From 1b1489a1832426ffa24e3721578c7b4fc537ddbf Mon Sep 17 00:00:00 2001
From: hanig <hani.goodarzi@ucsf.edu>
Date: Sat, 7 Feb 2026 11:13:07 -0800
Subject: [PATCH 1/2] Add public deployment warning and CI test workflow

---
 .github/workflows/tests.yml | 48 +++++++++++++++++++++++++++++++++++++
 README.md                   |  4 ++++
 2 files changed, 52 insertions(+)
 create mode 100644 .github/workflows/tests.yml

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
new file mode 100644
index 0000000..543cec8
--- /dev/null
+++ b/.github/workflows/tests.yml
@@ -0,0 +1,48 @@
+name: Test Suite
+
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: read
+
+jobs:
+  test:
+    name: Pytest (Python ${{ matrix.python-version }})
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        python-version: ["3.11", "3.12"]
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+          cache: pip
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install -r requirements.txt
+
+      - name: Run tests
+        env:
+          PYTHONPATH: .
+          GOOGLE_CLIENT_ID: test-client-id
+          GOOGLE_CLIENT_SECRET: test-client-secret
+          GITHUB_TOKEN: test-github-token
+          GITHUB_USERNAME: test-user
+          GITHUB_ORG: test-org
+          SLACK_BOT_TOKEN: test-slack-bot-token
+          SLACK_APP_TOKEN: test-slack-app-token
+          OPENAI_API_KEY: test-openai-key
+          ANTHROPIC_API_KEY: test-anthropic-key
+        run: pytest -q
diff --git a/README.md b/README.md
index 7f55f0d..660f64c 100644
--- a/README.md
+++ b/README.md
@@ -4,6 +4,10 @@ A personal knowledge graph system that aggregates data from multiple Google acco
 
 > Disclaimer: This project is built by a scientist, not a security specialist. Review, harden, and use it at your own discretion, especially before handling sensitive data or deploying in production environments.
 
+## Public Deployment Warning
+
+This project is designed first for personal/local use. Do not expose it publicly or use it in multi-user/production environments without a full security review, least-privilege credentials, network hardening, and strict access controls.
+
 ## Features
 
 ### Core Capabilities

From 74a70b1339b75254ce8dcbcfad24bae259a8b637 Mon Sep 17 00:00:00 2001
From: hanig <hani.goodarzi@ucsf.edu>
Date: Sat, 7 Feb 2026 11:15:49 -0800
Subject: [PATCH 2/2] Fix CI env for config tests

---
 .github/workflows/tests.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 543cec8..d2eecb6 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -38,11 +38,16 @@ jobs:
           PYTHONPATH: .
           GOOGLE_CLIENT_ID: test-client-id
           GOOGLE_CLIENT_SECRET: test-client-secret
+          GOOGLE_ACCOUNTS: test
+          GOOGLE_EMAILS: '{"test":"test@example.com"}'
+          GOOGLE_TIER1: test
+          GOOGLE_TIER2: ""
           GITHUB_TOKEN: test-github-token
           GITHUB_USERNAME: test-user
           GITHUB_ORG: test-org
           SLACK_BOT_TOKEN: test-slack-bot-token
           SLACK_APP_TOKEN: test-slack-app-token
+          SLACK_AUTHORIZED_USERS: U123TEST
           OPENAI_API_KEY: test-openai-key
           ANTHROPIC_API_KEY: test-anthropic-key
         run: pytest -q