Seven real-but-redacted artifacts from DocPro’s actual workflow. Not a description of the system — a sample of the records it produces. Each artifact is labeled with its source, date, and scope.
# REVIEW LEDGER — 35th-Pass Code Review (2026-06-20)
Bootstrap:
session_id: [redacted]
prior passes: 34 (all findings terminal at pass 34)
prior HEAD: 28b0a978 → current HEAD: 51ded459
project context loaded: Yes (carl / anthony / diana / abish)
MUST-ENFORCE preferences honored: Yes
Scope:
Single code delta since 34th all-green pass:
commit c3d48923 — v5.4.49 verbosity ↔ output-style sync
commit 51ded459 — EP15 greenhouse staging loader
Files deep-reviewed:
docpro-extension/src/SidebarProvider.ts
docpro-extension/src/sidebar/MessageRouter.ts
media/sidebar.template.html
docs/SugarShack/Greenhouse/Episodes/scripts/load_ep15_episode.py
dist/SidebarProvider.js (dist parity)
tests/sidebar/VerbosityOutputStyle.spec.ts
———
SUMMARY
Severity Found Remaining
-------- ----- ---------
Critical 0 0
High 0 0
Medium 0 0
Low 1 0
ANCHOR-CHAL 0 0
Total 1 0
Net: 1 Low finding, FIXED-VERIFIED. 0 open.
———
LOW
ID Sev Status File:Line
------ --- ------ ---------
Ext-L1 Low FIXED-VERIFIED SidebarProvider.ts:~1473
What: Dropdown-display test for "Explanatory" matches case-insensitively
(onDisk.toLowerCase() === "explanatory"), but the self-heal that rewrites
the value to canonical "Explanatory" fired only on the exact lowercase
string (if (onDisk === "explanatory")). Result: "EXPLANATORY" displayed
as Detailed but was never healed; Claude Code’s case-sensitive matcher
silently ignored it, producing no Insight callouts.
Fix: heal predicate changed to
onDisk.toLowerCase() === "explanatory" && onDisk !== "Explanatory"
First clause: exact case-insensitive match (same test as display branch).
Second clause: excludes canonical value (idempotent).
Regression test added: "EXPLANATORY" → displays Detailed + heals to canonical.
Rebuilt dist from tsc. Version: 5.4.49 → 5.4.50. Gauge: 0 open.
———
HONORED, NOT RE-FLAGGED
Native outputStyle mechanism, not prompt injection
_setVerbosityMode writes the Claude Code outputStyle settings key.
It injects no prompt text. Directly honors standing "DO NOT CHANGE
PROMPTS / use the native mechanism" rule. Not a finding.
FIX M20 $HOME write-guard
_updateClaudeSettings:1535 — refuses to write when no workspace
folder is open. Read and write targets match. Not a finding.
EP15 staging loader
ORM select/delete (no SQL string-building). Idempotent guard refuses
to overwrite any row with mp3_path set or non-editing status.
One-off staging script. Not a finding.
Entire backend / frontend / migrations / extension remainder
0 findings at 33rd/34th cold passes with no source change since.
Dispositions honored under the cold-review pull model.
What this shows: DocPro’s code review runs against a persistent ledger. The same codebase is reviewed pass after pass; the gauge tracks open findings across all passes, not just the current one. A finding marked FIXED-VERIFIED closes only when the fix is verified in compiled dist, not just source. Previous architectural decisions are re-confirmed each pass rather than silently assumed.
# REMEDIATION RECORD — SiteWork M3 (2026-06-21)
# Source: security gate catch before deploy
———
FINDING (caught pre-deploy by Carl + security review)
Claim on site: "Raw audio is not retained."
Source check: grep "recording_data" backend/
→ elevenlabs_client.py: recording_data = audio_bytes [live write, line 194]
→ backend/models.py:517: recording_data = LargeBinary, nullable=True
Verdict: OVERCLAIM. Binary audio data IS written to ReachOutCall.recording_data
after a Meet the Team or Call Team session. The claim "not retained" was false.
———
CORRECTION
Before (incorrect):
"Raw audio is not retained. We do not store call recordings."
After (source-verified):
"Call audio is stored as binary in the database (ReachOutCall.recording_data,
backend/models.py:517). It is cleared automatically after 30 days by
cleanup_old_recordings() (idle_monitor_service.py:752). The full call record
(including transcript) is deleted at 90 days."
