Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -185,7 +185,7 @@ jobs:
persist-credentials: false

- name: Dependency Review
uses: actions/dependency-review-action@56339e523c0409420f6c2c9a2f4292bbb3c07dd3 # v4.8.0
uses: actions/dependency-review-action@a1d282b36b6f3519aa1f3fc636f609c47dddb294 # v5.0.0

sonar:
name: SonarQube / SonarCloud
Expand Down Expand Up @@ -233,7 +233,7 @@ jobs:

- name: SonarQube / SonarCloud Scan
if: steps.sonar_token.outputs.present == 'true'
uses: SonarSource/sonarqube-scan-action@7006c4492b2e0ee0f816d36501671557c97f5995 # v8.1.0
uses: SonarSource/sonarqube-scan-action@713881670b6b3676cda39549040e2d88c70d582e # v8.2.0
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
# SonarQube Server only: set SONAR_HOST_URL in repo secrets
Expand Down
7 changes: 3 additions & 4 deletions docs/ops/today-mode/CARRYOVER.md
Original file line number Diff line number Diff line change
Expand Up @@ -12,14 +12,13 @@

| Item | Source | Status | Next step / defer |
| ---- | ------ | ------ | ----- |
| **Plans housekeeping wave 1–2 (#91 internal) + #1056/#1062 merge order** | [OPERATOR_TODAY_MODE_2026-06-29.md](OPERATOR_TODAY_MODE_2026-06-29.md) · branch `houseclean/plans-drift-archive-91` | 🔄 In progress | **Wave 1:** merge archive PR (5 plans → `completed/`); **4 link fixes** blocked by PII gate. **Wave 2:** archive `PLAN_OPERATING_DOMAIN_*`, reconcile `PLAN_SCOPE_IMPORT_*`, fix HTTPS table drift in `PLANS_TODO`. **Then** merge **#1062** (rebase). **No new features** until wave 2 lands unless operator overrides. |
| **Plans housekeeping (#91 internal) + #1062 survey** | [OPERATOR_TODAY_MODE_2026-06-29.md](OPERATOR_TODAY_MODE_2026-06-29.md) | ✅ Done | **#91** merged · **#1062** merged **2026-06-30**. Residual: branches **`houseclean/plans-drift-archive-91`** / **`plans-wave-2`** — open PR or delete if superseded. |
| **Legacy pipx / Alpine musl (no-AVX Celeron) — Claude Code spike** | Private investigation **2026-06**; TestPyPI `1.7.4.post1` | ⬜ Paused | ML stack (numpy/scipy/pandas/sklearn) on Alpine **without DL** — evidence stays **`docs/private/`** until token refill (~17h); promote to `PLAN_*` or ADR + optional TestPyPI runbook. |
| **Three fronts (agreed priority): A Vault sync → B Maestro e2e→completão → C release gate #406** | [OPERATOR_TODAY_MODE_2026-06-18.md](OPERATOR_TODAY_MODE_2026-06-18.md) · private map `docs/private/ops/NEXT_SESSION_MAP_3_FRONTS_VAULT_MAESTRO_GATE.pt_BR.md` | ⬜ Pending | **`[U1]`** **B is the headline (2026-06-18):** Claude finished Maestro micro-fixes (17th); today aims at the **first real e2e round** (Capo-handler JWT-enforcement) → **handoff to Cursor** (auditor read-only, Cursor runs `pwsh` completão multi-host). **A** = self-hosted CouchDB LiveSync (isolated warm-up). **C** = gate **fail-closed** — first run **without** license (test #1), license only 2nd round; confirm G1 (`py7zr`+`nfs-utils` Void host), `boar_fast_filter` build ×4, `$HOME=root` bug. Close when gate passes → `1.7.4-rc→1.7.4` release. |
| **Dependabot queue (`deps`, HELD until Maestro handoff): #915 hatchling · #914 uv-minor-patch ×12 · #912 sonarqube-scan-action (blocked: `workflow` scope)** | `gh pr list` 2026-06-18 (#911 codeql-action merged) | ⬜ Pending | Held until handoff so the bench env stays stable. Apply locally + validate per `.cursor/skills/dependabot-recommendations/SKILL.md`; **no blind-merge** (rpds-py CalVer lesson). `rpds-py<2026` cap + `dependabot.yml` ignore already in place (ADR-0069). #912 needs `gh auth refresh -s workflow` or web merge. |
