Phase 2 of the merge-hardening effort (Phase 1 added bin/fork-check + the
fork-invariants manifest).
- config/brand_assets.sha256: checksum baseline of the WaboSign 'W' mark assets
(the 6 logos + both apple-touch icons, which the old hardcoded 6-file restore
list missed). bin/fork-check now verifies each asset's sha256 (catching a
silent upstream overwrite that bypasses the text sweep) and warns about
public/ brand-looking files not in the baseline. Single source of truth.
- bin/sync-upstream: restore brand assets by reading the baseline (not a
hardcoded list, so new brand files are covered automatically); run BOTH
rebrand-check and fork-check after the post-merge sweep, aborting with a
remediation message and leaving the tree in place if either fails; optional
RUN_TESTS=1 to run rspec; print a status summary + the human-judgment residue.
- .gitattributes: add the two apple-touch icons to the -merge brand list,
kept in sync with the baseline.
- REBRANDING.md: replace the 21-item manual post-merge checklist (which was not
run reliably) with an automated tier delegated to fork-check + the manifest,
plus a slim human-judgment residue; add an agent sync runbook and an
'Adding a new fork invariant' guide; correct the stale based_on attribution note.
- rebrand-check/rebrand-sync: allowlist/deny the new baseline file (its comment
legitimately references DocuSeal's logo).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Upstream syncs repeatedly re-introduce DocuSeal's freemium gates, delete
fork code, overwrite brand assets, and drop AGPL attribution; recovery took
~7 repair commits after the 3.0.2 sync. rebrand-check only catches surviving
DocuSeal *text*, and the REBRANDING.md post-merge checklist was manual and
not run reliably (two regressions it claims were fixed were still live).
Add bin/fork-check, a stdlib-only runner driven by config/fork_invariants.yml,
asserting: must-exist fork files/brand assets, must-not-exist placeholders /
console_redirect / lib/docuseal.rb (Zeitwerk guard), must-contain attribution
+ renamed identifiers + SDK tokens, path-scoped must-not-contain gate markers,
forbidden global markers, forbidden i18n keys, no dangling partial renders,
and PRESERVE<->ALLOW_PATTERNS consistency between rebrand-sync/rebrand-check.
Wired into CI as the 'Fork invariants' job. Allowlist the new guard + manifest
in rebrand-check and deny them in rebrand-sync so the sweep can't corrupt them.
Baseline cleanup so the new gate-absence checks pass (both documented as
removed in REBRANDING.md but live on master): remove the ENTERPRISE_PATHS
'Pro Edition' export paywall from errors_controller.rb, and the multitenant?
reminder-duration gate from _reminder_form.html.erb.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Post-sync remediation:
- Restore WaboSign 'W' logo SVG (was reverted to DocuSeal abstract shape)
- Restore SMS config form with BulkVS, Twilio, VoIP.ms, SignalWire providers
- Add AGPL §7(b) upstream attribution to footer (DocuSeal link alongside WaboSign)
- Remove Console feature entirely (controller deleted, routes/constants removed)
- Remove all Pro/Plan/Upgrade gating — features now freely available
- Make all user roles selectable (editor/viewer no longer disabled)
- Remove upgrade button from navbar, plans link from settings nav
- Remove console redirect from sessions controller
- Add _logo.html.erb to rebrand-sync DENY_PATHS to prevent future overwrites
- bin/sync-upstream: automation script for upstream tag sync with
logo file restoration from ORIG_HEAD after merge
- CI: setup-node@v1->@v4, set-output->$GITHUB_OUTPUT,
docuseal_test->wabosign_test, add rebrand-check and
assets-precompile jobs
- Docker: checkout@v3->@v4, metadata-action@v4->@v5,
login-action@v3->@v6, images->wabolabs/wabosign, add PR build test
- rebrand-sync: add logo paths to DENY_PATHS
- .gitattributes: add -merge for brand logo files
- REBRANDING.md: update per-sync workflow with logo restoration step
Adds a deterministic rebrand sweep so each upstream sync is a scripted
transformation rather than a manual sweep:
- bin/rebrand-sync — idempotent Ruby script that rewrites DocuSeal →
WaboSign tokens across the tree (Ruby module, AATL cert name, DB
names, Docker user, registry/repo URLs, DOM-ID/localStorage prefix,
daisyUI theme name, hardcoded UI strings). Sentinel-protects AGPL
§7(b) attribution phrases, SDK custom-element identifiers, the
@docuseal/* npm packages, and the docusealco/{fields-detection,
pdfium-binaries,turbo} binary URLs. Deny-lists NOTICE, LICENSE_*,
README, the AGPL attribution partials, calculator.js's DocuSeal LLC
copyright, lib/wabosign.rb's UPSTREAM constants, and the
docuseal_aatl migration that searches by the legacy name.
- bin/rebrand-check — fails CI when an unintended DocuSeal reference
survives in the tree. Wired in as the new `Rebrand check` job in
.github/workflows/ci.yml.
- REBRANDING.md gains a "Sync workflow" section documenting the
per-sync steps, rerere setup, and how to keep the two scripts'
allow/preserve lists in sync.
- .gitattributes marks Gemfile.lock and yarn.lock as -merge — they get
regenerated post-merge rather than diffed.
- Latent rebrand leftovers fixed: public/service-worker.js no longer
logs "DocuSeal App installed/activated"; .dockerignore and
.gitignore now ignore /wabosign (the actual runtime data dir mount)
rather than the stale /docuseal path.
Strategy detail lives at .claude/plans/come-up-with-a-foamy-flask.md.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Wabo
Alex Turchyn
Alex Turchyn