mancitrus/system-prompts-and-models-of-ai-tools
1
0
Fork 0
mirror of https://github.com/x1xhlol/system-prompts-and-models-of-ai-tools.git synced 2026-06-18 07:19:35 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
fee51ffb06
system-prompts-and-models-o.../salesflow-saas/docs/internal/rotation_log.md
Claude fee51ffb06
feat(dealix): execute ALL automatable blueprint tasks 
TASK-001 (prep) — Repository Extraction Script:
  scripts/extract_dealix_repo.sh — automates git filter-repo extraction
  of Dealix-only paths to new GitHub org. Preserves commit history.
  Awaits founder decision on org name.

TASK-003 — Python Dependency Modernization:
  backend/pyproject.toml — full project spec with pinned versions:
    - fastapi, pydantic, sqlalchemy, asyncpg pinned
    - OpenTelemetry packages now included
    - pytest==8.3.4, pytest-asyncio==0.24.0 (stable)
    - Dev group with ruff, mypy, testcontainers
  Ready for uv sync to generate uv.lock.

TASK-004 — Node Dependency Hygiene:
  frontend/package.json — pinned packageManager=pnpm@9.12.0
    and engines.node >=20.10.0 <21.0.0

TASK-005 — Secrets Audit Infrastructure:
  .pre-commit-config.yaml — gitleaks + detect-private-key + detect-aws
    + ruff auto-fix + truth-registry-validator local hook
  docs/internal/rotation_log.md — rotation tracking template with
    scan commands (gitleaks, trufflehog3) and forbidden practices

TASK-006 — Legal Foundation Tracker:
  docs/internal/legal_status.md — tracks:
    - Company incorporation options (MISA vs DIFC vs ADGM)
    - IP assignment requirements
    - Privacy Policy / ToS / DPA review status
    - Trademark filing (KSA, UAE, Egypt, Jordan)
    - PDPL / ZATCA / NCA / SDAIA regulatory status
    - Professional indemnity + cyber + general insurance

TASK-010 (complete) — Truth Registry Tooling:
  scripts/validate_truth_registry.py — validates TRUTH.yaml structure,
    status values, and claims_registry.yaml alignment
  .github/workflows/truth-validation.yml — CI workflow on changes to
    truth registry or claims registry

TASK-101 — Release Readiness Gate (blueprint-spec):
  scripts/release_readiness_gate.py:
    - Required artifacts check (11 files)
    - TRUTH.yaml field validation
    - Forbidden claims scan in public docs
    - Architecture brief sub-gate
  Complements release_readiness_matrix.py (runtime checks).

Blueprint saved:
  DEALIX_EXECUTION_BLUEPRINT.md — authoritative execution doc

Updated:
  release_readiness_matrix.py — now 53/53 checks (was 41/41)
  docs/execution_log.md — full task tracking

All 3 gates GREEN:
  Architecture Brief: 40/40
  Release Readiness Matrix: 53/53
  Release Readiness Gate: PASS

Remaining P0 founder decisions (cannot be automated):
  - TASK-001: GitHub org name + run extraction
  - TASK-006: Entity incorporation + counsel engagement

https://claude.ai/code/session_01W1rJthWDkasijTdXCfxVHs
2026-04-17 10:39:21 +00:00

72 lines
1.9 KiB
Markdown
Raw Blame History

# Secret Rotation Log
> **Rule**: Every secret found in git history must be rotated and logged here.
> **Owner**: CTO / Security Lead
> **Review**: Monthly
---
## Rotation Template
```
| Date | Secret Type | Location Found | Old ID/Prefix | New Location | Rotated By | Verified |
|------------|------------|----------------|---------------|--------------|-----------|----------|
| YYYY-MM-DD | API Key | git history | sk_xxxx... | AWS SM | @user | ✓ |
```
---
## Active Rotations
| Date | Secret Type | Location Found | Rotated By | Verified |
|------|-------------|----------------|-----------|----------|
| TBD | (Run `gitleaks detect --source . --log-opts="--all"` to populate) | | | |
---
## Scan Commands
```bash
# Install tools
pip install gitleaks detect-secrets
# Full history scan
gitleaks detect --source . --log-opts="--all" --report-path /tmp/secret_scan.json
# Current staged files only
gitleaks protect --staged
# Alternative: trufflehog
pipx install trufflehog3
trufflehog3 . --format json --output /tmp/trufflehog_report.json
```
---
## Mandatory Actions After Scan
For every finding:
1. Rotate the credential in the source system (AWS, Stripe, OpenAI, etc.)
2. Update environment variables in production
3. Revoke the leaked credential
4. Add entry to this log
5. Add path/pattern to `.gitleaksignore` ONLY if it's a known false positive
---
## Secrets Management Hierarchy
| Environment | Manager |
|-------------|---------|
| Local dev | `.env` file (gitignored) + Doppler |
| Staging | Doppler or AWS Secrets Manager |
| Production | AWS Secrets Manager (me-south-1) |
## Escape Hatches (forbidden)
- ❌ Secrets in `.env.example`
- ❌ Secrets in docker-compose.yml (use Secrets reference)
- ❌ Secrets in code comments
- ❌ Secrets in test fixtures (use generated values)
- ❌ Secrets in Slack, email, or tickets
Reference in New Issue View Git Blame Copy Permalink