| **Dependabot queue (`deps`) — land or supersede locally** | `gh pr list` **2026-06-30** · skill **dependabot-recommendations** · ADR-0069 **`rpds-py<2026`** | 🔄 In progress | **Merged:** **#1010** claude-action · **#1097** `py7zr` high on `main`. **In flight:** **#915** hatchling (local bump PR). **RED triage:** **#1029** docker 3.14 · **#1025** uv ×31 · **#1011** dep-review 5.0 · **#975** torch · **#974** closed/superseded. **#912** Sonar — `gh auth refresh -s workflow` or web merge. **No blind merge.** |
| **LAB-OP [#756](https://github.com/FabioLeitao/data-boar/issues/756) — disk-constrained lab host ~90% + `bw` CLI on the dev laptop Ansible** | [OPERATOR_TODAY_MODE_2026-05-29.md](OPERATOR_TODAY_MODE_2026-05-29.md) · `PLANS_TODO.md` LAB-OP § | ⬜ Pending | **`[U1]`** SSH + free space on the disk-constrained lab host before completão on that host · **`[U2]`** playbook task for **`bw`** on the dev laptop — **not** release gate; close when issue closes or defer with date |
| **Licensing [#719](https://github.com/FabioLeitao/data-boar/issues/719) — dev env JWT bypass** | GitHub [P1] · `PLANS_TODO.md` **`[H0][U1]` Licensing enforcement** | ⬜ Pending | After **#704** [P0] or if prod exposure confirmed (**U0**); thin **`fix(security)`** + **A6** smoke regression |
| **PCI-DSS v4 / global readiness — PAN noise + ADR-0052 Phase 2 (context gates)** | Operator session **2026-05-14** (strategic note; not vapour carryover) | ⬜ Pending | **Owned row:** `PLANS_TODO.md` post-`1.7.4` table **S4b** — extend `plugin_schema` + validator + `SensitivityDetector` gating (optional proximity / Luhn path); calibrate `docs/compliance-samples/compliance-sample-pci_dss.yaml` vs built-in `CREDIT_CARD`; see `PLAN_YAML_PLUGIN_SYSTEM.md` § *Phase 1b*. Close this carryover row when S4b ships or you defer with a **date** in `PLANS_TODO`. |
| **`v1.7.4-rc` on `main` + GitHub pre-release; Hub stable still `1.7.3`** | [OPERATOR_TODAY_MODE_2026-05-11.md](OPERATOR_TODAY_MODE_2026-05-11.md) · [PUBLISHED_SYNC.md](PUBLISHED_SYNC.md) | ✅ Shipped (RC) | Controlled lab timing **1.7.3 vs 1.7.4-rc** before promoting **S1–S3** product slices; no Hub **`latest`** move unless stable **1.7.4** publish. |
| **`v1.7.4` GA + Hub `latest`** | [OPERATOR_TODAY_MODE_2026-05-11.md](OPERATOR_TODAY_MODE_2026-05-11.md) · [PUBLISHED_SYNC.md](PUBLISHED_SYNC.md) | ✅ Shipped | **GA 2026-06-26** — GitHub **v1.7.4**, Docker Hub **`latest`**, PyPI **`1.7.4.post1`**. Post-GA dev on `main` (e.g. **#1097** licensing) without semver bump until next release ritual. |
| **`zizmor` workflow** — `.github/workflows/zizmor.yml` + local **`scripts/workflow-security-lint.ps1`** / **`.sh`** (manual pre-commit hook) | PR **#354** merged **2026-05-11**; enforced default **#732** | ✅ Done | CI enforced by default (opt out: repo var **`ZIZMOR_ENFORCE=false`**). Local stays advisory unless **`-Enforce`** or **`DATA_BOAR_ENFORCE_ZIZMOR=true`**. |
| **Maestro DB matrix evidence (all-to-all)** | [LAB_LESSONS_LEARNED_2026_05_10.md](../lab_lessons_learned/LAB_LESSONS_LEARNED_2026_05_10.md) | ⬜ Pending | One consolidated round + per-host configs in **`docs/private/homelab/reports/`**. |
| **Post-`1.7.4` short-sprint closure (pick one)** — **S3 CNPJ Phase 5**, **S1 Bandit Phase 3**, **S2 Scope import Phase E** | `PLANS_TODO.md` H1/U1 | ⬜ Pending | After lab metrics or same day if no LAB slot — **`feature`** + **`check-all`**. |
Expand Down
8 changes: 4 additions & 4 deletions docs/ops/today-mode/CARRYOVER.pt_BR.md
Original file line number Diff line number Diff line change
Expand Up @@ -12,12 +12,12 @@

