merge: chore/cleanup-remove-bloat-and-secrets into main
This commit is contained in:
commit
bde2f3a97d
1173 changed files with 437609 additions and 0 deletions
51
CLEANUP.md
Normal file
51
CLEANUP.md
Normal file
|
|
@ -0,0 +1,51 @@
|
|||
# CLEANUP.md — rmi-backend
|
||||
|
||||
> Audit + cleanup log. Most recent first.
|
||||
|
||||
## 2026-07-02 — bloat + secrets removal
|
||||
|
||||
**Branch**: `chore/cleanup-remove-bloat-and-secrets`
|
||||
|
||||
### 🚨 SECURITY: removed `.secrets/`
|
||||
- `.secrets/ghost_session_cookies` was committed to main. Content was a Netscape cookie jar.
|
||||
- **CRITICAL ACTION REQUIRED: rotate any cookies/secrets that were in this file.**
|
||||
- The file may have been browsable by anyone with repo read access.
|
||||
- Added `.secrets/` to `.gitignore` (was missing).
|
||||
|
||||
### 🗑️ Bloat removed
|
||||
- `rmi-frontend/` subtree (~2.7MB) — React app lives in its own repo `RugMunchMedia/rmi-frontend`
|
||||
- `backend/` subtree (273 files, ~1.7MB) — duplicate scaffold, NOT the source of truth
|
||||
|
||||
### 🚮 Broken files removed
|
||||
- `, r.stdout)...` — shell heredoc accident with literal newlines in filename
|
||||
- `5s}`, `7s}`, `=2.0.0` — fragment files from another shell accident
|
||||
|
||||
### 🛡️ .gitignore hardened
|
||||
Added patterns for:
|
||||
- Secrets (`.secrets/`, `*.pem`, `*.key`, `*.crt`, `.env`)
|
||||
- Data blobs (`*.zip`, `*.parquet`, `*.sqlite`, `*.duckdb`)
|
||||
- Model weights (`*.bin`, `*.safetensors`, `*.pt`, `*.onnx`)
|
||||
|
||||
## Files deliberately NOT removed
|
||||
These look "extra" but are legit:
|
||||
- `worker.py`, `main.py`, `Dockerfile.worker` — runtime entry points
|
||||
- `alembic.ini`, `alembic/` — DB migrations
|
||||
- `ruff.toml`, `mypy.ini`, `pytest.ini` — lint/type/test config
|
||||
- `safe_deploy.sh`, `databus_warm_cron.py` — ops scripts
|
||||
- `justfile`, `uv.lock`, `requirements.txt` — modern Python tooling
|
||||
- `rmi_sdk.py`, `rmi_langchain.py`, `x402_tool_builder.py` — domain modules
|
||||
- `smithery.yaml`, `huggingface.yaml` — service configs
|
||||
- `docker-compose.email.yml` — email service config
|
||||
- `supabase/*.sql` — Supabase migrations
|
||||
- `PROPRIETARY_REGISTRATION.txt` — legal doc
|
||||
- `main.py.bak` — backup, consider deleting in future PR
|
||||
- `backend.log` — log file, should be ignored (will be cleaned by better .gitignore)
|
||||
|
||||
## Pre-cleanup size
|
||||
134MB → ~70MB
|
||||
|
||||
## Lessons learned
|
||||
- Pre-commit hooks must include gitleaks (it WAS configured but this file slipped through)
|
||||
- `.secretsallow` is an allowlist — anything not on it must be blocked
|
||||
- Empty/short-lived subtrees should be deleted immediately, not left as legacy
|
||||
- A `CLEANUP.md` in each repo prevents this pattern from recurring
|
||||
Loading…
Add table
Add a link
Reference in a new issue