Monday 8th September 2025 - GitProxy Meeting Minutes

[kriswest]

Date

20250908 - time

Meeting info

• Meeting link

• Register for future meetings

Untracked attendees

• Full Name, Affiliation, (optional) GitHub username
• ...

Meeting notices

• FINOS Project leads are responsible for observing the FINOS guidelines for running project meetings. Project maintainers can find additional resources in the FINOS Maintainers Cheatsheet.

• All participants in FINOS project meetings are subject to the LF Antitrust Policy, the FINOS Community Code of Conduct and all other FINOS policies.

• FINOS meetings involve participation by industry competitors, and it is the intention of FINOS and the Linux Foundation to conduct all of its activities in accordance with applicable antitrust and competition laws. It is therefore extremely important that attendees adhere to meeting agendas, and be aware of, and not participate in, any activities that are prohibited under applicable US state, federal or foreign antitrust and competition laws. Please contact legal@finos.org with any questions.

• FINOS project meetings may be recorded for use solely by the FINOS team for administration purposes. In very limited instances, and with explicit approval, recordings may be made more widely available.

Agenda

• Convene & roll call (5mins)
• Display FINOS Antitrust Policy summary slide and review Meeting Notices (see above)
• Approve past meeting minutes
  • Monday 1st Sept 2025 - GitProxy Meeting Minutes #1171
  • Revisit actions items relating to marketing the project
• Zohar and Andy?
• v2 roadmap
  • Review new issues and PRs raised recently
  • Determine scope for v2 release - and hence where maintainers should focus efforts to review PRs
    • Citi hackathon submissions - close or (work towards) accept?
    • Discuss other PRs in-flight
    • Is there anything we should be trying to include, but are not yet working on?
    • TS refactor PRs & when/if we should convert to type: module (full ESM conversion)
• AOB, Q&A & Adjourn (5mins)

Minutes

Approve Past Meeting Minutes

• The minutes from the Monday 1st Sept 2025 GitProxy Meeting (Monday 1st Sept 2025 - GitProxy Meeting Minutes #1171) were considered, with no objections or further comments raised. Approved.

Revisit Action Items Relating to Marketing the Project

• @kriswest noted follow-up actions from previous discussions, including:
  • The need to record a new virtual Git Proxy demo, as the current one is broken (issue raised).
  • Plans to publicise upcoming releases, particularly focusing on the V2 milestone.
  • Reminder for @mcleo-d to check with the FINOS board whether any firms are using Git Proxy without contributing, and to ask if there are other queries for the board.
  • @06kellyjac to follow up regarding Control-Plane.io attendance at the New York event (confirmation pending).
  • Previous streaming issue raised by @andypols was identified as a bad merge, not a systemic problem.

Qube’s Goals for Git Proxy (Zohar & @andypols)

• Zohar Melamed shared comprehensive goals for Qube's Git Proxy use:
  • Streamline open source contribution processes with accessible, concise policies (“airline safety card” format).
  • Use Git Proxy as a platform for all endorsed open source contributions, applying necessary compliance and security controls.
  • Broaden Git Proxy’s scope to support a spectrum of participation (from reporting bugs via issues to committing code).
  • Reduce friction for contributors at every level, making contribution easy and rapid.
  • Integrate review/approval and audit processes while ensuring security and IP protection.
  • Extend Git Proxy capabilities to handle issues, pull requests, comments (beyond current git push support), leveraging GitHub/GitLab APIs as needed.
  • Provide audit logs for internal security teams.
  • Potentially share Qube's concise open source policies publicly (TBC).
• @tabathad echoed similar needs at G-Research, especially the value in centralising contributor access/approval and flexible per-project rules.
• Additional discussion:
  • Support for contributors using personal identities, not requiring corporate ones, as long as contributions go through the managed process.
  • Interest in generating top-level metrics/telemetry on contributions via Git Proxy for marketing and reporting.

