chore: scrub private repo references from public codebase

[marcusquinn]

Summary

• Replace all 42 a managed private repo references with generic webapp across 11 files
• Prevents private project name from leaking in the public aidevops repo
• No functional changes — only string replacements in comments, docs, config examples, and task descriptions

Files changed

File	Changes
TODO.md	6 task descriptions genericized
VERIFY.md	6 verification entries genericized
todo/VERIFY.md	4 verification entries genericized
CHANGELOG.md	1 entry genericized
.agents/scripts/localdev-helper.sh	18 references in Traefik config/migration code
.agents/services/hosting/local-hosting.md	1 documentation reference
.agents/scripts/supervisor/dispatch.sh	1 code comment
.agents/scripts/supervisor/deploy.sh	1 code comment
.agents/scripts/supervisor/ai-actions.sh	1 code comment
setup-modules/migrations.sh	1 deprecated MCP name
tests/test-ai-actions.sh	2 test comments

Related cleanup

• 5 misplaced GitHub issues deleted from aidevops (#2191, #1960, #1956, #1923 deleted; t1224.7: Migrate project to new localdev setup — validate end-to-end #1943 PR scrubbed)
• 2 issues re-created in correct private repo (a private repo PR, feat(t021): auto-mark tasks complete from commit messages in release #208)

Summary by CodeRabbit

• Chores

  • Updated local development and deployment configurations to use new repository naming conventions across Traefik routing, MCP management, and cross-repository task handling.
  • Consolidated internal references and task targeting to reflect updated repository structure.

• Documentation

  • Updated verification guides, change logs, and documentation to align with current repository conventions and task references.

• Tests

  • Updated test examples and comments for consistency with repository conventions.

[gemini-code-assist]

Summary of Changes

Hello @marcusquinn, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request focuses on enhancing the privacy and generic nature of the codebase by systematically removing references to a specific private project. The primary goal was to replace all occurrences of 'a managed private repo' with 'webapp' across various files, ensuring that the public repository remains free of sensitive project names. This change is purely cosmetic and informational, with no functional impact on the system, and includes a related cleanup of misfiled GitHub issues.

Highlights

• Private Reference Scrubbing: Replaced all 42 instances of the private project name 'a managed private repo' with the generic 'webapp' across 11 files to prevent leakage into the public codebase.
• No Functional Changes: Confirmed that all changes are purely string replacements in comments, documentation, configuration examples, and task descriptions, with no impact on functionality.
• GitHub Issue Cleanup: Deleted 5 misplaced GitHub issues from the public repository and re-created 2 of them in the correct private repository as part of related cleanup.

Changelog

• .agents/scripts/localdev-helper.sh
  • Updated Traefik migration comments and configuration to use 'webapp' instead of 'a managed private repo'.
• .agents/scripts/supervisor/ai-actions.sh
  • Updated a code comment to refer to 'webapp' instead of 'a managed private repo' in a cross-repo context.
• .agents/scripts/supervisor/deploy.sh
  • Updated a code comment regarding default branch usage to refer to 'webapp' instead of 'a managed private repo'.
• .agents/scripts/supervisor/dispatch.sh
  • Updated a code comment about cross-repo misregistration to refer to 'webapp' instead of 'a managed private repo'.
• .agents/services/hosting/local-hosting.md
  • Updated a documentation reference from 'a managed private repo' to 'webapp' in the webapp/Turborepo section.
• CHANGELOG.md
  • Updated a changelog entry to generalize 'a managed private repo' subtasks to 'private repo' subtasks.
• TODO.md
  • Updated multiple task descriptions (t1239, t1240, t1253, t1255, t1310) to replace 'a managed private repo' with 'webapp'.
• VERIFY.md
  • Updated verification points and hypotheses to replace 'a managed private repo' with 'webapp'.
• setup-modules/migrations.sh
  • Updated a deprecated MCP name from 'hetzner-a managed private repo' to 'hetzner-webapp'.
• tests/test-ai-actions.sh
  • Updated comments in test descriptions to replace 'a managed private repo' with 'webapp' for cross-repo task simulations.
• todo/VERIFY.md
  • Updated verification entries (v193, v201, v210, v212) to replace 'a managed private repo' with 'webapp'.

Activity

• 5 misplaced GitHub issues (#2191, #1960, #1956, #1923) were deleted from the aidevops repository.
• PR t1224.7: Migrate project to new localdev setup — validate end-to-end #1943 was scrubbed for private references.
• 2 issues were re-created in the correct private repository (a private repo PR, feat(t021): auto-mark tasks complete from commit messages in release #208).

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[coderabbitai]

Walkthrough

A comprehensive refactoring replaces "a managed private repo" references with "webapp" across DevOps automation scripts, supervisor tools, configuration generators, and documentation. Changes include shell script function renaming, Traefik routing configuration updates, task tracking references, and test examples.

