security: remove private repository references from public docs #282
Conversation
Create reusable templates for Homebrew formula documentation: 1. HOMEBREW_FORMULA_TEMPLATE.md: - Standard template for CONTRIBUTING.md sections - Standard template for CLAUDE.md sections - Customization guide with package name replacements - Examples for rxiv-maker, TaskRepo, folder2md4llms - Consistency checklist 2. HOMEBREW_DOCS_CHECKLIST.md: - Quick review checklist for CONTRIBUTING.md and CLAUDE.md - Common issues detection (hardcoded versions, absolute paths) - Repository-specific checks - Automated review patterns - Reference to related PRs Benefits: - Ensures consistency across HenriquesLab ecosystem - Provides clear guidance for new package additions - Facilitates automated review detection - Documents established patterns from PR #280, #37, #12 Template can be used for future packages and for reviewing existing documentation across the organization. Co-Authored-By: Claude Sonnet 4.5 <[email protected]>
Remove references to private website-rxiv-maker GitHub repository from public documentation, as per CLAUDE.md security guidelines. Changes: 1. CHANGELOG.md: - Replace GitHub repo link with deployed website URL - Remove website-rxiv-maker from ecosystem list 2. docs/ECOSYSTEM.md: - Update mermaid diagram node (website-rxiv-maker → Documentation Website) - Update repository table with deployed website URL - Update release workflow diagram - Update technical stats table All references now point to the public deployed website: https://rxiv-maker.henriqueslab.org Complies with CLAUDE.md line 338: "The website-rxiv-maker repository is **private** - do NOT reference it in public documentation" Security impact: Prevents exposure of private repository structure and internal development processes. Co-Authored-By: Claude Sonnet 4.5 <[email protected]>
Pull Request ReviewSummaryThis PR successfully addresses a security/privacy concern by removing references to the private ✅ Approval - Excellent WorkSecurity & Privacy
Code Quality
Documentation Quality
Changes BreakdownCHANGELOG.md (2 changes)
docs/ECOSYSTEM.md (4 changes)
New Files (Bonus Value)
Testing & Validation
Alignment with Project Standards
What's Particularly Good
RecommendationsMinor Suggestions (Optional)
No Action Required On
ConclusionLGTM - Ready to Merge 🚀 This PR successfully addresses the security concern while adding valuable documentation infrastructure. The changes are:
Excellent work identifying and resolving this security gap in the public documentation! Priority: High (Security/Privacy) ✅ |
There was a problem hiding this comment.
Pull request overview
This PR aims to remove references to the private website-rxiv-maker GitHub repository from public documentation files, in compliance with the CLAUDE.md security guidelines that explicitly prohibit referencing this private repository in public documentation.
Changes:
- Updated CHANGELOG.md to replace private repository references with public website URL
- Updated docs/ECOSYSTEM.md mermaid diagrams and tables to reference the deployed documentation website instead of the private repository
- Added two new Homebrew formula documentation template files (unrelated to security fix)
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| CHANGELOG.md | Replaced private website-rxiv-maker repository links with public website URL (https://rxiv-maker.henriqueslab.org) in lines 1160 and 1163 |
| docs/ECOSYSTEM.md | Updated mermaid diagrams and tables to reference "Documentation Website" instead of private repository name |
| docs/HOMEBREW_FORMULA_TEMPLATE.md | NEW FILE: Homebrew formula update template (unrelated to stated security fix) |
| docs/HOMEBREW_DOCS_CHECKLIST.md | NEW FILE: Homebrew documentation review checklist (unrelated to stated security fix) |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| @@ -0,0 +1,198 @@ | |||
| # Homebrew Formula Update Template | |||
There was a problem hiding this comment.
This PR includes two entirely new files (HOMEBREW_FORMULA_TEMPLATE.md and HOMEBREW_DOCS_CHECKLIST.md) that are not mentioned in the PR description and appear to be unrelated to the stated security fix objective of removing private repository references. These files are about Homebrew formula documentation templates and should either be:
- Removed from this PR and submitted as a separate PR focused on Homebrew documentation, or
- Added to the PR description to explain why they're included in a security-focused PR
| - New utility commands are added to homebrew-formulas | ||
| - Common issues or best practices are identified | ||
|
|
||
| **Last updated:** 2026-02-02 (aligned with rxiv-maker PR #280, folder2md4llms PR #37, TaskRepo PR #12) |
There was a problem hiding this comment.
This file references "rxiv-maker PR #280" but this appears to be a circular reference if this IS PR #280. The PR number should either be corrected to reference the actual PR that established these templates, or this line should be removed/updated to avoid confusion. Additionally, this entire file appears unrelated to the security fix described in the PR title and description.
| **Last updated:** 2026-02-02 (aligned with rxiv-maker PR #280, folder2md4llms PR #37, TaskRepo PR #12) | |
| **Last updated:** 2026-02-02 (aligned with current Homebrew automation workflows across related repositories) |
| ## Related PRs | ||
|
|
||
| Template established and applied in: | ||
| - **rxiv-maker**: PR #280 |
There was a problem hiding this comment.
This file references "rxiv-maker: PR #280" in the "Related PRs" section, which appears to be a circular reference if this IS PR #280. The PR number should be corrected or this line should indicate the PR is pending/in-progress rather than completed.
| - **rxiv-maker**: PR #280 | |
| - **rxiv-maker**: this PR (template introduction) |
This patch release focuses on documentation improvements and security compliance: Documentation: - Align Homebrew formula workflow with CLAUDE.md automation (#280) - Add standardized Homebrew documentation templates (#281) - Prioritize just-based automation across ecosystem Security: - Remove private repository references from public docs (#282) - Comply with CLAUDE.md security guidelines Affects: CONTRIBUTING.md, README.md, CHANGELOG.md, docs/ECOSYSTEM.md Co-Authored-By: Claude Sonnet 4.5 <[email protected]>
This patch release focuses on documentation improvements and security compliance: Documentation: - Align Homebrew formula workflow with CLAUDE.md automation (#280) - Add standardized Homebrew documentation templates (#281) - Prioritize just-based automation across ecosystem Security: - Remove private repository references from public docs (#282) - Comply with CLAUDE.md security guidelines Affects: CONTRIBUTING.md, README.md, CHANGELOG.md, docs/ECOSYSTEM.md Co-authored-by: Claude Sonnet 4.5 <[email protected]>
Summary
Security Fix: Removes references to the private
website-rxiv-makerGitHub repository from public documentation files, complying with CLAUDE.md security guidelines.Issue
CLAUDE.md explicitly states (line 338):
However, public documentation files violated this rule by including direct GitHub repository links.
Changes Made
1. CHANGELOG.md
[website-rxiv-maker](https://github.com/HenriquesLab/website-rxiv-maker)→[official documentation website](https://rxiv-maker.henriqueslab.org)website-rxiv-makerfrom ecosystem list2. docs/ECOSYSTEM.md
website-rxiv-maker→Documentation WebsiteSecurity Impact
Before: Public documentation exposed:
After: Public documentation references only:
Verification
All references now point to the public deployed website, maintaining user access to documentation while protecting internal repository information.
Related
Priority: High - Security/Privacy compliance
Risk: Low - Documentation-only changes, no code modifications
Testing: ✅ Pre-commit hooks passed, no broken links