v2 Roadmap

Review New Issues and PRs Raised Recently

• Multiple PRs and issues discussed, focusing on:
  • TypeScript refactor PRs from @jescalada, including API/service refactor, CLI changes, and consolidation of duplicated types between UI and backend.
    • @jescalada and @06kellyjac discussed the technicalities of ESM conversion and module compatibility.
    • @fabiovincenzi’s PRs related to module exporting and CI adjustments were reviewed.
    • @06kellyjac to review and merge pending PRs, with sequencing agreed.
  • Open PRs from @andypols (test changes, fuzzing test restoration) discussed and actions assigned.
  • Z data decode issue highlighted by @kriswest resolved, further verification requested from the team.
  • Performance optimisations for push/check operations and discussions on project caching vs. directory deletion.
  • ESLint v9 update (handled by @06kellyjac) and related configuration changes reviewed.
  • Discussion of a Renovate PR blocked by a new license (Blue Oak-1.0), @kriswest to consult his firm's legal.

Determine Scope for v2 Release & Maintainer Focus

• Agreement that pending TypeScript and module refactor PRs should be merged before V2.
• Consolidation of types and technical debt cleanup to be tracked as new issues.
• Performance issues and process duplication (chains being run twice) to be investigated.
• Confirmation that Z data decoding fix is essential for V2.

Citi Hackathon Submissions

• Hackathon PRs noted as outdated and not plugin-based; may require harvesting/reworking rather than direct merge.
• Decision to review, possibly merge to a branch, and extract useful code/features as appropriate.

Other PRs In-Flight

• No additional PRs requiring urgent discussion.

Outstanding/Undiscussed Items

• No additional V2 "must-haves" identified during the meeting. @kriswest encouraged further input via GitHub or Slack if other critical needs are identified before release.

TS Refactor PRs & Type:Module/ESM Conversion

• ESM conversion and its implications discussed in detail. Pending technical investigation by @06kellyjac with follow-up action agreed.

AOB, Q&A & Adjourn

• Attendance for the OSFF New York event:
  • @06kellyjac confirmed attendance by Control-Plane.io team members.
  • @tabathad likely to attend; confirmation pending next week.
  • Plan to inform FINOS of all knowledgeable Git Proxy representatives at the event.
• General agreement to continue progressing V2 items and keep communication open on open PRs, issues, and agenda additions.

---

Action Items

• @kriswest to follow up on recording a new virtual demo for the website.
• @mcleo-d to check with FINOS board re: usage/contribution status and relay any additional questions from the group.
• @06kellyjac to confirm Control-Plane.io attendance at OSFF New York and discuss Git Proxy with attendees.
• @tabathad to confirm G-Research attendance at OSFF New York.
• @06kellyjac to review and progress pending TypeScript/module/ESM PRs, including those from @jescalada and @fabiovincenzi.
• @jescalada to raise an issue for consolidation/normalisation of shared types between UI/backend.
• @jescalada and @fabiovincenzi to investigate duplication of process steps in push approval flow (chains running twice).
• @06kellyjac to investigate/advise on ESM conversion options and update CLI PR accordingly.
• @kriswest to check with legal on inclusion of the Blue Oak-1.0 license for Jest dependencies.
• @jescalada to restore/fix fuzzing test as discussed.
• All: Review/triage Citi Hackathon PRs for potential extraction and rework as needed.
• All: Raise any additional "must-have" V2 features as GitHub issues or via Slack.
• Zohar Melamed to raise issues for proposed Git Proxy enhancements/goals (if/when possible).
• @kriswest to create agenda for next meeting and solicit topics.
• @jescalada to improve profiling in feat: push speed optimizations #1189 and narrow down the action with the slowest execution

[jescalada]

Juan Escalada / G-Research

[kriswest]

Kris West / NatWest 🚀

[dcoric]

Denis Coric / G-Research

[andypols]

Andy Pols / Qube Research & Technology

[fabiovincenzi]

Fabio Vincenzi / G-Research

[tabathad]

Tabatha DiDomenico / G-Research

[sam-holmes2]

Sam Holmes / ControlPlane

[06kellyjac]

Jack Kelly / ControlPlane (Consulting @ Citi)

[kriswest]

minutes and actions posted