2c2c2df585
Some checks failed
API Endpoint Tests / test-api-endpoints (push) Successful in 11s
Blockchain Synchronization Verification / sync-verification (push) Failing after 1s
Documentation Validation / validate-docs (push) Successful in 11s
Documentation Validation / validate-policies-strict (push) Successful in 4s
Integration Tests / test-service-integration (push) Successful in 39s
Multi-Node Blockchain Health Monitoring / health-check (push) Successful in 2s
P2P Network Verification / p2p-verification (push) Successful in 3s
Production Tests / Production Integration Tests (push) Failing after 6s
Python Tests / test-python (push) Successful in 10s
Security Scanning / security-scan (push) Failing after 10s
Phase 1: Dependency Vulnerabilities - Resolved 72/72 GitHub Dependabot vulnerabilities (100%) - Updated cryptography, ecdsa, black, orjson, python-multipart Phase 2: CodeQL Static Analysis (25+ categories) - Fixed 100+ information exposure instances (str(e) → generic messages) - Fixed 9 clear-text logging/storage instances - Fixed 9 log injection instances (user data removed from logs) - Fixed 2 hardcoded credential instances - Fixed 15 print statements (replaced with logger) - Added SSRF and path validation (18 alerts with robust validation) - 20+ additional categories scanned (0 issues found) Phase 3: CodeQL Infrastructure - Created GitHub Actions CodeQL workflow - Created CodeQL suppression file for false positives - Moved CodeQL database to /var/lib/aitbc/codeql-db Phase 4: Security Documentation - Updated SECURITY_FIXES_SUMMARY.md with comprehensive details - Documented security best practices for developers Files modified: 48 files across coordinator-api, agent-services, blockchain-node, exchange, wallet, scripts, and infrastructure
363 lines
6.1 KiB
Plaintext
363 lines
6.1 KiB
Plaintext
# AITBC Monorepo ignore rules
|
|
# Updated: 2026-04-02 - Project reorganization and security fixes
|
|
# Development files organized into subdirectories
|
|
|
|
# ===================
|
|
# Python
|
|
# ===================
|
|
__pycache__/
|
|
*/__pycache__/
|
|
**/__pycache__/
|
|
*.pyc
|
|
*.pyo
|
|
*.pyd
|
|
*.so
|
|
.venv/
|
|
*/.venv/
|
|
venv/
|
|
env/
|
|
*.egg-info/
|
|
*.egg
|
|
.eggs/
|
|
pip-wheel-metadata/
|
|
.pytest_cache/
|
|
.coverage
|
|
htmlcov/
|
|
.tox/
|
|
.mypy_cache/
|
|
.ruff_cache/
|
|
|
|
# ===================
|
|
# Environment Files (SECRETS - NEVER COMMIT)
|
|
# ===================
|
|
*.env
|
|
.env.*
|
|
!.env.example
|
|
.env.local
|
|
.env.*.local
|
|
|
|
# ===================
|
|
# Database & Data
|
|
# ===================
|
|
*.db
|
|
*.sqlite
|
|
*.sqlite3
|
|
*.db-wal
|
|
*.db-shm
|
|
data/
|
|
apps/blockchain-node/data/
|
|
cli/config/
|
|
dev/cache/logs/
|
|
dev/config/
|
|
dev/test-nodes/*/data/
|
|
# Keep coordinator-api data directory (contains application code)
|
|
!apps/coordinator-api/src/app/data/
|
|
|
|
# ===================
|
|
# Runtime Directories (System Standard)
|
|
# ===================
|
|
/var/lib/aitbc/
|
|
/etc/aitbc/
|
|
/var/log/aitbc/
|
|
|
|
# ===================
|
|
# Logs & Runtime
|
|
# ===================
|
|
*.log
|
|
logs/
|
|
*.pid
|
|
*.seed
|
|
|
|
# ===================
|
|
# Secrets & Credentials
|
|
# ===================
|
|
*.pem
|
|
*.key
|
|
*.crt
|
|
*.p12
|
|
secrets/
|
|
credentials/
|
|
.secrets
|
|
.gitea_token.sh
|
|
keystore/
|
|
|
|
# ===================
|
|
# IDE & Editor
|
|
# ===================
|
|
.vscode/
|
|
.idea/
|
|
*.swp
|
|
*.swo
|
|
*~
|
|
|
|
# ===================
|
|
# OS Files
|
|
# ===================
|
|
.DS_Store
|
|
.DS_Store?
