From 87d697f461f0e828b05f3adec8b190d143f84b6e Mon Sep 17 00:00:00 2001
From: Ryan Malloy <ryan@supported.systems>
Date: Mon, 27 Apr 2026 13:00:35 -0600
Subject: [PATCH] Pre-publish PII scrub per python.md rule
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Six surgical scrubs to clear cluster-fingerprint references before the
PyPI release. Per `~/.claude/rules/python.md`'s pre-publish PII audit
section: specific build strings (`15.0.1.12900-234`-style maintenance
release IDs) and cluster role descriptors ("production") narrow the
fingerprint of which deployment the developer tested against. Replaced
with the more accurate Cisco user-facing version ("CUCM 15.0(1)" or
"CUCM 15") and operational descriptor ("live cluster" — same trust
signal without the prod disclosure).

Files:
  README.md
    "Tested against CUCM 15.0.1.12900" → "Tested against CUCM 15.0(1)"
    placeholder host hardened to "cucm-pub.example.com" (RFC-reserved
    `.example` TLD per the rule's documented convention)

  CHANGELOG.md
    "production CUCM 15.0.1.12900 cluster" → "live CUCM 15 cluster"

  src/mcaxl/risport.py
    Comment: "verified against CUCM 15.0.1.12900 documentation" →
            "verified against CUCM 15 RisPort70 docs"

  src/mcaxl/route_plan.py
    Comment: "the typepatternusage table in CUCM 15.0.1.12900" →
            "the typepatternusage table in CUCM 15"

  .env.example
    Normalized to RFC-reserved values:
      cucm-pub        → cucm-pub.example.com
      AxlUser         → axl-readonly  (descriptive function, not
                                       a real-account-shape name)
      TopSecret...    → replace-with-your-password (clearly a placeholder)

Audit verification:
  grep -rnE '15\.0\.1\.12900|bingham|SupportedSystems|CCX-AXL|CER-AXL|
             CUC-AXL|TabSync|variphy|production|10\.[0-9]+\.[0-9]+\.[0-9]+|
             172\.(1[6-9]|2[0-9]|3[01])\.[0-9]+\.[0-9]+|192\.168\.[0-9]+\.[0-9]+'
       src/ pyproject.toml README.md CHANGELOG.md .env.example
  → returns empty (verified)

Sdist verification:
  tar -tzf dist/mcaxl-2026.4.27.tar.gz | grep -iE 'CLAUDE|axlsqltoolkit|
                                                     bingham|tests/'
  → returns empty (verified)

  Tests directory IS excluded from sdist via
  `[tool.hatch.build.targets.sdist] exclude = ["tests/"]` — important
  because test fixtures contain real cluster hostnames in mock SOAP
  responses (test_risport.py SAMPLE_RESPONSE). Tests stay in the source
  repo for development; they don't ship to PyPI.

Tests still pass: 155/155.

Ready for `uv publish --token …`.
---
 .env.example            | 6 +++---
 CHANGELOG.md            | 2 +-
 README.md               | 4 ++--
 src/mcaxl/risport.py    | 2 +-
 src/mcaxl/route_plan.py | 2 +-
 5 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/.env.example b/.env.example
index b17be10..bc804cb 100644
--- a/.env.example
+++ b/.env.example
@@ -1,3 +1,3 @@
-AXL_URL=https://cucm-pub:8443/axl
-AXL_USER=AxlUser
-AXL_PASS=TopSecretPasswordNoSpecialCharacters
+AXL_URL=https://cucm-pub.example.com:8443/axl/
+AXL_USER=axl-readonly
+AXL_PASS=replace-with-your-password
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 943787d..cab9e78 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -41,7 +41,7 @@ Schema-grounded conversation seeds: `route_plan_overview`,
   2 Minor) addressed during pre-release hardening, each with a
   regression test.
 - **Live-cluster verified**: every tool path verified against a
-  production CUCM 15.0.1.12900 cluster before release.
+  live CUCM 15 cluster before release.
 - **155 unit tests**, schema drift guard for all 71 known
   `fkcallingsearchspace_*` columns (via
   `test_complete_schema_coverage_against_known_columns`).
diff --git a/README.md b/README.md
index 8cbba9c..faf1f83 100644
--- a/README.md
+++ b/README.md
@@ -4,7 +4,7 @@ Read-only MCP server for **Cisco Unified Communications Manager (CUCM)** —
 exposes the AXL SOAP API and RisPort70 real-time registration state to
 LLMs for dial-plan analysis, configuration auditing, and impact analysis.
 
-> Tested against CUCM 15.0.1.12900. Should work on any CUCM 12.5+.
+> Tested against CUCM 15.0(1). Should work on any CUCM 12.5+.
 
 ## Why this exists
 
@@ -55,7 +55,7 @@ claude mcp add cucm-axl -- uvx mcaxl
 Set these env vars (most operators use a `.env` file in the working directory):
 
 ```env
-AXL_URL=https://your-cucm-pub:8443/axl/
+AXL_URL=https://cucm-pub.example.com:8443/axl/
 AXL_USER=your-axl-service-account
 AXL_PASS=your-password
 
diff --git a/src/mcaxl/risport.py b/src/mcaxl/risport.py
index 9d7e3a1..1302bbd 100644
--- a/src/mcaxl/risport.py
+++ b/src/mcaxl/risport.py
@@ -20,7 +20,7 @@ codebase.
 
 SOAP envelope structure cribbed from cisco-cucm-mcp's TypeScript
 implementation (MIT licensed) — namespaces and field names verified
-against CUCM 15.0.1.12900 documentation.
+against CUCM 15 RisPort70 docs.
 """
 
 from __future__ import annotations
diff --git a/src/mcaxl/route_plan.py b/src/mcaxl/route_plan.py
index 9db1e03..0686f8a 100644
--- a/src/mcaxl/route_plan.py
+++ b/src/mcaxl/route_plan.py
@@ -30,7 +30,7 @@ if TYPE_CHECKING:
 
 
 # Pattern type codes (numplan.tkpatternusage), verified against the
-# typepatternusage table in CUCM 15.0.1.12900. To inspect on a different
+# typepatternusage table in CUCM 15. To inspect on a different
 # cluster: SELECT enum, name FROM typepatternusage ORDER BY enum.
 PATTERN_KINDS: dict[str, int] = {
     "call_park": 0,