diff --git a/SECURITY_CLEANUP.md b/SECURITY_CLEANUP.md new file mode 100644 index 0000000..b717dd6 --- /dev/null +++ b/SECURITY_CLEANUP.md @@ -0,0 +1,29 @@ +# Security Cleanup - April 9, 2026 + +## What happened +Sensitive data (code exports containing potential tokens) was accidentally committed to git history in commit 2807a55. + +## Actions taken +1. ✅ Removed sensitive files from tracking (code_export.txt, code_export.ps1.test.txt) +2. ✅ Added proper .gitignore to prevent future leaks +3. ✅ Used git-filter-repo to completely remove files from entire git history +4. ✅ Prepared for force-push to rewrite remote history + +## Next steps (MANUAL) +1. **CRITICAL**: Revoke the exposed Gitea token immediately in Gitea settings +2. Generate a new Gitea token +3. Update any services using the old token +4. Execute: `git push --force origin master` to rewrite remote history +5. Notify any collaborators to re-clone the repository + +## Prevention +- .gitignore now blocks code_export.txt and similar files +- export_code.ps1 already has exclusions for sensitive patterns +- Always review git status before committing + +## Verification +After force-push, verify that sensitive files are not in history: +```bash +git log --all --full-history -- code_export.txt +# Should return nothing +```