Critical Security Improvements:
- Created .rsyncignore with comprehensive exclusion patterns
- Prevents deployment of CLAUDE.md, .env.backup, session handoffs
- Prevents deployment of internal docs and framework state
- Created deploy-full-project-SAFE.sh with dry-run safety check
Security Response Actions:
- Deleted CLAUDE.md from production (contained port 27017, db names)
- Deleted .env.backup from production (contained credentials)
- Deleted 5+ session handoff documents from production
- Deleted internal planning docs (PHASE-2-*, SECURITY_AUDIT_REPORT)
Root Cause:
Previous deployment used rsync without exclusion filters, syncing
entire project directory including sensitive internal documentation.
Prevention:
- All future deployments must use .rsyncignore
- deploy-full-project-SAFE.sh enforces dry-run before deployment
- deploy-frontend.sh already safe (public/ only)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
