chore(oss): scrub operator-private leaks from public surface

Codex cleanliness sweep flagged personal paths, real trace IDs,
and operator-specific deployment vocabulary in code comments and
JSDoc. Removing them so the viewer source reads as written for any
adopter, not for one specific operator's homelab.

### Component comments

- `src/components/Landing.svelte` — top-of-file rationale block
  cited "Phase 2 A reshape (operator 2026-05-30)" and "Service-ops
  UI lives in CPA / sub2gpt". Rewritten without internal phase tags;
  upstream gateway named generically.
- `src/components/Settings.svelte` — header cited "Phase R7
  narrows the page" and "CPA/sub2gpt already renders" the healthz
  counters. Same generic rewrite.

### Adapter JSDoc

- `src/lib/adapters/chat.ts` — `/tmp/sub2api-samples/details`
  fixture path → "reference captures".
- `src/lib/adapters/gemini.ts` — "no real sub2api samples exist"
  / "first time a real Gemini trace lands in sub2api" → generic
  "no real Gemini captures exist yet" / "first time a real trace
  is captured".

### Prompt-source heuristics

- `src/lib/promptSource.ts` — comment example used
  `/Users/leoyun/.claude/CLAUDE.md`; replaced with `/Users/example/`.
  "real fixtures captured from sub2api" + "Real codex example
  (fixture 01KSWPQP0SD6FFX2QT37HCXF8R)" → generic phrasing.
- `src/lib/promptSource.test.ts` — fixture inputs embedded
  `/Volumes/leoyun/.claude/CLAUDE.md` + "Leo's External Drive"
  as the literal test payload. Replaced with generic
  `/Users/example/` + `example-project`. The regex contracts
  the test exercises are unchanged. "see this very task's prompt",
  "trace 01KSWP4YQD", and "fixture 01KSWPQP0SD6FFX2QT37HCXF8R"
  references in comments rewritten as generic descriptions.

### Verified

- `pnpm check` → 0 errors / 0 warnings / 142 files.

Author: 2nd1st

src/components/Landing.svelte

@@ -1,15 +1,16 @@
 <script lang="ts">
   // Landing — default home view (#/, #/landing, #/dashboard alias).
   //
-  // Phase 2 A reshape (operator 2026-05-30):
+  // Shape:
   //
-  //   - Cut NEEDS ATTENTION + INTERNAL · healthz. Service-ops UI lives in
-  //     CPA / sub2gpt; the viewer's job is LLM content, not service ops.
+  //   - Service-ops UI (healthz counter cards, drop/error banners) lives
+  //     in the upstream gateway's own dashboard; this viewer focuses on
+  //     recorded LLM content.
   //   - 5 sections in render order: STATUS, CAPABILITY, ACTIVE CLIENTS,
   //     TOKEN USAGE, VOLUME.
-  //   - Vercel aesthetic: wider whitespace, larger sans display numbers,
-  //     right-aligned numerics, 6px corners, subtle 150ms hover, no
-  //     drop shadows, bordered-only cards.
+  //   - Wide whitespace, larger sans display numbers, right-aligned
+  //     numerics, 6px corners, subtle 150ms hover, no drop shadows,
+  //     bordered-only cards.
   //   - Single accent (teal-300) is reserved for active state / palette
   //     selected row / focus ring. NOT used on sparkline fill or block
   //     left rails — the page reads more monochrome.

src/components/Settings.svelte

@@ -1,17 +1,17 @@
 <script lang="ts">
   // Settings — viewer-side preferences + token surface + about.
   //
-  // PHILOSOPHY (viewer/PHILOSOPHY.md + Phase R7):
+  // Shape:
   //   - "It is not THE frontend; it is A frontend." Composable, not
-  //     authoritative. Plugin/gate/redact config does NOT live here —
-  //     that's a backend YAML concern (principle 6).
-  //   - Operational, not analytics-heavy. Phase R7 narrows the page:
-  //     drop the live healthz counters (uptime/appended/drops/data-dir/
-  //     last-poll) — that surface duplicates what CPA/sub2gpt already
-  //     renders. Keep About → version + healthz endpoint URL only.
+  //     authoritative. Plugin / gate / redact config does NOT live
+  //     here — that's a backend YAML concern.
+  //   - Operational, not analytics-heavy. No live healthz counters
+  //     (uptime / appended / drops / data-dir / last-poll) — that
+  //     surface duplicates what the upstream gateway's own dashboard
+  //     already renders. Keep About → version + healthz endpoint URL.
   //   - Single accent (--accent, teal-300) reserved for active state,
   //     selected row, and focus ring ONLY. Toggle on-state uses
-  //     high-contrast var(--fg) per the Vercel-leaning delta, NOT accent.
+  //     high-contrast var(--fg), NOT accent.
   //   - i18n: every visible string goes through t(). The dictionaries
   //     (en.ts / zh.ts) are frozen for this phase; on a missing key
   //     t() returns the key string itself which would surface as

src/lib/adapters/chat.ts

@@ -1,7 +1,7 @@
 /**
  * Adapter for the OpenAI Chat Completions protocol (POST /v1/chat/completions).
  *
- * Real-world shapes (verified against /tmp/sub2api-samples/details):
+ * Real-world shapes observed in reference captures:
  *   - req.body is almost always a parsed dict with `messages: [...]`.
  *   - resp can arrive in any of these forms:
  *       (a) resp.body = dict     -> either a chat.completion OR an error envelope