|
|
._*
|
|
Thumbs.db
|
|
ehthumbs.db
|
|
Desktop.ini
|
|
|
|
# ===================
|
|
# Build & Compiled
|
|
# ===================
|
|
build/
|
|
dist/
|
|
target/
|
|
*.o
|
|
*.a
|
|
*.lib
|
|
*.dll
|
|
*.dylib
|
|
|
|
# ===================
|
|
# Node.js & npm
|
|
# ===================
|
|
node_modules/
|
|
npm-debug.log*
|
|
yarn-debug.log*
|
|
yarn-error.log*
|
|
|
|
# ===================
|
|
# Project Configuration (moved to project-config/)
|
|
# ===================
|
|
project-config/.deployment_progress
|
|
project-config/.last_backup
|
|
project-config/=*
|
|
# requirements.txt, pyproject.toml, and poetry.lock are now at root level
|
|
|
|
# ===================
|
|
# Documentation (moved to docs/)
|
|
# ===================
|
|
docs/AITBC1_*.md
|
|
docs/PYTHON_VERSION_STATUS.md
|
|
docs/SETUP.md
|
|
docs/README_DOCUMENTATION.md
|
|
|
|
# ===================
|
|
# Security Reports (moved to security/)
|
|
# ===================
|
|
security/SECURITY_*.md
|
|
|
|
# ===================
|
|
# Backup Configuration (moved to backup-config/)
|
|
# ===================
|
|
backup-config/*.backup
|
|
|
|
# ===================
|
|
# Secrets & Credentials (CRITICAL SECURITY)
|
|
# ===================
|
|
# Password files (NEVER commit these)
|
|
*.password
|
|
*.pass
|
|
.password.*
|
|
keystore/.password
|
|
keystore/.password.*
|
|
|
|
# Private keys and sensitive files
|
|
*_private_key.txt
|
|
*_private_key.json
|
|
private_key.*
|
|
*.private
|
|
|
|
# ===================
|
|
# Backup Files (organized)
|
|
# ===================
|
|
backups/
|
|
backups/*
|
|
backups/**/*
|
|
backup/**/*.tmp
|
|
backup/**/*.temp
|
|
backup/**/.DS_Store
|
|
backup/updates/*.log
|
|
|
|
# Large backup files (exceed GitHub size limits)
|
|
backup/updates/*.tar.gz
|
|
backup/updates/*.zip
|
|
backup/updates/*.tar.bz2
|
|
|
|
# Application backup archives
|
|
backup/explorer_backup_*.tar.gz
|
|
backup/*_backup_*.tar.gz
|
|
backup/*_backup_*.zip
|
|
|
|
# Backup documentation and indexes
|
|
backup/BACKUP_INDEX.md
|
|
backup/*.md
|
|
backup/README.md
|
|
|
|
# ===================
|
|
# Temporary Files
|
|
# ===================
|
|
tmp/
|
|
temp/
|
|
*.tmp
|
|
*.temp
|
|
*.bak
|
|
*.backup
|
|
|
|
# ===================
|
|
# Windsurf IDE
|
|
# ===================
|
|
.snapshots/
|
|
|
|
# ===================
|
|
# Wallet Files (contain private keys)
|
|
# ===================
|
|
wallet*.json
|
|
|
|
# ===================
|
|
# Project Specific
|
|
# ===================
|
|
# Coordinator database
|
|
apps/coordinator-api/src/*.db
|
|
|
|
# Blockchain node data
|
|
apps/blockchain-node/data/
|
|
|
|
# Explorer build artifacts
|
|
apps/explorer-web/dist/
|
|
|
|
# Solidity build artifacts
|
|
packages/solidity/aitbc-token/typechain-types/
|
|
packages/solidity/aitbc-token/artifacts/
|
|
packages/solidity/aitbc-token/cache/
|
|
packages/solidity/aitbc-token/node_modules/
|
|
contracts/artifacts/
|
|
*.dbg.json
|
|
cli/build/
|
|
