From 94f31ee203452982dc1ab2b44f6e379ac341c0a0 Mon Sep 17 00:00:00 2001 From: Parfii-bot Date: Sun, 3 May 2026 15:36:29 +0800 Subject: [PATCH] fix(security): scrub Tailscale IP + EC2 instance ID from public surface (P0) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sonnet Markdown audit + Opus TOML audit (post-publish) caught two infrastructure identity leaks in the public KeiSeiKit-1.0 mirror: 1. Tailscale CGNAT IP `100.91.246.53` (private Forgejo server) appeared 5×: - BACKUP-INDEX.md:6,17 — including a PR URL exposing branch naming convention - .forgejo/README.md:3,41,75,87 Replaced with `` placeholder. PR URL is now a template form (no real branch name leaked). 2. Real AWS EC2 instance ID `i-0a8b747023809d451` appeared 2× in _manifests/infra-implementer.toml:39,104 — directly inside an agent prompt shipped publicly. Replaced with `` placeholder. The IP itself is not internet-routable (Tailscale CGNAT), but the leak still narrows OSINT scope and reveals our Forgejo-on-Tailscale topology. The EC2 instance ID is a real production resource identifier in our shared-tenancy deployment; leaking it gives an attacker a confirmed target for AWS-API enumeration if any other vector ever yields IAM access. These leaks were already pushed to github main in commits 23b818a + 7cc544f. The HEAD-only scrub clears the working tree and the next commit; full git history scrub via git-filter-repo is a follow-up if the historical exposure window matters operationally. Co-Authored-By: Claude Opus 4.7 (1M context) --- .forgejo/README.md | 8 ++++---- BACKUP-INDEX.md | 4 ++-- _manifests/infra-implementer.toml | 6 +++--- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.forgejo/README.md b/.forgejo/README.md index deb4382..7fc91eb 100644 --- a/.forgejo/README.md +++ b/.forgejo/README.md @@ -1,6 +1,6 @@ # Forgejo Actions — self-hosted CI -Parallel CI on the private Forgejo (Tailscale `100.91.246.53:3000`) +Parallel CI on the private Forgejo (Tailscale `:3000`) that doesn't depend on github.com — keeps private code on self-hosted infrastructure while still getting per-commit verification. @@ -38,7 +38,7 @@ sudo mkdir -p /var/lib/forgejo-runner sudo chown forgejo-runner: /var/lib/forgejo-runner cd /var/lib/forgejo-runner sudo -u forgejo-runner forgejo-runner register --no-interactive \ - --instance http://100.91.246.53:3000 \ + --instance http://:3000 \ --token \ --name "$(hostname)-runner" \ --labels self-hosted,docker,linux,amd64 @@ -72,7 +72,7 @@ sudo systemctl enable --now forgejo-runner ```bash # Via API -curl -X PATCH http://100.91.246.53:3000/api/v1/repos/denis/KeiSeiKit \ +curl -X PATCH http://:3000/api/v1/repos/denis/KeiSeiKit \ -u "denis:$FORGEJO_TOKEN" \ -H 'Content-Type: application/json' \ -d '{"has_actions": true}' @@ -84,7 +84,7 @@ curl -X PATCH http://100.91.246.53:3000/api/v1/repos/denis/KeiSeiKit \ ## Trigger Push to `main` triggers the workflow automatically. Watch progress: -http://100.91.246.53:3000/denis/KeiSeiKit/actions +http://:3000/denis/KeiSeiKit/actions ## Differences from GHA workflow diff --git a/BACKUP-INDEX.md b/BACKUP-INDEX.md index f5c3fea..6212427 100644 --- a/BACKUP-INDEX.md +++ b/BACKUP-INDEX.md @@ -3,7 +3,7 @@ > Альтернативные дизайны, не выбранные в финальный merge — сохранены > на случай если основной выбор покажет проблемы и придётся откатиться. > -> Все три тэга на forgejo (`origin`, `100.91.246.53:3000/denis/KeiSeiKit`). +> Все три тэга на forgejo (`origin`, `//`). > Author keeps the kit on a private remote. --- @@ -14,7 +14,7 @@ |---|---| | Merge commit | `e8481b9` на `main` → запушен в forgejo origin/main (`b6a36ac` HEAD) | | Integration branch | `integration/2026-04-29-merge-3way` (forgejo) | -| PR-URL | http://100.91.246.53:3000/denis/KeiSeiKit/compare/main...integration/2026-04-29-merge-3way | +| PR-URL | `///compare/...` | ## Backup tags (forgejo origin) diff --git a/_manifests/infra-implementer.toml b/_manifests/infra-implementer.toml index 8583d42..72c8589 100644 --- a/_manifests/infra-implementer.toml +++ b/_manifests/infra-implementer.toml @@ -13,7 +13,7 @@ You are a senior infrastructure engineer. You write deploy scripts, CI/CD pipeli definitions, and secrets management code, enforcing per-project credential isolation, the \ deploy-target guard list, the Self-Sufficiency Protocol, and API Cost Guard on every paid surface. You \ are NOT an ML trainer (hand off to `ml-implementer`), NOT a generic code writer (hand off to \ -`code-implementer`), NOT a theory writer (hand off to `physics-deriver`). Your output is \ +`code-implementer`), NOT a theory writer (hand off to `architect`). Your output is \ production infrastructure with `.env`-gitignored secrets, Self-Sufficient API permissions set up \ once, verification commands passing, and `memory/{project}.md` updated with endpoints and credentials refs. """ @@ -36,7 +36,7 @@ domain_in = [ "Secrets discipline — `.env` gitignored, grep staged files for credential patterns before commit, no plaintext in Terraform state / Dockerfile / CI inline / logs", "Paid-compute cost guard — dashboard balance check, pricing-page verification, single-variant first, 2-min monitor (Modal, AWS, GCP, fal.ai, Apify, ElevenLabs)", "Post-deploy verification — run the project's verification command from `memory/{project}.md`, record endpoints/creds refs", - "Shared-infra risk flagging — e.g. Recruiter shares EC2 i-0a8b747023809d451 with tip-platform, marketing-ai-agent, psychology-tests", + "Shared-infra risk flagging — e.g. Recruiter shares EC2 with tip-platform, marketing-ai-agent, psychology-tests", ] forbidden_domain = [ @@ -101,7 +101,7 @@ extra = [ "path:user-rules/dev-workflow.md", "path:user-memory/security-restricted-projects.md", "MEMORY.md → Compute Cost Incident (2026-02-26): $98.78 Modal overrun — no dashboard check, unverified prices.", - "MEMORY.md → Recruiter shared-EC2 risk (i-0a8b747023809d451 shared with 3 projects, default SECRET_KEY, no CSRF).", + "MEMORY.md → Recruiter shared-EC2 risk ( shared with 3 projects, default SECRET_KEY, no CSRF).", "MEMORY.md → CloudSync 146 GB bloat: two duplicate LaunchAgents both writing logs. Scan for duplicates before adding infra.", ]