43fa6cca61
CRITICAL SECURITY FIX:
Removed 226 internal and sensitive files from git tracking to protect
the public tractatus-framework repository from exposing confidential
development information, server details, and internal strategies.
SCOPE:
This cleanup separates the INTERNAL repository (tractatus) from the
PUBLIC repository (tractatus-framework on GitHub).
REMOVED DIRECTORIES (entire):
- .claude/ (framework session state, metrics, archives)
- governance/ (internal operational governance)
- For Claude Web/ (internal development specs)
- scripts/hook-validators/ (internal enforcement)
- scripts/framework-components/ (internal components)
- docs/planning/, docs/testing/, docs/outreach/
- docs/stripe-analysis/, docs/economist-analysis/
- docs/framework-incidents/, docs/deployment-logs/
- docs/analysis-archive-2025-10/
REMOVED ROOT FILES:
- CLAUDE_*.md, ClaudeWeb*.md (internal development)
- PITCH-*.md (internal pitch documents)
- PHASE-*.md, MEETING_NOTES*.md (internal planning)
- SESSION*.md, OPTIMAL_NEXT_SESSION*.md (session handoffs)
- ARCHIVE_SUMMARY*.md, CLOSEDOWN*.* (session archives)
- EXECUTIVE_BRIEF*.md (internal briefs)
- Tractatus-Website-Complete-Specification*.md (internal specs)
- UI_TRANSFORMATION_PROJECT_PLAN.md, SITE_IMPROVEMENT_PRIORITIES.md
- SCHEDULED_TASKS.md, TRACTATUS_BRAND_SYSTEM.md
- .stripe-ids.json, .rsyncignore (sensitive/deployment)
- deployment-output.txt, migration-output.txt (logs)
- ECONOMIST_LETTER*.docx, PERPLEXITY_USER_PROMPT.txt (correspondence)
REMOVED SCRIPTS:
- scripts/deploy-*.sh (contain server IPs)
- scripts/session-init.js, scripts/check-session-pressure.js
- scripts/analyze-violations.js
- scripts/hook-validators/*.js (5 files)
- scripts/framework-components/*.js
REMOVED DOCS (96 files):
- docs/SESSION*.md, docs/session-handoff-*.md
- docs/DEPLOYMENT*.md, docs/MULTI_PROJECT*.md
- docs/DOCUMENT_AUDIT*.md, docs/DOCUMENT_*.md
- docs/BLOG-POST-OUTLINES.md
- docs/PHASE-*.md, docs/STRIPE_*.md, docs/KOHA*.md
- docs/SECURITY_AUDIT*.md, docs/FRAMEWORK_FAILURE*.md
- docs/BENCHMARK*.md, docs/IMPLEMENTATION_PROGRESS*.md
- docs/BOOTSTRAPPING*.md, docs/GOVERNANCE-RULE-LIBRARY.md
- docs/SIMULATION*.md, docs/API_MEMORY*.md
ADDED PROTECTIONS:
1. Comprehensive .gitignore (172 lines)
- Blocks all internal directories
- Blocks all internal file patterns
- Prevents accidental commits
2. PUBLIC_REPO_CHECKLIST.md
- Security verification checklist
- Weekly maintenance procedures
- Clear guidelines for public vs internal
REMAINING PUBLIC FILES: 6,435
- src/: 85 (open source services)
- tests/: 35 (unit/integration tests)
- public/: 178 (website frontend)
- scripts/: 111 (public utilities)
- docs/: 107 (public documentation)
- root: 13 (README, LICENSE, package.json, configs)
VERIFICATION:
✓ No server IPs
✓ No SSH keys or credentials
✓ No payment system secrets
✓ No internal planning documents
✓ No session handoffs or development logs
✓ No deployment scripts with production details
RESULT:
Public tractatus-framework repository now contains ONLY:
- Open source code
- Public documentation
- Implementation guides
- Apache 2.0 licensed content
Internal tractatus repository (local) retains ALL files for development.
