2.3 KiB
2.3 KiB
CLEANUP.md — rmi-backend
Audit + cleanup log. Most recent first.
2026-07-02 — bloat + secrets removal
Branch: chore/cleanup-remove-bloat-and-secrets
🚨 SECURITY: removed .secrets/
.secrets/ghost_session_cookieswas committed to main. Content was a Netscape cookie jar.- CRITICAL ACTION REQUIRED: rotate any cookies/secrets that were in this file.
- The file may have been browsable by anyone with repo read access.
- Added
.secrets/to.gitignore(was missing).
🗑️ Bloat removed
rmi-frontend/subtree (~2.7MB) — React app lives in its own repoRugMunchMedia/rmi-frontendbackend/subtree (273 files, ~1.7MB) — duplicate scaffold, NOT the source of truth
🚮 Broken files removed
, r.stdout)...— shell heredoc accident with literal newlines in filename5s},7s},=2.0.0— fragment files from another shell accident
🛡️ .gitignore hardened
Added patterns for:
- Secrets (
.secrets/,*.pem,*.key,*.crt,.env) - Data blobs (
*.zip,*.parquet,*.sqlite,*.duckdb) - Model weights (
*.bin,*.safetensors,*.pt,*.onnx)
Files deliberately NOT removed
These look "extra" but are legit:
worker.py,main.py,Dockerfile.worker— runtime entry pointsalembic.ini,alembic/— DB migrationsruff.toml,mypy.ini,pytest.ini— lint/type/test configsafe_deploy.sh,databus_warm_cron.py— ops scriptsjustfile,uv.lock,requirements.txt— modern Python toolingrmi_sdk.py,rmi_langchain.py,x402_tool_builder.py— domain modulessmithery.yaml,huggingface.yaml— service configsdocker-compose.email.yml— email service configsupabase/*.sql— Supabase migrationsPROPRIETARY_REGISTRATION.txt— legal docmain.py.bak— backup, consider deleting in future PRbackend.log— log file, should be ignored (will be cleaned by better .gitignore)
Pre-cleanup size
134MB → ~70MB
Lessons learned
- Pre-commit hooks must include gitleaks (it WAS configured but this file slipped through)
.secretsallowis an allowlist — anything not on it must be blocked- Empty/short-lived subtrees should be deleted immediately, not left as legacy
- A
CLEANUP.mdin each repo prevents this pattern from recurring