Pages corrected:
security.html — calls bullet + data table rows + auto-expire statement
for-it.html — data boundary list (line 706)
episodes.html — footnote (line 882)
getting-started.html — no audio claim present; confirmed clean
Correction method: read backend source first, write HTML second.
No placeholder cells published. Table cells not yet verifiable → "Contact us."
———
VERIFICATION
Abish Agent 1 (backend accuracy): 9/9 cells verified against backend/models.py
Abish Agent 2 (cross-page consistency): zero vague phrases remaining
grep "some calls" → 0 hits
grep "expires on its own" → 0 hits
grep "expiring status lifecycle" → 0 hits
Conditional flag: Studio audio retention absent from episodes.html.
Ruling: deferred to FIX-LIST (no Studio section exists to anchor it).
Status: REMEDIATED. Deploy authorized.
What this shows: DocPro’s security gate catches overclaims before they reach production. The correction process reads backend source, writes the claim, and verifies against the source — not the other way around. Vague language ("some calls," "expires on its own") is treated as a failing condition.
# ANCHOR-CHALLENGE EXHIBIT — 35th-Pass Code Review (2026-06-20)
# Section: Honored, not re-flagged
Purpose: When a reviewer encounters a pattern that looks like a finding
but is actually a documented architectural decision, it is recorded here
rather than flagged. This prevents the same correct design from being
re-opened as a finding on every subsequent pass.
———
ANCHOR VERIFIED — Native outputStyle mechanism, not prompt injection
Pattern observed:
_setVerbosityMode() and _updateClaudeSettings() in SidebarProvider.ts
write the Claude Code-native "outputStyle" key to .claude/settings.local.json
when the user selects "Detailed" in the Response Style dropdown.
Why this looks like a finding:
Behavioral modification of Claude Code via a settings write is functionally
adjacent to prompt injection. A cold reviewer unfamiliar with the standing
decision might flag it.
Why it was not flagged:
Standing MUST-ENFORCE rule: "DO NOT CHANGE PROMPTS. Use the vendor’s native
mechanism." The outputStyle settings key IS the native mechanism. Anthropic
ships it specifically for this purpose. The alternative (injecting a prompt
directive) was the prohibited path. This implementation is the correct one.
Cross-references honored:
REVIEW-2026-05-24 Ext-M14 — "terse" reserved-for-future (intentional no-op).
FIX M20 $HOME write-guard — write path guarded, read path matches target.
FIX M21 on-show reload — dropdown reloads from disk on sidebar open.
Reviewer ruling: HONORED. Not a finding.
Carried forward to pass 36+ as a standing not-a-finding.
———
ANCHOR-CHALLENGE count this pass: 0
(No anchor was successfully challenged. All 4 standing anchors verified accurate.)
What this shows: DocPro’s review system carries forward architectural decisions as anchors. A subsequent pass must confirm an anchor is still accurate before relying on it — it cannot simply assume. If a cold reviewer challenges an anchor and proves it is wrong, it becomes a finding. If the anchor holds, the ruling is "honored, not re-flagged" and the record shows why.
# MEMORY COMPRESSION EXHIBIT
# Illustrative sample — demonstrates D2 compression pipeline structure.
# Content is synthesized. No customer data, no real session IDs.
———
BEFORE COMPRESSION (raw memory record, ~2100 chars)
[2026-05-14 09:41 UTC] persona=anthony
Project: [redacted]
Session: deploy after tsc rebuild
"After any MCP src change, grep docpro-plugin/mcp/dist/*.js for the
changed token before declaring fix shipped. Rebuild first (npm run build),
then commit, then push, then pull to prod. Declaring shipped before the
prod pull is the exact failure mode that cost Keith 40 minutes on 2026-05-13.
After every rsync to [server redacted], run chown -R [user]:[user] [path]
or service crashes on next request. This is not documented anywhere. It bit
us three times because the deploy looked clean in the terminal.
After version bump in package.json, restart the backend on prod. The download
endpoint reads package.json at runtime. A running process holds the stale
version string until restart."
[2026-05-15 11:20 UTC] persona=anthony
Project: [redacted]
Session: extension build
"When verifying an extension fix, confirm compiled dist matches source —
not just TypeScript. Commit dist alongside src. A fix that lives only in .ts
ships nothing to end users.
