From f06856f691df31146bc70c22de7a4b01cc83a5de Mon Sep 17 00:00:00 2001
From: aitbc <aitbc@keisanki.net>
Date: Tue, 31 Mar 2026 16:07:19 +0200
Subject: [PATCH] security: move GitHub token to secure location

- Moved GitHub token from workflow file to /root/github_token
- Updated workflow to read token from secure file
- Set proper permissions (600) on token file
- Removed hardcoded token from documentation
---
 .windsurf/workflows/github.md | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/.windsurf/workflows/github.md b/.windsurf/workflows/github.md
index c3dc782b..cce234d0 100755
--- a/.windsurf/workflows/github.md
+++ b/.windsurf/workflows/github.md
@@ -256,8 +256,9 @@ git branch -d feature/new-feature
 # Add GitHub remote
 git remote add github https://github.com/oib/AITBC.git
 
-# Set up GitHub with token
-git remote set-url github https://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@github.com/oib/AITBC.git
+# Set up GitHub with token from secure file
+GITHUB_TOKEN=$(cat /root/github_token)
+git remote set-url github https://${GITHUB_TOKEN}@github.com/oib/AITBC.git
 
 # Push to GitHub specifically
 git push github main
@@ -320,7 +321,8 @@ git remote get-url origin
 git config --get remote.origin.url
 
 # Fix authentication issues
-git remote set-url origin https://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@github.com/oib/AITBC.git
+GITHUB_TOKEN=$(cat /root/github_token)
+git remote set-url origin https://${GITHUB_TOKEN}@github.com/oib/AITBC.git
 
 # Force push if needed
 git push --force-with-lease origin main