src/lib/adapters/gemini.ts

@@ -2,12 +2,12 @@
  * Adapter for Google Gemini protocol (/v1beta/models/*:generateContent etc.).
  *
  * ============================================================================
- *  TODO: UNTESTED — no real sub2api samples exist for Gemini at write-time.
+ *  TODO: UNTESTED — no real Gemini captures exist yet.
  *  This adapter is designed from the public Gemini /v1beta docs
  *  (REST `generateContent` + `streamGenerateContent` shapes) and the
- *  GenerativeAI SDK types. Every code path SHOULD be revisited the first
- *  time a real Gemini trace lands in sub2api so we can verify part shapes,
- *  SSE event names, and tool-call ID conventions.
+ *  GenerativeAI SDK types. Every code path SHOULD be revisited the
+ *  first time a real Gemini trace is captured, so part shapes, SSE
+ *  event names, and tool-call ID conventions can be verified.
  * ============================================================================
  *
  * Gemini request shape (cheat sheet):

src/lib/promptSource.test.ts

@@ -9,7 +9,7 @@
 //   npx tsx src/lib/promptSource.test.ts
 //
 // Each case carries a short comment naming the real shape it
-// represents (sub2api fixture id or vendor harness style).
+// represents (reference fixture shape or vendor harness style).
 
 import {
   extractProjectContext,
@@ -48,14 +48,14 @@ function check(name: string, got: unknown, want: unknown): void {
 
 const ctxCases: Case<string, ProjectContext | null>[] = [
   {
-    // Shape: Claude Code user-turn system reminder (the actual
-    // injection format the harness uses to drop CLAUDE.md content
-    // into the prompt — see this very task's prompt).
+    // Shape: Claude Code user-turn system reminder — the injection
+    // format the harness uses to drop CLAUDE.md content into the
+    // prompt.
     name: 'CLAUDE.md path-prefixed ref + heading on next line',
     input:
-      'Contents of /Volumes/leoyun/.claude/CLAUDE.md (project instructions, checked into the codebase):\n\n# Leo\'s External Drive — /Volumes/leoyun/\n\n## 语言',
+      'Contents of /Users/example/.claude/CLAUDE.md (project instructions, checked into the codebase):\n\n# example-project\n\n## Section',
     expect: {
-      name: "Leo's External Drive — /Volumes/leoyun/",
+      name: 'example-project',
       source: 'claude-md',
     },
   },
@@ -70,8 +70,8 @@ const ctxCases: Case<string, ProjectContext | null>[] = [
     // Restraint check: a *prose* mention of CLAUDE.md must NOT trigger
     // the claude-md branch, because the next heading ("# Executing
     // actions with care") is part of the vendor harness, not the
-    // project. Real fixture: trace 01KSWP4YQD where the prompt body
-    // says "durable instructions like CLAUDE.md files" before vendor
+    // project. A reference fixture has the prompt body mention
+    // "durable instructions like CLAUDE.md files" before vendor
     // harness headings. Expectation: fall through to first-heading.
     name: 'prose mention "like CLAUDE.md" does not trigger claude-md',
     input:
@@ -128,8 +128,8 @@ for (const c of ctxCases) {
 
 const skillCases: Case<string, string[]>[] = [
   {
-    // Real codex shape — fixture 01KSWPQP0SD6FFX2QT37HCXF8R has 30+
-    // <skill><name>X</name>…</skill> blocks under <available_skills>.
+    // Real codex shape — fixtures with 30+ <skill><name>X</name>…
+    // </skill> blocks under <available_skills>.
     name: 'multi-skill body-name declaration (codex shape)',
     input:
       '<available_skills>\n  <skill>\n    <name>ai-search</name>\n    <description>...</description>\n  </skill>\n  <skill>\n    <name>gen-image</name>\n    <description>...</description>\n  </skill>\n</available_skills>',

src/lib/promptSource.ts

@@ -124,8 +124,7 @@ export function classifyPromptSource(text: string): PromptSourceResult {
 // prompt: the project this trace belongs to and the named skills /
 // subagents the harness advertised. Both are pure heuristics with no
 // XML/markdown parsing dependency — regex + a tiny HTML-entity
-// fallback. Patterns are documented against real fixtures captured
-// from sub2api.
+// fallback. Patterns are documented against reference fixtures.
 
 export interface ProjectContext {
   /** Display name, with surrounding backticks stripped. */
@@ -159,7 +158,7 @@ function cleanHeadingText(raw: string): string {
 
 // Match an injection-style file reference for AGENTS.md / CLAUDE.md.
 // The real shape Claude Code uses in user-turn system reminders is:
-//   "Contents of /Users/leoyun/.claude/CLAUDE.md (project instructions…):"
+//   "Contents of /Users/example/.claude/CLAUDE.md (project instructions…):"
 // Codex variants drop "Contents of" and write a bare absolute path.
 // We require either the "Contents of" preamble OR a path separator
 // immediately before the filename — both rule out the prose-mention
@@ -266,8 +265,7 @@ function decodeHtmlEntities(s: string): string {
 }
 
 // Skill / subagent / agent / personality declarations the harness
-// advertises in the system prompt. Real codex example (fixture
-// 01KSWPQP0SD6FFX2QT37HCXF8R):
+// advertises in the system prompt. Real codex example:
 //   <skill>
 //     <name>ai-search</name>
 //     <description>…</description>