Before VSIX build: chown ENTIRE extension tree first. Not just dist and
node_modules — the ENTIRE tree. Partial chown silently produces a VSIX
that fails verification on prod."
[2026-05-16 14:05 UTC] persona=anthony
Project: [redacted]
Session: marketplace publish
"vsce 401 on publish — verify-pat probe is step ZERO. If 401, PAT is bad.
Do not repackage, rebuild, or strip manifest. Get a fresh PAT first.
The publisher field in package.json is lowercase 'docpro' — confirmed
working. Never change to 'DocPro'."
———
AFTER D2 COMPRESSION (~620 chars, 3 MUST-ENFORCE rules preserved)
[2026-05-16, compressed 2026-05-21] persona=anthony
Compression: D2 (preference count validated: 3 in → 3 out)
MUST-ENFORCE: After any MCP src change, grep dist/*.js for changed token
before declaring shipped. Rebuild (npm run build) → commit → push →
prod pull. Never declare shipped before prod pull.
MUST-ENFORCE: After deploy to [server redacted], run chown or service crashes.
Undocumented; runs silently fail on next request. Before VSIX build: chown
ENTIRE extension tree, not just dist/node_modules.
MUST-ENFORCE: Version bump → backend restart on prod (reads package.json
at runtime). vsce 401: verify-pat is step ZERO before repackaging. Publisher
field is lowercase 'docpro' — do not change.
What this shows: DocPro’s memory compression validates that preference count is preserved before accepting the compressed form. If a single MUST-ENFORCE rule is lost during compression, the operation aborts and the original is retained. The compression target is fidelity to the rules, not brevity for its own sake.
# BUILD MODE MILESTONE LOG — SiteWork (2026-06-21)
# Milestone 2: Fix Get Started (install safety + access)
# Source: docs/SiteWork_[redacted]/MILESTONES.md
Status: COMPLETE & LIVE
Commit: 3119e8c8
QA: Abish Code Sweep = SHIP
Sign-offs: Carl (security/hash gate), Diana (desktop + mobile visuals)
Deploy: git pull --ff-only (nginx direct-serve, no build step)
———
DELIVERABLES
[x] Choose-your-path section after hero
4 cards: Individual builder, Enterprise pilot, Research access,
Security review. Enterprise card uses amber to mark higher intent.
[x] Costs reframed
"DocPro Cloud is in limited access, moving deliberately."
No published cost reason. No "pricing in refinement."
[x] Before-you-install block
Windows status, VS Code 1.93+ requirement, API key (dp_ prefix),
Marketplace path, what installs (two user-space pieces),
where data goes with links to /security and /for-it.
[x] P0.4 install reorder
Marketplace card (RECOMMENDED, green) first
→ inspectable PowerShell installer (download-only irm -OutFile)
→ Verify step (Get-AuthenticodeSignature + Get-FileHash,
Expected SHA-256 visible near the command)
→ Run step (irm ... | iex LAST, after safety explanation)
→ Arrival → Uninstall/revoke/remove
→ Enterprise/security contact callout
[x] Installer stated signed (Toast2IT LLC OV, valid to 2027-04-15)
"No system service, kernel driver, or background telemetry agent."
[x] JSON-LD HowTo rewritten to Marketplace-first safe order
Was: pipe-first in Google-indexed structured data.
Now: VS Code Extension first in HowToStep 1.
[x] Cross-page fix
for-it.html published a stale installer SHA-256.
Corrected to live hash so both pages byte-match the served artifact.
ACCEPTANCE CRITERIA MET
IT never sees irm | iex before the safer explanation.
Proof: installer hash appears before pipe command in served HTML document order.
Verified on-box + from public origin (curl body grep, not local file read).
A visitor knows whether they can install today and how to request access.
QA GATE RESULT: SHIP
Blast radius: getting-started.html (+407/-39), for-it.html (1 line)
Security: hash-before-pipe ordering verified; no pipe-command-first exposure
Regression: JSON-LD HowTo step order verified; no breaking change to step 2+
Architectural consistency: install sequence matches security model on /for-it
What this shows: Build Mode milestones have explicit acceptance criteria, not just task checklists. "Done" is defined before work starts and verified — not declared by the implementer. QA is a separate gate that reads the same acceptance criteria and confirms them independently. A milestone marked COMPLETE has a commit hash, a QA verdict, and sign-offs on record.
