chore: remove cleanup and security guide documentation files

2026-02-11 21:50:38 +01:00
parent 63d64262ac
commit 4eadaf954a
2 changed files with 0 additions and 74 deletions
--- a/docs/SECURITY_CLEANUP_GUIDE.md
+++ b/docs/SECURITY_CLEANUP_GUIDE.md
@@ -0,0 +1,158 @@
+# AITBC Security Cleanup & GitHub Setup Guide
+
+## 🔐 SECURITY FINDINGS
+
+### Files Currently Tracked That Should Be Removed
+
+**High Priority - Remove Immediately:**
+1. `.windsurf/` - Entire IDE configuration directory
+   - Contains local IDE settings, skills, and workflows
+   - Should never be in a public repository
+
+2. **Infrastructure secrets files:**
+   - `infra/k8s/sealed-secrets.yaml` - Contains sealed secrets configuration
+   - `infra/terraform/environments/secrets.tf` - References AWS Secrets Manager
+
+### Files With Hardcoded Credentials (Documentation/Examples)
+
+**Low Priority - These are examples but should be cleaned:**
+- `website/docs/coordinator-api.html` - Contains `SECRET_KEY=your-secret-key`
+- `website/docs/wallet-daemon.html` - Contains `password="password"`
+- `website/docs/pool-hub.html` - Contains `POSTGRES_PASSWORD=pass`
+
+## 🚨 IMMEDIATE ACTIONS REQUIRED
+
+### 1. Remove Sensitive Files from Git History
+```bash
+# Remove .windsurf directory completely
+git filter-branch --force --index-filter 'git rm -rf --cached --ignore-unmatch .windsurf/' --prune-empty --tag-name-filter cat -- --all
+
+# Remove infrastructure secrets files
+git filter-branch --force --index-filter 'git rm -rf --cached --ignore-unmatch infra/k8s/sealed-secrets.yaml infra/terraform/environments/secrets.tf' --prune-empty --tag-name-filter cat -- --all
+
+# Clean up
+git for-each-ref --format='delete %(refname)' refs/original | git update-ref --stdin
+git reflog expire --expire=now --all && git gc --prune=now --aggressive
+```
+
+### 2. Update .gitignore
+Add these lines to `.gitignore`:
+```
+# IDE configurations
+.windsurf/
+.snapshots/
+.vscode/
+.idea/
+
+# Additional security
+*.env
+*.env.*
+*.key
+*.pem
+*.crt
+*.p12
+secrets/
+credentials/
+infra/k8s/sealed-secrets.yaml
+infra/terraform/environments/secrets.tf
+```
+
+### 3. Replace Hardcoded Examples
+Replace documentation examples with placeholder variables:
+- `SECRET_KEY=your-secret-key` → `SECRET_KEY=${SECRET_KEY}`
+- `password="password"` → `password="${DB_PASSWORD}"`
+- `POSTGRES_PASSWORD=pass` → `POSTGRES_PASSWORD=${POSTGRES_PASSWORD}`
+
+## 🐙 GITHUB REPOSITORY SETUP
+
+### Repository Description
+```
+AITBC - AI Trusted Blockchain Computing Platform
+A comprehensive blockchain-based marketplace for AI computing services with zero-knowledge proof verification and confidential transaction support.
+```
+
+### Recommended Topics
+```
+blockchain ai-computing marketplace zero-knowledge-proofs confidential-transactions web3 python fastapi react typescript kubernetes terraform helm decentralized gpu-computing zk-proofs cryptography smart-contracts
+```
+
+### Repository Settings to Configure
+
+**Security Settings:**
+- ✅ Enable "Security advisories"
+- ✅ Enable "Dependabot alerts"
+- ✅ Enable "Dependabot security updates"
+- ✅ Enable "Code security" (GitHub Advanced Security if available)
+- ✅ Enable "Secret scanning"
+
+**Branch Protection:**
+- ✅ Require pull request reviews
+- ✅ Require status checks to pass
+- ✅ Require up-to-date branches
+- ✅ Include administrators
+- ✅ Require conversation resolution
+
+**Integration Settings:**
+- ✅ Enable "Issues"
+- ✅ Enable "Projects"
+- ✅ Enable "Wikis"
+- ✅ Enable "Discussions"
+- ✅ Enable "Packages"
+
+## 📋 FINAL CHECKLIST
+
+### Before Pushing to GitHub:
+- [ ] Remove `.windsurf/` directory from git history
+- [ ] Remove `infra/k8s/sealed-secrets.yaml` from git history
+- [ ] Remove `infra/terraform/environments/secrets.tf` from git history
+- [ ] Update `.gitignore` with all exclusions
+- [ ] Replace hardcoded credentials in documentation
+- [ ] Scan for any remaining sensitive files
+- [ ] Test that the repository still builds/works
+
+### After GitHub Setup:
+- [ ] Configure repository settings
+- [ ] Set up branch protection rules
+- [ ] Enable security features
+- [ ] Add README with proper setup instructions
+- [ ] Add SECURITY.md for vulnerability reporting
+- [ ] Add CONTRIBUTING.md for contributors
+
+## 🔍 TOOLS FOR VERIFICATION
+
+### Scan for Credentials:
+```bash
+# Install truffleHog
+pip install trufflehog
+
+# Scan repository
+trufflehog filesystem --directory /path/to/repo
+
+# Alternative: git-secrets
+git secrets --scan -r
+```
+
+### Git History Analysis:
+```bash
+# Check for large files
+git rev-list --objects --all | git cat-file --batch-check='%(objecttype) %(objectname) %(objectsize) %(rest)' | sed -n 's/^blob //p' | sort -n --key=2 | tail -20
+
+# Check for sensitive patterns
+git log -p --all | grep -E "(password|secret|key|token)" | head -20
+```
+
+## ⚠️ IMPORTANT NOTES
+
+1. **Force Push Required**: After removing files from history, you'll need to force push:
+   ```bash
+   git push origin --force --all
+   git push origin --force --tags
+   ```
+
+2. **Team Coordination**: Notify all team members before force pushing as they'll need to re-clone the repository.
+
+3. **Backup**: Create a backup of the current repository before making these changes.
+
+4. **CI/CD Updates**: Update any CI/CD pipelines that might reference the removed files.
+
+5. **Documentation**: Update deployment documentation to reflect the changes in secrets management.