john/tractatus
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
tractatus/.rsyncignore
TheFlow 1058758496 security: create deployment exclusion list and safe deployment script 
Critical Security Improvements:
- Created .rsyncignore with comprehensive exclusion patterns
- Prevents deployment of CLAUDE.md, .env.backup, session handoffs
- Prevents deployment of internal docs and framework state
- Created deploy-full-project-SAFE.sh with dry-run safety check

Security Response Actions:
- Deleted CLAUDE.md from production (contained port 27017, db names)
- Deleted .env.backup from production (contained credentials)
- Deleted 5+ session handoff documents from production
- Deleted internal planning docs (PHASE-2-*, SECURITY_AUDIT_REPORT)

Root Cause:
Previous deployment used rsync without exclusion filters, syncing
entire project directory including sensitive internal documentation.

Prevention:
- All future deployments must use .rsyncignore
- deploy-full-project-SAFE.sh enforces dry-run before deployment
- deploy-frontend.sh already safe (public/ only)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-09 15:47:20 +13:00

106 lines
2.2 KiB
Text
Raw Blame History

# Tractatus Production Deployment - Exclusion List
# Prevents sensitive internal files from being deployed to production
# ============================================
# CRITICAL: Internal Documentation
# ============================================
CLAUDE.md
CLAUDE.md.backup
CLAUDE_*.md
*_Tractatus_Maintenance_Guide.md
SESSION_CLOSEDOWN_*.md
SESSION-HANDOFF-*.md
NEXT_SESSION.md
ClaudeWeb*.md
Tractatus-Website-Complete-Specification-*.md
DEPLOYMENT-*.md
# ============================================
# CRITICAL: Session State & Framework
# ============================================
.claude/
.claude/**
# ============================================
# CRITICAL: Credentials & Secrets
# ============================================
.env
.env.*
!.env.example
*.key
*.pem
*.p12
*.pfx
secrets/
credentials/
# ============================================
# CRITICAL: Internal Documentation Directories
# ============================================
docs/session-handoff-*.md
docs/SECURITY_AUDIT_REPORT.md
docs/FRAMEWORK_FAILURE_*.md
docs/PHASE-2-*.md
docs/IMPLEMENTATION_PROGRESS_*.md
docs/DOCUMENT_SECURITY_GOVERNANCE.md
# ============================================
# Development Files
# ============================================
node_modules/
.git/
.gitignore
package-lock.json
*.log
logs/
npm-debug.log*
.DS_Store
Thumbs.db
# ============================================
# Database & Backups
# ============================================
data/
dump/
backups/
*.sql
*.sql.gz
*.dump
# ============================================
# Build & Test
# ============================================
coverage/
.nyc_output/
dist/
build/
tmp/
temp/
*.tmp
# ============================================
# IDE & Editor
# ============================================
.vscode/
.idea/
*.swp
*.swo
*~
# ============================================
# SSH Keys (extra safety)
# ============================================
*.ssh/
id_rsa*
id_ed25519*
# ============================================
# Local Scripts (deployment from local only)
# ============================================
scripts/deploy-*.sh
scripts/validate-public-sync.js
scripts/session-init.js
scripts/check-session-pressure.js
scripts/pre-action-check.js
scripts/recover-framework.js
scripts/framework-watchdog.js
Reference in a new issue View git blame Copy permalink