| Item | Origem | Estado | Próximo passo / defer |
| ---- | ------ | ------ | ----- |
| **Três frentes (prioridade combinada): A sync Vault → B Maestro e2e→completão → C gate de release #406** | [OPERATOR_TODAY_MODE_2026-06-18.pt_BR.md](OPERATOR_TODAY_MODE_2026-06-18.pt_BR.md) · mapa privado `docs/private/ops/NEXT_SESSION_MAP_3_FRONTS_VAULT_MAESTRO_GATE.pt_BR.md` | ⬜ Pendente | **`[U1]`** **B é o destaque (2026-06-18):** Claude terminou os micro-fixes do Maestro (17); hoje mira na **primeira rodada e2e pra valer** (Handler Capo, enforcement JWT) → **handoff pro Cursor** (auditor read-only, Cursor roda `pwsh` completão multi-host). **A** = CouchDB self-hosted LiveSync (warm-up isolado). **C** = gate **fail-closed** — primeira rodada **sem** licença (teste #1), licença só na 2ª rodada; confirmar G1 (`py7zr`+`nfs-utils` host Void), build `boar_fast_filter` ×4, bug `$HOME=root`. Fechar quando o gate passar → release `1.7.4-rc→1.7.4`. |
| **Fila Dependabot (`deps`, SEGURADA até o handoff do Maestro): #915 hatchling · #914 uv-minor-patch ×12 · #912 sonarqube-scan-action (bloqueado: escopo `workflow`)** | `gh pr list` 2026-06-18 (#911 codeql-action mergeado) | ⬜ Pendente | Segurada até o handoff para o ambiente do bench ficar estável. Aplicar local + validar conforme `.cursor/skills/dependabot-recommendations/SKILL.md`; **sem merge às cegas** (lição do rpds-py CalVer). Trava `rpds-py<2026` + ignore no `dependabot.yml` já no lugar (ADR-0069). #912 precisa de `gh auth refresh -s workflow` ou merge pela web. |
| **Housekeeping planos (#91) + survey #1062** | [OPERATOR_TODAY_MODE_2026-06-29.pt_BR.md](OPERATOR_TODAY_MODE_2026-06-29.pt_BR.md) | ✅ Feito | **#91** mergeado · **#1062** mergeado **2026-06-30**. Residual: branches **`houseclean/plans-drift-archive-91`** / **`plans-wave-2`**. |
| **Fila Dependabot (`deps`) — landar ou superseder local** | `gh pr list` **2026-06-30** · skill **dependabot-recommendations** · ADR-0069 **`rpds-py<2026`** | 🔄 Em progresso | **Mergeado:** **#1010** claude-action · **#1097** `py7zr` high em `main`. **Em voo:** **#915** hatchling (PR local). **RED:** **#1029** docker 3.14 · **#1025** uv ×31 · **#1011** dep-review 5.0 · **#975** torch · **#974** fechado/superseded. **#912** Sonar — `gh auth refresh -s workflow` ou merge web. **Sem merge às cegas.** |
| **LAB-OP [#756](https://github.com/FabioLeitao/data-boar/issues/756) — host de lab com disco ~90% + `bw` CLI no Ansible do laptop de dev** | [OPERATOR_TODAY_MODE_2026-05-29.pt_BR.md](OPERATOR_TODAY_MODE_2026-05-29.pt_BR.md) · `PLANS_TODO.md` § LAB-OP | ⬜ Pendente | **`[U1]`** SSH + liberar espaço no host de lab com disco apertado antes de completão nesse host · **`[U2]`** task Ansible para **`bw`** no laptop de dev — **não** bloqueia release; fechar quando a issue fechar ou adiar com data |
| **Licensing [#719](https://github.com/FabioLeitao/data-boar/issues/719) — bypass JWT via env de dev** | GitHub [P1] · `PLANS_TODO.md` **`[H0][U1]` Licensing enforcement** | ⬜ Pendente | Depois de **#704** [P0] ou se exposição em prod confirmada (**U0**); PR fino **`fix(security)`** + regressão **A6** `license-smoke` |