Changes

Cohort / File(s)	Summary
Traefik & Local Development Configuration .agents/scripts/localdev-helper.sh	Function renamed from create_a managed private repo_confd() to create_webapp_confd(). Traefik routes, router/service names, TLS certificate references, Host rules, and dynamic configuration YAML segments updated from a managed private repo.* to webapp.*. Conditional paths and user-facing migration messages aligned to new webapp namespace.
Supervisor Scripts & Tests .agents/scripts/supervisor/ai-actions.sh, dispatch.sh, deploy.sh, tests/test-ai-actions.sh	Comment and test reference updates replacing a managed private repo examples with webapp equivalents (e.g., repository cross-repo collision warnings, default branch examples, task ID illustrations). No functional or control-flow changes.
Setup & Migration Tools setup-modules/migrations.sh	Deprecated MCP list entry updated from "hetzner-a managed private repo" to "hetzner-webapp", affecting MCP cleanup targeting in opencode.json.
Documentation & Task Tracking CHANGELOG.md, .agents/services/hosting/local-hosting.md, TODO.md, VERIFY.md, todo/VERIFY.md	Textual updates replacing a managed private repo references with webapp across changelog entries, hosting documentation, cross-repo task dispatch guidance, and verification narratives. Plan-linkage anchors and task decomposition examples align to webapp context.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• t1261: Fix dispatch stall from orphaned DB tasks #1974 — Concurrent updates to supervisor scripts (dispatch.sh and ai-actions.sh) contain functional fixes in the same functions being renamed here.

Suggested labels

needs-review

Poem

🚀 From awards to webs, the journey unfolds,
Scripts and configs in new colors bold,
Traefik routes dance with webapp's name,
Supervisor tasks realigned in the game,
One small refactor, A-grade remains! ✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 70.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main change: replacing private repo references (a managed private repo) with generic ones (webapp) across the public codebase, which aligns perfectly with all 11 files modified.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch chore/scrub-private-repo-references

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

🔍 Code Quality Report

�[0;35m[MONITOR]�[0m Code Review Monitoring Report

�[0;34m[INFO]�[0m Latest Quality Status:
SonarCloud: 0 bugs, 0 vulnerabilities, 42 code smells

�[0;34m[INFO]�[0m Recent monitoring activity:
Tue Feb 24 04:21:02 UTC 2026: Code review monitoring started
Tue Feb 24 04:21:02 UTC 2026: SonarCloud - Bugs: 0, Vulnerabilities: 0, Code Smells: 42

📈 Current Quality Metrics

• BUGS: 0
• CODE SMELLS: 42
• VULNERABILITIES: 0

Generated on: Tue Feb 24 04:21:05 UTC 2026

---

Generated by AI DevOps Framework Code Review Monitoring

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.agents/scripts/localdev-helper.sh:
- Line 188: There is a ShellCheck SC2086 warning for an unquoted variable
expansion in the "Preserves existing routes (e.g., webapp) by splitting into
per-app files." block; locate the unquoted parameter expansion around that
section (the token causing SC2086, e.g., an instance of $FOO or $routes used
without quotes) and wrap it in double quotes (change $var to "$var") to prevent
globbing/word-splitting, then re-run .agents/scripts/linters-local.sh to verify
the warning is resolved before committing.

In @.agents/scripts/supervisor/ai-actions.sh:
- Around line 1446-1450: ShellCheck flagged three sed usages with SC2016 and
three source directives with SC1091; for the sed instances (the sed commands
that currently use single-quoted patterns) decide whether variables should
expand—if they should, change the pattern quotes to double quotes so variables
expand (or concatenate the variable outside the single-quoted literal),
otherwise add an inline comment clarifying the literal intent or escape the $ to
silence ShellCheck; for the SC1091 source warnings, update the source statements
to use explicit, resolvable paths (e.g., build an absolute path with dirname
"$0") and guard them with if [ -f ... ]; then . "path"; fi or run shellcheck
with -x in CI so external sourced files are included; after making these
changes, run shellcheck (shellcheck -x) and ensure exit code 0.

---

ℹ️ Review info

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between db516f3 and 471a8c2.

📒 Files selected for processing (11)

• .agents/scripts/localdev-helper.sh
• .agents/scripts/supervisor/ai-actions.sh
• .agents/scripts/supervisor/deploy.sh
• .agents/scripts/supervisor/dispatch.sh
• .agents/services/hosting/local-hosting.md
• CHANGELOG.md
• TODO.md
• VERIFY.md
• setup-modules/migrations.sh
• tests/test-ai-actions.sh
• todo/VERIFY.md

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Run ShellCheck on the target script
if [ -f ".agents/scripts/localdev-helper.sh" ]; then
  echo "=== Running ShellCheck ==="
  shellcheck -x -f gcc .agents/scripts/localdev-helper.sh 2>&1 || true
else
  echo "File not found: .agents/scripts/localdev-helper.sh"
fi

Repository: marcusquinn/aidevops

Length of output: 202

---

🏁 Script executed:

