From ad0fd954498a2d3127b7b37fd25317d72641e9cc Mon Sep 17 00:00:00 2001 From: Scott Steele Date: Fri, 22 Aug 2025 22:47:05 -0400 Subject: [PATCH 1/2] feat(frontend): add NexusAI React app (no secrets, no builds) --- .gitignore | 10 ++++++++++ frontend/backend/.env.example | 9 +++++++++ 2 files changed, 19 insertions(+) create mode 100644 frontend/backend/.env.example diff --git a/.gitignore b/.gitignore index 373126b..b98c552 100644 --- a/.gitignore +++ b/.gitignore @@ -58,3 +58,13 @@ crash.log *.sqlite3 data/ documents/ +# Frontend +frontend/node_modules +frontend/dist +frontend/.env +frontend/.DS_Store + +# Backend (future) +backend/.venv +backend/__pycache__/ +backend/.env diff --git a/frontend/backend/.env.example b/frontend/backend/.env.example new file mode 100644 index 0000000..d00e3d3 --- /dev/null +++ b/frontend/backend/.env.example @@ -0,0 +1,9 @@ +# OpenAI Configuration +OPENAI_API_KEY=your_openai_api_key_here +OPENAI_MODEL=gpt-4o-mini +OPENAI_MAX_TOKENS=1000 +OPENAI_TEMPERATURE=0.7 + +# Application Configuration +DEBUG=True +ENVIRONMENT=development From 6bf72514c94d24bbaec0bd6d8accefb0a2e91a80 Mon Sep 17 00:00:00 2001 From: Scott Steele Date: Fri, 22 Aug 2025 23:16:18 -0400 Subject: [PATCH 2/2] chore: harden .gitignore and add secret scan --- .gitignore | 19 ++++-- .pre-commit-config.yaml | 6 ++ .secrets.baseline | 146 ++++++++++++++++++++++++++++++++++++++++ 3 files changed, 165 insertions(+), 6 deletions(-) create mode 100644 .pre-commit-config.yaml create mode 100644 .secrets.baseline diff --git a/.gitignore b/.gitignore index b98c552..1037fe7 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,8 @@ # ---- OS / Editors ---- .DS_Store +._* +.Spotlight-V100 +.Trashes .idea/ .vscode/ *.swp @@ -16,16 +19,16 @@ build/ .eggs/ .wheelhouse/ .coverage +coverage.xml htmlcov/ .tox/ .pytest_cache/ .mypy_cache/ +.ruff_cache/ .cache/ -# ---- Node / Frontend (if UI present) ---- +# ---- Node / Frontend ---- node_modules/ -pnpm-lock.yaml -yarn.lock npm-debug.log* .vite/ dist/ @@ -33,9 +36,12 @@ coverage/ *.map # ---- Env / Secrets ---- -.env -.env.* +**/.env +**/.env.* !.env.example +.envrc +.npmrc +.pypirc *.key *.crt *.pem @@ -58,13 +64,14 @@ crash.log *.sqlite3 data/ documents/ + # Frontend frontend/node_modules frontend/dist frontend/.env frontend/.DS_Store -# Backend (future) +# Backend backend/.venv backend/__pycache__/ backend/.env diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 0000000..5a61fe2 --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,6 @@ +repos: +- repo: https://github.com/Yelp/detect-secrets + rev: v1.5.0 + hooks: + - id: detect-secrets + args: ["--baseline", ".secrets.baseline"] diff --git a/.secrets.baseline b/.secrets.baseline new file mode 100644 index 0000000..852a4f8 --- /dev/null +++ b/.secrets.baseline @@ -0,0 +1,146 @@ +{ + "version": "1.5.0", + "plugins_used": [ + { + "name": "ArtifactoryDetector" + }, + { + "name": "AWSKeyDetector" + }, + { + "name": "AzureStorageKeyDetector" + }, + { + "name": "Base64HighEntropyString", + "limit": 4.5 + }, + { + "name": "BasicAuthDetector" + }, + { + "name": "CloudantDetector" + }, + { + "name": "DiscordBotTokenDetector" + }, + { + "name": "GitHubTokenDetector" + }, + { + "name": "GitLabTokenDetector" + }, + { + "name": "HexHighEntropyString", + "limit": 3.0 + }, + { + "name": "IbmCloudIamDetector" + }, + { + "name": "IbmCosHmacDetector" + }, + { + "name": "IPPublicDetector" + }, + { + "name": "JwtTokenDetector" + }, + { + "name": "KeywordDetector", + "keyword_exclude": "" + }, + { + "name": "MailchimpDetector" + }, + { + "name": "NpmDetector" + }, + { + "name": "OpenAIDetector" + }, + { + "name": "PrivateKeyDetector" + }, + { + "name": "PypiTokenDetector" + }, + { + "name": "SendGridDetector" + }, + { + "name": "SlackDetector" + }, + { + "name": "SoftlayerDetector" + }, + { + "name": "SquareOAuthDetector" + }, + { + "name": "StripeDetector" + }, + { + "name": "TelegramBotTokenDetector" + }, + { + "name": "TwilioKeyDetector" + } + ], + "filters_used": [ + { + "path": "detect_secrets.filters.allowlist.is_line_allowlisted" + }, + { + "path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies", + "min_level": 2 + }, + { + "path": "detect_secrets.filters.heuristic.is_indirect_reference" + }, + { + "path": "detect_secrets.filters.heuristic.is_likely_id_string" + }, + { + "path": "detect_secrets.filters.heuristic.is_lock_file" + }, + { + "path": "detect_secrets.filters.heuristic.is_not_alphanumeric_string" + }, + { + "path": "detect_secrets.filters.heuristic.is_potential_uuid" + }, + { + "path": "detect_secrets.filters.heuristic.is_prefixed_with_dollar_sign" + }, + { + "path": "detect_secrets.filters.heuristic.is_sequential_string" + }, + { + "path": "detect_secrets.filters.heuristic.is_swagger_file" + }, + { + "path": "detect_secrets.filters.heuristic.is_templated_secret" + } + ], + "results": { + "frontend/AWS_DEPLOYMENT_GUIDE.md": [ + { + "type": "AWS Access Key", + "filename": "frontend/AWS_DEPLOYMENT_GUIDE.md", + "hashed_secret": "a9c45238941ad6df08ccd2d0ed0e20c8ea34154b", + "is_verified": false, + "line_number": 113 + } + ], + "frontend/ec2-credentials.txt": [ + { + "type": "Secret Keyword", + "filename": "frontend/ec2-credentials.txt", + "hashed_secret": "34f5d1338a932cb8f0b03d00db4fe8719ea65739", + "is_verified": false, + "line_number": 5 + } + ] + }, + "generated_at": "2025-08-23T03:16:18Z" +}