| **PCI-DSS v4 / prontidão global — ruído PAN + ADR-0052 fase 2 (gates de contexto)** | Sessão operador **2026-05-14** (nota estratégica; fila com dono) | ⬜ Pendente | **Linha dona:** `PLANS_TODO.md` tabela pós-`1.7.4` **S4b** — estender `plugin_schema` + validador + gating no `SensitivityDetector` (proximity opcional / caminho Luhn); calibrar `docs/compliance-samples/compliance-sample-pci_dss.yaml` vs `CREDIT_CARD` embutido; ver `PLAN_YAML_PLUGIN_SYSTEM.md` § *Phase 1b*. Fechar esta linha do carryover quando **S4b** fechar ou adiar com **data** no `PLANS_TODO`. |
| **`v1.7.4-rc` na `main` + pré-release GitHub; Hub estável ainda `1.7.3`** | [OPERATOR_TODAY_MODE_2026-05-11.pt_BR.md](OPERATOR_TODAY_MODE_2026-05-11.pt_BR.md) · [PUBLISHED_SYNC.pt_BR.md](PUBLISHED_SYNC.pt_BR.md) | ✅ Enviado (RC) | Medição controlada **1.7.3 vs 1.7.4-rc** no lab antes de promover; sem mover Hub **`latest`** até **1.7.4** estável. |
| **`v1.7.4` GA + Hub `latest`** | [OPERATOR_TODAY_MODE_2026-05-11.pt_BR.md](OPERATOR_TODAY_MODE_2026-05-11.pt_BR.md) · [PUBLISHED_SYNC.pt_BR.md](PUBLISHED_SYNC.pt_BR.md) | ✅ Enviado | **GA 2026-06-26** — GitHub **v1.7.4**, Docker Hub **`latest`**, PyPI **`1.7.4.post1`**. Dev pós-GA em `main` (ex. **#1097** licensing) sem bump de semver até próximo release ritual. |
| **Workflow `zizmor`** | PR **#354** mergeado **2026-05-11**; enforce padrão **#732** | ✅ Feito | CI em modo enforced por padrão (opt-out: variável **`ZIZMOR_ENFORCE=false`**). Local continua advisory salvo **`-Enforce`** ou **`DATA_BOAR_ENFORCE_ZIZMOR=true`**. |
| **Evidência matriz DB Maestro (all-to-all)** | [LAB_LESSONS_LEARNED_2026_05_10.md](../lab_lessons_learned/LAB_LESSONS_LEARNED_2026_05_10.md) | ⬜ Pendente | Uma rodada consolidada + configs por host em **`docs/private/homelab/reports/`**. |
| **Fechamento sprint curto pós-`1.7.4`** — S3 CNPJ fase 5, S1 Bandit fase 3, S2 Scope import fase E | `PLANS_TODO.md` H1/U1 | ⬜ Pendente | Após métricas de lab ou no mesmo dia sem slot LAB — **`feature`** + **`check-all`**. |
Expand All @@ -35,7 +35,7 @@
- **E-mail / resposta Corporate-Entity-C WRB** — respondido via issue; canal conta. ✅ confirmado pelo operador.
- **Lab-node-01/LMDE → laptop de dev** — laptop de dev na rede há semanas; setup feito. ✅
- **Preparação 1.6.9** — supersedido pela frente 1.7.0 (arquivado 2026-05-13).
- **Gate de release 1.6.8** — supersedido por 1.7.3 + 1.7.4-rc (arquivado 2026-05-13).
- **Release gate #406 / three fronts (Vault → Maestro → GA)** — **1.7.4 GA shipped 2026-06-26**; gate closed per [PUBLISHED_SYNC.md](PUBLISHED_SYNC.md). Maestro spinout / e2e remains separate backlog (private + issues).
- **1.7.0 publicado + CI** — publicado e supersedido (arquivado 2026-05-13).
- **Rodada Gemini + WRB** (2026-04-02) — bundle Gemini feito 2026-05-13 (4 P0/P1 + 6 Warm resolvidos + corpus CPF expandido).
- **Snapshot quantitativo 2026-04-02** — oportunidade expirada; snapshots futuros com data corrente.
Expand Down
57 changes: 57 additions & 0 deletions docs/ops/today-mode/OPERATOR_TODAY_MODE_2026-06-30.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
# Operator today-mode — 2026-06-30 (Dependabot land · housekeeping close · roadmap)

