tractatus

john/tractatus

Fork 0

Commit graph

Author	SHA1	Message	Date
TheFlow	1044d217a8	fix(security): comprehensive security incident response for API key exposure INCIDENT SUMMARY: - Date: 2025-10-21 - Severity: CRITICAL → MEDIUM (credential revoked before exploitation) - Exposed: Anthropic API key (ID 5043627, name: family-history-ocr) - Location: docs/STRIPE_LIVE_MODE_DEPLOYMENT.md (commit 31345d5c) - Detection: GitHub secret scanning (automatic) - Revocation: Anthropic (automatic, within hours) - Financial Impact: $0 (no unauthorized usage) ROOT CAUSE - 5 FAILURE POINTS: 1. No credential redaction in documentation (PREVENTION) 2. Framework fade - BoundaryEnforcer not used (ENFORCEMENT) 3. No pre-commit secret detection (DETECTION) 4. No credential audit in pre-deployment checklist (MITIGATION) 5. Single-layer security model, not defense-in-depth (ARCHITECTURAL) NEW GOVERNANCE RULES: - inst_069: Credential Handling in Documentation (SYSTEM, HIGH, PERMANENT) - Requires ALL credentials redacted with example-only values - Patterns: sk-ant-api03-EXAMPLE-REDACTED, sk_live_EXAMPLE_REDACTED - Mandatory secret detection scan before commits - inst_070: Pre-Commit Secret Detection (SYSTEM, HIGH, PERMANENT) - Requires gitleaks or detect-secrets as pre-commit hook - BLOCKS commits containing secrets - False positives require user approval + documentation - inst_071: Enhanced Pre-Deployment Checklist (OPERATIONAL, HIGH, PERMANENT) - Replaces inst_054 with 8 steps including secret detection - Step 2: gitleaks detect --source . - Step 3: Credential audit (grep for sk-, pk-, secret, password) - Step 8: Public repository content review - inst_072: Assume Breach - Defense in Depth (STRATEGIC, HIGH, PERMANENT) - Layer 1 - Prevention: Never commit credentials - Layer 2 - Mitigation: Redact credentials in docs - Layer 3 - Detection: Pre-commit secret scanning (automated) - Layer 4 - Backstop: GitHub secret scanning - Layer 5 - Recovery: Credential rotation procedures DOCUMENTATION: - SECURITY_INCIDENT_POST_MORTEM_2025-10-21.md (comprehensive analysis) - SECURITY_INCIDENT_HUMAN_ACTIONS_REQUIRED.md (15-step action plan) - scripts/install-gitleaks-hook.sh (automated installation) - scripts/add-security-rules-2025-10-21.js (rules migration) ADDITIONAL FINDINGS: Comprehensive credential scan revealed additional exposed credentials in internal repository (not public): - Same Anthropic key in .env file - Same key in internal docs/STRIPE_LIVE_MODE_DEPLOYMENT.md - Stripe test keys in .env - JWT production secret in .env HUMAN ACTIONS REQUIRED: 1. Rotate Anthropic API key (CRITICAL) 2. Rotate JWT secret (CRITICAL) 3. Remove credentials from internal repository files 4. Install gitleaks pre-commit hook 5. Decide on git history cleanup (Option A/B/C) VERSION UPDATE: - instruction-history.json: 3.6 → 3.7 - Total rules: 68 → 72 - Active rules: 56 → 59 🤖 Generated with Claude Code Co-Authored-By: Claude <noreply@anthropic.com>	2025-10-22 00:31:30 +13:00

Author

SHA1

Message

Date

TheFlow

1044d217a8

fix(security): comprehensive security incident response for API key exposure

INCIDENT SUMMARY:
- Date: 2025-10-21
- Severity: CRITICAL → MEDIUM (credential revoked before exploitation)
- Exposed: Anthropic API key (ID 5043627, name: family-history-ocr)
- Location: docs/STRIPE_LIVE_MODE_DEPLOYMENT.md (commit 31345d5c)
- Detection: GitHub secret scanning (automatic)
- Revocation: Anthropic (automatic, within hours)
- Financial Impact: $0 (no unauthorized usage)

ROOT CAUSE - 5 FAILURE POINTS:
1. No credential redaction in documentation (PREVENTION)
2. Framework fade - BoundaryEnforcer not used (ENFORCEMENT)
3. No pre-commit secret detection (DETECTION)
4. No credential audit in pre-deployment checklist (MITIGATION)
5. Single-layer security model, not defense-in-depth (ARCHITECTURAL)

NEW GOVERNANCE RULES:
- inst_069: Credential Handling in Documentation (SYSTEM, HIGH, PERMANENT)
  - Requires ALL credentials redacted with example-only values
  - Patterns: sk-ant-api03-EXAMPLE-REDACTED, sk_live_EXAMPLE_REDACTED
  - Mandatory secret detection scan before commits

- inst_070: Pre-Commit Secret Detection (SYSTEM, HIGH, PERMANENT)
  - Requires gitleaks or detect-secrets as pre-commit hook
  - BLOCKS commits containing secrets
  - False positives require user approval + documentation

- inst_071: Enhanced Pre-Deployment Checklist (OPERATIONAL, HIGH, PERMANENT)
  - Replaces inst_054 with 8 steps including secret detection
  - Step 2: gitleaks detect --source .
  - Step 3: Credential audit (grep for sk-, pk-, secret, password)
  - Step 8: Public repository content review

- inst_072: Assume Breach - Defense in Depth (STRATEGIC, HIGH, PERMANENT)
  - Layer 1 - Prevention: Never commit credentials
  - Layer 2 - Mitigation: Redact credentials in docs
  - Layer 3 - Detection: Pre-commit secret scanning (automated)
  - Layer 4 - Backstop: GitHub secret scanning
  - Layer 5 - Recovery: Credential rotation procedures

DOCUMENTATION:
- SECURITY_INCIDENT_POST_MORTEM_2025-10-21.md (comprehensive analysis)
- SECURITY_INCIDENT_HUMAN_ACTIONS_REQUIRED.md (15-step action plan)
- scripts/install-gitleaks-hook.sh (automated installation)
- scripts/add-security-rules-2025-10-21.js (rules migration)

ADDITIONAL FINDINGS:
Comprehensive credential scan revealed additional exposed credentials in
internal repository (not public):
- Same Anthropic key in .env file
- Same key in internal docs/STRIPE_LIVE_MODE_DEPLOYMENT.md
- Stripe test keys in .env
- JWT production secret in .env

HUMAN ACTIONS REQUIRED:
1. Rotate Anthropic API key (CRITICAL)
2. Rotate JWT secret (CRITICAL)
3. Remove credentials from internal repository files
4. Install gitleaks pre-commit hook
5. Decide on git history cleanup (Option A/B/C)

VERSION UPDATE:
- instruction-history.json: 3.6 → 3.7
- Total rules: 68 → 72
- Active rules: 56 → 59

🤖 Generated with Claude Code
Co-Authored-By: Claude <noreply@anthropic.com>

2025-10-22 00:31:30 +13:00

1 commit