🤖 Generated with Claude Code
Co-Authored-By: Claude <noreply@anthropic.com>
7.2 KiB
7.2 KiB
PUBLIC REPOSITORY CHECKLIST
Repository: tractatus-framework (GitHub Public) Purpose: Open source implementation for external developers Last Security Audit: 2025-10-21
✅ What SHOULD Be in Public Repo
Code (Open Source)
- ✅
src/- All framework services and application code - ✅
tests/- Unit and integration tests - ✅
public/- Website frontend (HTML, CSS, JS, assets) - ✅
scripts/- Public utility scripts (migrations, generators, utilities)
Documentation (Public)
- ✅
README.md- World-class implementer-focused documentation - ✅
LICENSE- Apache 2.0 license - ✅
CODE_OF_CONDUCT.md- Community guidelines - ✅
SETUP_INSTRUCTIONS.md- Installation guide - ✅
NOTICE- Attribution notices - ✅
docs/markdown/- Published documentation - ✅
docs/case-studies/- Public case studies (educational) - ✅
docs/api/- API reference documentation - ✅
docs/architecture/- Architecture diagrams and explanations
Configuration (Public)
- ✅
.env.example- Example environment variables - ✅
.env.test- Test environment configuration - ✅
.gitignore- Git ignore patterns - ✅
.eslintrc.json- ESLint configuration - ✅
jest.config.js- Jest test configuration - ✅
tailwind.config.js- Tailwind CSS configuration - ✅
package.json- Node dependencies - ✅
package-lock.json- Dependency lock file
❌ What MUST NOT Be in Public Repo
Internal Directories (Entire)
- ❌
.claude/- Framework session state, metrics, archives - ❌
governance/- Internal operational governance documents - ❌
For Claude Web/- Internal development specifications - ❌
umami-local/- Analytics local setup - ❌
docs/planning/- Internal project planning - ❌
docs/testing/- Internal test reports - ❌
docs/outreach/- Internal marketing/outreach - ❌
docs/stripe-analysis/- Internal payment analysis - ❌
docs/economist-analysis/- Internal research analysis - ❌
docs/framework-incidents/- Internal incident reports - ❌
docs/deployment-logs/- Internal deployment records - ❌
docs/analysis-archive-*/- Internal analysis archives
Internal Development Documents
- ❌
CLAUDE.md- Internal Claude Code instructions - ❌
CLAUDE_*.md- Internal development guides - ❌
ClaudeWeb*.md- Internal web development specs - ❌
PRE_APPROVED_COMMANDS.md- Internal command whitelist - ❌
BACKEND_FRONTEND_MAPPING.md- Internal architecture docs
Session & Planning Documents
- ❌
SESSION*.md- Session handoffs - ❌
OPTIMAL_NEXT_SESSION*.md- Session startup prompts - ❌
ARCHIVE_SUMMARY*.md- Session archives - ❌
CLOSEDOWN*.md/*.txt- Session closedowns - ❌
MEETING_NOTES*.md- Internal meeting notes
Internal Planning
- ❌
PITCH-*.md- Internal pitch documents - ❌
PHASE-*.md- Internal phase planning - ❌
EXECUTIVE_BRIEF*.md- Internal executive briefs - ❌
TRACTATUS_BRAND_SYSTEM.md- Internal branding - ❌
UI_TRANSFORMATION_PROJECT_PLAN.md- Internal UI planning - ❌
SITE_IMPROVEMENT_PRIORITIES.md- Internal priorities - ❌
SCHEDULED_TASKS.md- Internal task scheduling - ❌
Tractatus-Website-Complete-Specification*.md- Internal specs
Internal Scripts
- ❌
scripts/deploy-*.sh- Deployment scripts (contain server details) - ❌
scripts/session-init.js- Framework session initialization - ❌
scripts/check-session-pressure.js- Session monitoring - ❌
scripts/analyze-violations.js- Violation analysis - ❌
scripts/hook-validators/- Pre-action hook validators - ❌