**pt-BR:** [OPERATOR_TODAY_MODE_2026-06-30.pt_BR.md](OPERATOR_TODAY_MODE_2026-06-30.pt_BR.md)

**Headline:** Land stalled **Dependabot** PRs (validate locally — **no blind merge**; **`rpds-py` cap** per ADR-0069) → close in-flight **housekeeping** ([#91](https://github.com/FabioLeitao/data-boar/issues/91) / [#1062](https://github.com/FabioLeitao/data-boar/pull/1062) already on `main`) → **licensing ladder** follow-up ([#887](https://github.com/FabioLeitao/data-boar/issues/887) — **#1097** shipped Std/Pro+/Partner) → **quick-wins** ([#1089](https://github.com/FabioLeitao/data-boar/issues/1089)–[#1096](https://github.com/FabioLeitao/data-boar/issues/1096)).

**`main` anchor:** post-**#1097** merge (tier + security slice); **`pyproject.toml`** = **`1.7.4.post1`**. **Published stable:** [PUBLISHED_SYNC.md](PUBLISHED_SYNC.md) (**v1.7.4** GitHub + Hub **`latest`**).

---

## Block 0 — Morning reality (10–15 min)

Run **`carryover-sweep`** / **`morning-readiness`**. Then:

1. **`origin/main`:** `git fetch` · `git status -sb` · `gh run list --workflow ci.yml --branch main --limit 1`.
2. **Dependabot:** `gh pr list --author "app/dependabot" --state open` — **RED** triage **#1029** · **#1025** · **#1011** · **#975** · stale **#974**; **VERDE** **#1010** ✅ merged · **#915** hatchling (apply local) · **#912** Sonar (`workflow` scope or web merge).
3. **Stacked private git:** **`private-stack-sync`** if `docs/private/` changed since last push.

**Rolling queue:** [CARRYOVER.md](CARRYOVER.md) · **Published truth:** [PUBLISHED_SYNC.md](PUBLISHED_SYNC.md)

### Social / editorial (~2 min)

- [ ] Skim **`docs/private/social_drafts/editorial/SOCIAL_HUB.md`** — [SOCIAL_PUBLISH_AND_TODAY_MODE.md](SOCIAL_PUBLISH_AND_TODAY_MODE.md).

---

## Priority table

| Order | Track | Intent | Notes |
| ----- | ----- | ------ | ----- |
| **1** | **Dependabot land** | Close or supersede open PRs with local bumps + green CI | Skill: `.cursor/skills/dependabot-recommendations/SKILL.md`; **never** merge **`rpds-py` 2026.x** (ADR-0069) |
| **2** | **Housekeeping** | **#1062** ✅ · **#91** ✅; push **`houseclean/plans-drift-archive-91`** / **`plans-wave-2`** if still off `main` | No new **feature** epic until wave 2 lands unless operator overrides |
| **3** | **Licensing roadmap** | **#887** — enum enforced in **#1097**; close issue + any doc delta in **#853** ladder | Courtesy nudge gated Std+ (ADR-DRAFT-0076) |
| **4** | **Quick-wins** | **#1089–#1092** closed via **#1097**; **#1096** triage remainder; **#1093–#1095** governance slice | **#1080** already closed (**#1087**) |
| **5** | **Defer** | SDK **#865** · research **#1081–#1085** · 1.8 enrich **#1057–#1061** | Token-budget tail |

---

## Carryover — today

- [ ] Re-run **`gh pr checks`** on any Dependabot branch before merge (stale checks block branch protection).
- [ ] **`#912`:** `gh auth refresh -s workflow` or merge via GitHub UI.
- [ ] Confirm **`houseclean/*`** branches: open PR or delete if superseded.

---

## End of day

- **`eod-sync`** + **`private-stack-sync`** if needed.
- Next: **`OPERATOR_TODAY_MODE_2026-07-01.md`** at next session boundary.

