Skip to content

docs: add CHANGELOG + refresh ENGINE.md / project history#5

Merged
vedantggwp merged 1 commit into
masterfrom
cc/docs-history
Jun 13, 2026
Merged

docs: add CHANGELOG + refresh ENGINE.md / project history#5
vedantggwp merged 1 commit into
masterfrom
cc/docs-history

Conversation

@vedantggwp

@vedantggwp vedantggwp commented Jun 13, 2026

Copy link
Copy Markdown
Owner

Maintains a written history of the work done locally and brings the canonical docs current. Adds CHANGELOG.md (build → security hardening → live → free OSS demo, with an Ops lane for deploys/migrations). Refreshes scan-service/ENGINE.md (systemd supervision, 2026-06-12 SSRF deploy, legacy report endpoint). Links the changelog from README + MANIFEST. Historical planning/audit docs left intact as the record.

@vedantggwp
docs: add CHANGELOG, refresh ENGINE.md, link project history
fcfed01 
- CHANGELOG.md: full project history (initial build -> security hardening ->
  going live -> free OSS demo), with an "Ops" lane for live-infra changes that
  never landed as commits (deploys, migrations, systemd).
- scan-service/ENGINE.md: corrected to reflect the `neuroedge-scan` systemd unit
  (was "nohup, no supervisor"), the 2026-06-12 SSRF surgical deploy + translator
  landmine, and /api/generate-report marked legacy/unused.
- README + MANIFEST: link the changelog; note the paid-subsystem removal.
@vedantggwp vedantggwp merged commit 62da366 into master Jun 13, 2026
@vedantggwp vedantggwp mentioned this pull request Jun 13, 2026
Merged
@devin-ai-integration

devin-ai-integration Bot commented Jun 13, 2026

Copy link
Copy Markdown

Code Review — PR #5

Overall: Good documentation maintenance. The CHANGELOG, ENGINE.md refresh, and README cross-links are all useful.

Findings

  1. CHANGELOG.md wasn't actually tracked — This PR added the content and the README/MANIFEST links, but .gitignore was still blocking it. PR docs: track CHANGELOG.md (allowlist in .gitignore) #6 fixed this, but the two should arguably have been one commit. Not a bug per se, but the commit history shows a window where CHANGELOG.md was referenced but untracked — any clone between the two merges would have dangling links.

  2. ENGINE.md request-guard not in the test list (scan-service/ENGINE.md:99):
    The "Tests" section at the bottom says:

    "Vitest suite covers score, industry-detector, translator (output schema validation), and url-validator."

    It doesn't mention request-guard despite PR fix(security): SSRF sub-resource + fail-closed, webhook 500, trusted rate-limit IP #2 adding 7 tests for it. This was the PR that refreshed ENGINE.md — the new test suite entry should have been added here.

  3. ENGINE.md still references /api/generate-report as "legacy — unused" — The route still exists in server.ts, and this doc correctly calls it out. But the "Environment" section (line 46-49) still lists RESEND_API_KEY as "Required" even though the only consumer of Resend (/api/generate-report) is now dead code. Should be moved to "Optional" or removed.

  4. Nit — MANIFEST.md consistency: The new MANIFEST entry for CHANGELOG.md says "Keep a Changelog style" but the CHANGELOG itself says "Format loosely follows Keep a Changelog" — minor mismatch in specificity.

No bugs — docs-only PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@vedantggwp