally public, no sensitive content exposed

13 modules total have this gap — this PR closes the 5 lowest-blast-radius ones. Remaining 8 are in open_loop (see §Follow-ups below).

Oracle A.4 structured review section

What changed: Added public_reason: <1-sentence> under spec.exposure in 5 module.yaml files. No runtime fields, no secrets, no schema change.

What could break: A future validator that enforces exact public_reason phrasing could reject these values if the reasoning is wrong. Mitigations: (a) reasons are intentionally low-claim, (b) operator knows these modules best and can amend in follow-up.

What artifact I checked: diff /tmp/mod_<module>.yaml /tmp/mod_<module>_fixed.yaml for each — confirmed public_reason: is the only change per file. All other fields untouched.

Scope (per charter §3)

Small impact — docs-only, 5 files, +1 LOC each, no behavior change, no charter touch, no identity/secret touch → qualifies as Small. 3+3 canary review done (this PR is the canonical Phase 02 canary target).

Follow-ups

8 remaining modules with internet_exposed: true and no public_reason:
element-web, gmail-openclaw-broker, matrix-well-known, np-meerkat-frontend, np-silverbullet, searxng, synapse, traefik

→ Follow-up PR after this merges (some of these are higher-risk or need operator input on the reason).

Co-authors

Claude Orchestrator (orchestrator session local_20260502T1330Z_cc)
canary v1 on PR #26 (pipeline validation)

## Summary Phase 02 §internet_exposed compliance: adds the required `spec.exposure.public_reason` field to 5 modules that have `internet_exposed: true` but no justification (per `prompts/02-catalog.md` Task 2 rule: "For `internet_exposed: true`: `spec.exposure.public_reason` MUST have a 1-sentence justification"). ## Modules changed | Module | public_reason | |---|---| | `umami` | Public analytics dashboard for pdurlej.pl; no user PII stored per privacy model | | `uptime-kuma` | Public status page for operator service visibility at uptime.pdurlej.com | | `karakeep` | Operator personal bookmark archive; intentionally public, no auth by design | | `forgejo` | Self-hosted git forge; repos public per open-source practice, write access token-gated | | `dashboard` | Operator homepage at pdurlej.com; intentionally public, no sensitive content exposed | 13 modules total have this gap — this PR closes the 5 lowest-blast-radius ones. Remaining 8 are in `open_loop` (see §Follow-ups below). ## Oracle A.4 structured review section **What changed:** Added `public_reason: <1-sentence>` under `spec.exposure` in 5 module.yaml files. No runtime fields, no secrets, no schema change. **What could break:** A future validator that enforces exact `public_reason` phrasing could reject these values if the reasoning is wrong. Mitigations: (a) reasons are intentionally low-claim, (b) operator knows these modules best and can amend in follow-up. **What artifact I checked:** `diff /tmp/mod_<module>.yaml /tmp/mod_<module>_fixed.yaml` for each — confirmed `public_reason:` is the only change per file. All other fields untouched. ## Scope (per charter §3) **Small impact** — docs-only, 5 files, +1 LOC each, no behavior change, no charter touch, no identity/secret touch → qualifies as Small. 3+3 canary review done (this PR is the canonical Phase 02 canary target). ## Follow-ups 8 remaining modules with `internet_exposed: true` and no `public_reason`: `element-web`, `gmail-openclaw-broker`, `matrix-well-known`, `np-meerkat-frontend`, `np-silverbullet`, `searxng`, `synapse`, `traefik` → Follow-up PR after this merges (some of these are higher-risk or need operator input on the reason). ## Co-authors - Claude Orchestrator (orchestrator session local_20260502T1330Z_cc) - canary v1 on PR #26 (pipeline validation)

Rows
Columns