dev/test-nodes/*.log
|
|
|
|
# Local test fixtures and E2E testing
|
|
tests/e2e/fixtures/home/**/.aitbc/cache/
|
|
tests/e2e/fixtures/home/**/.aitbc/logs/
|
|
tests/e2e/fixtures/home/**/.aitbc/tmp/
|
|
tests/e2e/fixtures/home/**/.aitbc/*.log
|
|
tests/e2e/fixtures/home/**/.aitbc/*.pid
|
|
tests/e2e/fixtures/home/**/.aitbc/*.sock
|
|
|
|
# Keep fixture structure but exclude generated content
|
|
!tests/e2e/fixtures/home/
|
|
!tests/e2e/fixtures/home/**/
|
|
!tests/e2e/fixtures/home/**/.aitbc/
|
|
!tests/e2e/fixtures/home/**/.aitbc/wallets/
|
|
!tests/e2e/fixtures/home/**/.aitbc/config/
|
|
|
|
# Local test data
|
|
tests/fixtures/generated/
|
|
tests/__pycache__/
|
|
|
|
# GPU miner local configs
|
|
scripts/gpu/*.local.py
|
|
|
|
# Deployment secrets (CRITICAL SECURITY)
|
|
scripts/deploy/*.secret.*
|
|
infra/nginx/*.local.conf
|
|
|
|
# ===================
|
|
# Documentation
|
|
# ===================
|
|
# Infrastructure docs (contains sensitive network info)
|
|
docs/infrastructure.md
|
|
# Workflow files (personal, change frequently)
|
|
docs/1_project/3_currenttask.md
|
|
docs/1_project/4_currentissue.md
|
|
|
|
# ===================
|
|
# Website (local deployment details)
|
|
# ===================
|
|
website/README.md.example
|
|
website/aitbc-proxy.conf.example
|
|
|
|
# ===================
|
|
# Local Config & Secrets
|
|
# ===================
|
|
.aitbc.yaml
|
|
apps/coordinator-api/.env
|
|
|
|
# ===================
|
|
# Deploy Scripts (hardcoded local paths & IPs)
|
|
# ===================
|
|
scripts/deploy/*
|
|
!scripts/deploy/*.example
|
|
scripts/gpu/*
|
|
!scripts/gpu/*.example
|
|
scripts/service/*
|
|
|
|
# ===================
|
|
# Infra Configs (production IPs & secrets)
|
|
# ===================
|
|
infra/nginx/nginx-aitbc*.conf
|
|
infra/helm/values/prod/
|
|
infra/helm/values/prod.yaml
|
|
|
|
# ===================
|
|
# Coverage reports
|
|
# ===================
|
|
htmlcov/
|
|
.coverage
|
|
.coverage.*
|
|
coverage.xml
|
|
*.cover
|
|
.hypothesis/
|
|
|
|
# Jupyter Notebook
|
|
.ipynb_checkpoints
|
|
|
|
# pyenv
|
|
.python-version
|
|
|
|
# ===================
|
|
# AITBC specific (CRITICAL SECURITY)
|
|
# ===================
|
|
certificates/
|
|
guardian_contracts/
|
|
*.guardian.db
|
|
.wallets/
|
|
.wallets/*
|
|
.agent_data/
|
|
.agent_data/*
|
|
results/
|
|
tools/
|
|
production/data/
|
|
production/logs/
|
|
config/
|
|
api_keys.txt
|
|
*.yaml
|
|
!*.example
|
|
dev/cache/logs/
|
|
dev/test-nodes/*/data/
|
|
backups/*/config/
|
|
backups/*/logs/
|
|
|
|
# ===================
|
|
# Monitoring & Systemd
|
|
# ===================
|
|
monitoring/*.pid
|
|
systemd/*.backup
|
|
data/
|
|
config/
|
|
logs/
|
|
production/data/
|
|
production/logs/
|
|
*.log
|
|
*.log.*
|
|
*.db
|
|
*.db-wal
|
|
*.db-shm
|
|
!*.example
|
|
data/
|
|
config/
|
|
logs/
|
|
production/data/
|
|
production/logs/
|
|
*.log
|
|
*.log.*
|
|
*.db
|
|
*.db-wal
|
|
*.db-shm
|
|
!*.example
|
|
codeql-db/
|