---

## Quick references

- Dependabot / deps: **`SECURITY.md`** · ADR-0069 (`rpds-py`)
- Session keywords: **`.cursor/rules/session-mode-keywords.mdc`**
50 changes: 50 additions & 0 deletions docs/ops/today-mode/OPERATOR_TODAY_MODE_2026-06-30.pt_BR.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
# Today mode do operador — 2026-06-30 (Dependabot · housekeeping · roadmap)

**English:** [OPERATOR_TODAY_MODE_2026-06-30.md](OPERATOR_TODAY_MODE_2026-06-30.md)

**Manchete:** Landar PRs **Dependabot** parados (validar local — **sem merge às cegas**; trava **`rpds-py`** ADR-0069) → fechar **housekeeping** em voo ([#91](https://github.com/FabioLeitao/data-boar/issues/91) / [#1062](https://github.com/FabioLeitao/data-boar/pull/1062) já em `main`) → trilha **licensing** ([#887](https://github.com/FabioLeitao/data-boar/issues/887) — **#1097** entregou Std/Pro+/Partner) → **quick-wins** ([#1089](https://github.com/FabioLeitao/data-boar/issues/1089)–[#1096](https://github.com/FabioLeitao/data-boar/issues/1096)).

**Âncora `main`:** pós-merge **#1097**; **`pyproject.toml`** = **`1.7.4.post1`**. **Estável publicado:** [PUBLISHED_SYNC.pt_BR.md](PUBLISHED_SYNC.pt_BR.md) (**v1.7.4** GitHub + Hub **`latest`**).

---

## Bloco 0 — Realidade da manhã (10–15 min)

Rodar **`carryover-sweep`** / **`morning-readiness`**. Depois:

1. **`origin/main`:** `git fetch` · `git status -sb` · `gh run list --workflow ci.yml --branch main --limit 1`.
2. **Dependabot:** `gh pr list --author "app/dependabot" --state open` — **RED** **#1029** · **#1025** · **#1011** · **#975** · **#974** obsoleto; **VERDE** **#1010** ✅ mergeado · **#915** hatchling (aplicar local) · **#912** Sonar (escopo `workflow` ou merge web).
3. **Git privado empilhado:** **`private-stack-sync`** se `docs/private/` mudou.

**Fila viva:** [CARRYOVER.pt_BR.md](CARRYOVER.pt_BR.md) · **Verdade publicada:** [PUBLISHED_SYNC.pt_BR.md](PUBLISHED_SYNC.pt_BR.md)

### Social / editorial (~2 min)

- [ ] Passar **`docs/private/social_drafts/editorial/SOCIAL_HUB.md`** — [SOCIAL_PUBLISH_AND_TODAY_MODE.pt_BR.md](SOCIAL_PUBLISH_AND_TODAY_MODE.pt_BR.md).

---

## Prioridades

| Ordem | Trilha | Intenção | Notas |
| ----- | ------ | -------- | ----- |
| **1** | **Dependabot** | Fechar ou superseder PRs com bump local + CI verde | Skill: `.cursor/skills/dependabot-recommendations/SKILL.md` |
| **2** | **Housekeeping** | **#1062** ✅ · **#91** ✅; branches **`houseclean/*`** se ainda fora de `main` | Sem **feature** nova até wave 2 landar |
| **3** | **Roadmap licensing** | **#887** — enum em **#1097**; fechar issue | Nudge cortesia Std+ (ADR-DRAFT-0076) |
| **4** | **Quick-wins** | **#1089–#1092** via **#1097**; **#1096** restante; **#1093–#1095** governança | **#1080** fechado (**#1087**) |
| **5** | **Adiar** | SDK **#865** · research **#1081–#1085** · enrich 1.8 **#1057–#1061** | Cauda de token |

---

## Carryover — hoje

- [ ] **`gh pr checks`** fresco antes de merge Dependabot.
- [ ] **`#912`:** `gh auth refresh -s workflow` ou UI GitHub.
- [ ] Branches **`houseclean/*`:** abrir PR ou apagar se superseded.

---

## Fim do dia

- **`eod-sync`** + **`private-stack-sync`** se couber.
- Próximo: **`OPERATOR_TODAY_MODE_2026-07-01.md`**.
Loading