# ILLUSTRATIVE RECORD — ReachOutCall + linked MeetSession
# Source schema: backend/models.py
# ReachOutCall class (lines 470–523): core call record, transcript, recording
# MeetSession class (lines 526–565): encrypted session fields, linked to ReachOutCall
# This is a constructed example. No customer data. No real session IDs.
———
id [redacted UUID]
user_id [redacted UUID]
trigger meet_the_team
persona_key carl
source ide
status complete
duration_seconds 263 (4m 23s)
transcript [stored]
Column type: Text, nullable=True (models.py:505)
Encryption: PLAINTEXT — not encrypted at rest
Note: The transcript field is readable by backend
processes without decryption. This is disclosed on
the security page.
recording_data [stored]
Column type: LargeBinary, nullable=True (models.py:517)
Content: raw audio bytes, fetched post-call
recording_status: ready
recording_duration_seconds 263
guest_name [redacted]
guest_phone [redacted]
—— linked MeetSession record (models.py:526) ——
guest_context [stored, encrypted]
Column type: EncryptedText (Fernet) (models.py:542)
Note: These fields live on MeetSession, not on
ReachOutCall itself. One MeetSession row is created
per Meet the Team call and linked to the ReachOutCall.
situational_brief [stored, encrypted]
canon_events [stored, encrypted]
guest_profile [stored, encrypted]
full_log [stored, encrypted]
summary [stored, encrypted]
created_at 2026-06-14 14:32:07 UTC
———
RETENTION SCHEDULE (source: idle_monitor_service.py)
recording_data cleared: 30 days (cleanup_old_recordings, line 752)
recording_status after: "expired"
Full record deleted: 90 days (cleanup_old_call_records, line 791)
Note: retention_days=30 and retention_days=90 are Python default arguments
in the service functions, not database-driven config values. A code change
to these defaults would immediately alter retention without a migration.
The security page is updated when these values change.
What this shows: The ReachOutCall record schema distinguishes encrypted fields (guest context, profile, session log) from plaintext fields (transcript). This distinction is disclosed on the security page. Audio recordings are stored temporarily — 30-day automatic clear, full record deletion at 90 days — driven by service functions that run on a schedule.
| Claim | Source Field / Mechanism | File:Line | Verified | Auth |
|---|---|---|---|---|
| IDE conversation turns encrypted at rest | IDESessionTurn.content / EncryptedText (Fernet) | backend/models.py:859 | 2026-06-22 | Engineering |
| Call transcripts stored as plaintext (not encrypted) | ReachOutCall.transcript / Text, nullable | backend/models.py:505 | 2026-06-22 | Engineering |
| Call audio recordings cleared at 30 days | cleanup_old_recordings(retention_days=30) — Python default arg | backend/idle_monitor_service.py:752 | 2026-06-22 | Engineering |
| Full call records deleted at 90 days | cleanup_old_call_records(retention_days=90) — Python default arg | backend/idle_monitor_service.py:791 | 2026-06-22 | Engineering |
| Morning Read audio stored as file path (not binary blob) | DailyBriefEpisode.mp3_path / Text, nullable | backend/models.py:1064 | 2026-06-22 | Engineering |
| Studio audio stored as file path (not binary blob) | SaturdayNightEpisode.mp3_path / Text, nullable | backend/models.py:1149 | 2026-06-22 | Engineering |
| Meet the Team guest context encrypted at rest | MeetSession.guest_context / EncryptedText (Fernet) — linked session record, separate from ReachOutCall row | backend/models.py:542 | 2026-06-22 | Engineering |
| Team memory content encrypted at rest | PersonaMemory.content / EncryptedText (Fernet) | backend/models.py:691 | 2026-06-22 | Engineering |
| Morning Read download links expire at 48 hours | MORNING_READ_DOWNLOAD_EXPIRE_HOURS = 48 | backend/auth.py:117 | 2026-06-22 | Engineering |
| Studio download links expire at 72 hours | SATURDAY_NIGHT_DOWNLOAD_EXPIRE_HOURS = 72 | backend/auth.py:118 | 2026-06-22 | Engineering |
| Conference Call trigger type | trigger = "manual" — shares ReachOutCall model and retention | backend/routes/ide/calls_tips.py:303 | 2026-06-22 | Engineering |
What this shows: Every security claim on the DocPro site is backed by a source citation — model column, service function, or constant — with a file-and-line reference and a verification date. Claims without a source citation are not published. When source code changes, the site claim is updated in the same commit.