ci: drop node.dev sanitization step (after genlayer-node NOD-973)

[dohernandez]

⚠️ DO NOT MERGE before genlayer-node NOD-973 lands on v0.6

Merging this early would leak the un-sanitized node.dev section into the published docs config. Until NOD-973 merges, upstream config.yaml.example still ships node.dev, so our del(.node.dev) is still doing real sanitization. This PR is only safe to merge once node.dev is gone from the synced source.

What

genlayer-node NOD-973 removes the node.dev section entirely from config.yaml.example. Its only field was disableSubscription (a test-only toggle for zksync-anvil). Once removed upstream, our del(.node.dev) in the config sanitizer deletes a non-existent path — dead config.

Changes

• .github/scripts/sanitize-config.sh — drop the del(.node.dev) step and the now-trailing yq pipe (|) it dangled off. RPC-URL + provider placeholder substitutions are unrelated and unchanged.
• .github/workflows/README.md — remove the two stale references to "removes dev section" / "Dev Section Removal".

Coordination

Confirmed sequencing with the genlayer-node session working NOD-973 (handoff, 2026-06-29). They'll signal when it lands on v0.6; this PR should merge after that.

🤖 Generated with Claude Code

Summary by CodeRabbit

• Bug Fixes

  • Sanitized config output now preserves development-related settings instead of removing them.
  • Sensitive RPC and provider values are still replaced with placeholder text during sanitization.

• Documentation

  • Updated workflow documentation to match the new sanitization behavior and placeholder replacements.

[netlify]

✅ Deploy Preview for genlayer-docs ready!

Name	Link
🔨 Latest commit	48b274c
🔍 Latest deploy log	https://app.netlify.com/projects/genlayer-docs/deploys/6a42a993a9c3cf000865e62e
😎 Deploy Preview	https://deploy-preview-430--genlayer-docs.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[coderabbitai]

Warning

Review limit reached

@dohernandez, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 44 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: d3d86cc8-3eba-4119-a585-fc2a21d8bf33

📥 Commits

Reviewing files that changed from the base of the PR and between fccf71b and 48b274c.

📒 Files selected for processing (1)

• .github/workflows/README.md

📝 Walkthrough

Walkthrough

The sanitize-config.sh script's yq command no longer deletes the .node.dev section from the config; it now only replaces RPC/WebSocket URLs and .rollup.provider with TODO placeholders. The workflow README is updated to match this narrowed behavior.

Config Sanitization Behavior Change

Layer / File(s)	Summary
Remove node.dev deletion from script and docs .github/scripts/sanitize-config.sh, .github/workflows/README.md	The yq sanitization expression drops the .node.dev deletion step, retaining only URL and provider replacement. The README bullet list is updated to no longer document .node.dev removal.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

• genlayerlabs/genlayer-docs#251: Originally introduced the .node.dev removal in config sanitization that this PR reverses.
• genlayerlabs/genlayer-docs#256: Introduced a Python sanitization script that also deletes .node.dev, directly related to the same sanitization scope.
• genlayerlabs/genlayer-docs#270: Adjusts sanitization and tests around .node.dev removal, the same section this PR stops deleting.

Poem

🐇 Hop, hop, no more delete!
The .node.dev stays complete,
URLs get TODO'd instead,
The README says what's left unsaid.
Less is more, the rabbit cheered! 🎉

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title is concise, uses Conventional Commits, and accurately summarizes the node.dev sanitization change.
Description check	✅ Passed	The description includes the change summary, rationale, sequencing note, and impact details required by the template.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/drop-node-dev-sanitizer

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/scripts/sanitize-config.sh:
- Around line 23-27: The sanitize-config script currently assumes `.node.dev`
has already been removed, but `sanitize-config.sh` can still run while that
field exists and then propagate an invalid config. Update the script to
explicitly check the input config for `.node.dev` before the `yq` replacements
run and abort with a clear failure if it is still present. Use the existing
`yq`-based flow in `sanitize-config.sh` and keep the guard close to the current
placeholder replacement logic so the sequencing requirement is enforced in code
rather than by merge order.

In @.github/workflows/README.md:
- Around line 184-189: The README summary for the sanitization scripts is
outdated because sanitize-config.sh now also rewrites .rollup.provider, not just
URLs. Update the “Scripts Used” one-line description to mention provider
sanitization as well, and make sure the wording stays consistent with the Config
Sanitization section so the summary matches the actual behavior of
.github/scripts/sanitize-config.sh.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 7252106f-4aba-4fa3-b927-b737f812e488

📥 Commits

Reviewing files that changed from the base of the PR and between 19558ee and fccf71b.

📒 Files selected for processing (2)

• .github/scripts/sanitize-config.sh
• .github/workflows/README.md

[coderabbitai]

🗄️ Data Integrity & Integration | 🟠 Major | ⚡ Quick win

Fail fast if upstream still ships node.dev.

.github/actions/sync-files/action.yml:40-60 always syncs this script’s output downstream, so once del(.node.dev) is removed, merging this early will silently publish a config that still contains node.dev. Please enforce the sequencing requirement in code by aborting when .node.dev is still present instead of relying on merge timing alone.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/scripts/sanitize-config.sh around lines 23 - 27, The sanitize-config
script currently assumes `.node.dev` has already been removed, but
`sanitize-config.sh` can still run while that field exists and then propagate an
invalid config. Update the script to explicitly check the input config for
`.node.dev` before the `yq` replacements run and abort with a clear failure if
it is still present. Use the existing `yq`-based flow in `sanitize-config.sh`
and keep the guard close to the current placeholder replacement logic so the
sequencing requirement is enforced in code rather than by merge order.

[dohernandez]

This is fine, it is set in the PR description

[coderabbitai]

@dohernandez Understood, thanks for clarifying. Since the sequencing requirement is already captured in the PR description, I won’t push further on adding the in-script guard in this PR.