scripts/framework-components/- Framework enforcement components - ❌
scripts/reset-admin-password.js- Admin utilities
Internal Docs Files
- ❌
docs/DEPLOYMENT*.md- Deployment documentation - ❌
docs/MULTI_PROJECT*.md- Multi-project governance - ❌
docs/DOCUMENT_AUDIT*.md- Internal audits - ❌
docs/DOCUMENT_OPTIMIZATION*.md- Internal optimization - ❌
docs/DOCUMENT_REORGANIZATION*.md- Internal reorganization - ❌
docs/DOCUMENT_SECURITY*.md- Internal security docs - ❌
docs/BLOG-POST-OUTLINES.md- Internal content planning - ❌
docs/PHASE-*.md- Phase planning documents - ❌
docs/STRIPE_*.md- Payment integration internals - ❌
docs/KOHA*.md- Donation system internals - ❌
docs/SECURITY_AUDIT*.md- Internal security audits - ❌
docs/FRAMEWORK_FAILURE*.md- Internal incident analysis - ❌
docs/BENCHMARK*.md- Internal performance benchmarks - ❌
docs/IMPLEMENTATION_PROGRESS*.md- Internal progress tracking - ❌
docs/BOOTSTRAPPING*.md- Internal bootstrapping docs - ❌
docs/GOVERNANCE-RULE-LIBRARY.md- Internal rule library - ❌
docs/SIMULATION*.md- Internal simulations - ❌
docs/SESSION*.md- Session documentation - ❌
docs/API_MEMORY*.md- Internal API memory research - ❌
docs/HOOKS*.md- Internal hook documentation
Sensitive Files
- ❌
*.key- Encryption keys - ❌
*.pem- SSL certificates - ❌
*.p12/*.pfx- Certificate bundles - ❌
.stripe-ids.json- Payment IDs - ❌
.rsyncignore- Deployment patterns - ❌
ADMIN_LOGIN_INSTRUCTIONS.md- Admin credentials - ❌
.admin-credentials.local- Admin credentials - ❌
secrets/- Secrets directory - ❌
credentials/- Credentials directory
Build Artifacts & Temporary Files
- ❌
deployment-output.txt- Deployment logs - ❌
migration-output.txt- Migration logs - ❌
closedown prompt- Session closedown prompts - ❌
old claude md file- Old backups - ❌
PERPLEXITY_USER_PROMPT.txt- Research prompts - ❌
ECONOMIST_LETTER_*.docx- External correspondence - ❌
/tmp/*.md- Temporary markdown files - ❌
Screenshot*.png- Screenshots - ❌
*.backup/*.bak- Backup files
🔒 Security Verification Checklist
Before pushing to public GitHub, verify:
- No server IP addresses in any file
- No SSH key references or paths
- No API keys or credentials
- No payment system IDs or secrets
- No internal meeting notes or strategy docs
- No session handoffs or development logs
- No deployment scripts with production details
- No internal planning or pitch documents
.gitignoreis comprehensive and up-to-date- All files contain only public-appropriate content
📊 Current Repository Stats
Total tracked files: 6,435
src/: 85 filestests/: 35 filespublic/: 178 files (mostly assets)scripts/: 111 filesdocs/: 107 filesroot: 13 files
Last cleaned: 2025-10-21 Files removed: 226 internal/sensitive files
🔄 Weekly Maintenance
As per inst_062, the README.md requires weekly review. Use this checklist:
Every Monday:
- Review README.md for accuracy
- Update "Last Updated" date if material changes made
- Verify all links still work
- Check for new internal files that shouldn't be public
- Run:
git ls-files | grep -E "(CLAUDE|SESSION|PITCH|PHASE|MEETING|governance|\.claude)"→ should return nothing
📝 Notes
- The internal repository (
tractatus) contains ALL files for development - The public repository (
tractatus-framework) is a SUBSET for open source - .gitignore ensures accidental commits of internal files are prevented
- Use
git statusbefore pushing to verify no internal files are staged
Last Updated: 2025-10-21