#!/bin/bash
# Examine the changed lines to understand the modifications
echo "=== Changed line 188 ==="
sed -n '185,191p' .agents/scripts/localdev-helper.sh | cat -n

echo -e "\n=== Changed lines 225-233 ==="
sed -n '225,233p' .agents/scripts/localdev-helper.sh | cat -n

echo -e "\n=== Changed lines 239-270 ==="
sed -n '239,270p' .agents/scripts/localdev-helper.sh | cat -n

echo -e "\n=== Changed line 2308 ==="
sed -n '2305,2311p' .agents/scripts/localdev-helper.sh | cat -n

Repository: marcusquinn/aidevops

Length of output: 2483

---

🏁 Script executed:

#!/bin/bash
# Check script size and overall structure
echo "=== Script statistics ==="
wc -l .agents/scripts/localdev-helper.sh
echo ""
echo "=== Verify script is executable and well-formed ==="
bash -n .agents/scripts/localdev-helper.sh && echo "✓ Syntax valid" || echo "✗ Syntax error"

Repository: marcusquinn/aidevops

Length of output: 197

---

Address pre-existing ShellCheck violation before committing.

ShellCheck found a minor SC2086 note at line 1055 (double quote to prevent globbing). The changed segments are syntactically sound and follow proper shell scripting patterns (error redirects, conditionals, heredoc usage). Per guidelines, resolve the pre-existing SC2086 and run .agents/scripts/linters-local.sh before committing.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.agents/scripts/localdev-helper.sh at line 188, There is a ShellCheck SC2086
warning for an unquoted variable expansion in the "Preserves existing routes
(e.g., webapp) by splitting into per-app files." block; locate the unquoted
parameter expansion around that section (the token causing SC2086, e.g., an
instance of $FOO or $routes used without quotes) and wrap it in double quotes
(change $var to "$var") to prevent globbing/word-splitting, then re-run
.agents/scripts/linters-local.sh to verify the warning is resolved before
committing.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Run ShellCheck on the supervisor script
if [ -f ".agents/scripts/supervisor/ai-actions.sh" ]; then
  echo "=== Running ShellCheck on ai-actions.sh ==="
  shellcheck .agents/scripts/supervisor/ai-actions.sh 2>&1
  exit_code=$?
  echo ""
  echo "Exit code: $exit_code"
  if [ $exit_code -eq 0 ]; then
    echo "✓ ShellCheck passed with no issues"
  else
    echo "✗ ShellCheck found issues (see above)"
  fi
else
  echo "File not found: .agents/scripts/supervisor/ai-actions.sh"
fi

Repository: marcusquinn/aidevops

Length of output: 1937

---

ShellCheck found 6 info-level issues — review and address before commit.

ShellCheck reports:

• SC2016 (lines 1402, 2142, 2169): Single quotes in sed patterns flagged as preventing variable expansion. Verify if double quotes are needed or if these patterns are intentionally literal.
• SC1091 (lines 2393, 2395, 2397): Source directives not followed — run shellcheck -x to include external sourced files and suppress these warnings.

Address the SC2016 warnings and confirm the file passes ShellCheck cleanly (exit code 0) per the A-grade automation toolchain standard.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.agents/scripts/supervisor/ai-actions.sh around lines 1446 - 1450,
ShellCheck flagged three sed usages with SC2016 and three source directives with
SC1091; for the sed instances (the sed commands that currently use single-quoted
patterns) decide whether variables should expand—if they should, change the
pattern quotes to double quotes so variables expand (or concatenate the variable
outside the single-quoted literal), otherwise add an inline comment clarifying
the literal intent or escape the $ to silence ShellCheck; for the SC1091 source
warnings, update the source statements to use explicit, resolvable paths (e.g.,
build an absolute path with dirname "$0") and guard them with if [ -f ... ];
then . "path"; fi or run shellcheck with -x in CI so external sourced files are
included; after making these changes, run shellcheck (shellcheck -x) and ensure
exit code 0.

[gemini-code-assist]

Code Review

This pull request effectively scrubs references to the private awardsapp repository, replacing them with the generic webapp across various files. The changes are straightforward string replacements in comments, documentation, and configuration examples, with no functional impact. I've identified one minor improvement opportunity in a shell script to remove unnecessary error suppression, which will enhance debuggability.

[gemini-code-assist]

The error suppression 2>/dev/null is unnecessary here as the existence of $dynamic_yml is already checked earlier in the migrate_traefik_to_confd function. Removing the suppression will make potential issues like file read permissions visible for easier debugging.

Suggested change

	if grep -q 'webapp' "$dynamic_yml" 2>/dev/null; then
	if grep -q 'webapp' "$dynamic_yml"; then

References

1. Avoid using 2>/dev/null to suppress errors on file operations if the file's existence has already been verified by a preceding check (e.g., [[ -f "$file" ]] or an early return). This practice is redundant for 'file not found' errors and can mask other important issues like permissions problems.