KeiSeiKit-1.0

Author SHA1 Message Date

Author	SHA1	Message	Date
Parfii-bot	94f31ee203	fix(security): scrub Tailscale IP + EC2 instance ID from public surface (P0) Sonnet Markdown audit + Opus TOML audit (post-publish) caught two infrastructure identity leaks in the public KeiSeiKit-1.0 mirror: 1. Tailscale CGNAT IP `100.91.246.53` (private Forgejo server) appeared 5×: - BACKUP-INDEX.md:6,17 — including a PR URL exposing branch naming convention - .forgejo/README.md:3,41,75,87 Replaced with `<private-forgejo>` placeholder. PR URL is now a template form (no real branch name leaked). 2. Real AWS EC2 instance ID `i-0a8b747023809d451` appeared 2× in _manifests/infra-implementer.toml:39,104 — directly inside an agent prompt shipped publicly. Replaced with `<ec2-instance-id>` placeholder. The IP itself is not internet-routable (Tailscale CGNAT), but the leak still narrows OSINT scope and reveals our Forgejo-on-Tailscale topology. The EC2 instance ID is a real production resource identifier in our shared-tenancy deployment; leaking it gives an attacker a confirmed target for AWS-API enumeration if any other vector ever yields IAM access. These leaks were already pushed to github main in commits `23b818a` + `7cc544f`. The HEAD-only scrub clears the working tree and the next commit; full git history scrub via git-filter-repo is a follow-up if the historical exposure window matters operationally. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-03 15:36:29 +08:00
Parfii-bot	0be354a920	KeiSeiKit-public — clean state Single-commit clean baseline after security scrub of niche-tells, project codenames, internal jargon, and contributor-email leaks. Contents: - 100 Rust crates (_primitives/_rust/) - 37 agent manifests (_manifests/) + generated specs (_generated/) - 67 user-invocable skills (skills/) - 33 hooks (hooks/) - Composition blocks (_blocks/) - Documentation (docs/, README.md) - TS adapter packages (_ts_packages/) - Assembler (_assembler/) - Roles (_roles/) - Templates (_templates/) - Forgejo CI (.forgejo/) Author: Denis Parfionovich <info@greendragon.info> License: see LICENSE.	2026-05-01 12:09:03 +08:00

Parfii-bot

94f31ee203

fix(security): scrub Tailscale IP + EC2 instance ID from public surface (P0)

Sonnet Markdown audit + Opus TOML audit (post-publish) caught two infrastructure
identity leaks in the public KeiSeiKit-1.0 mirror:

1. Tailscale CGNAT IP `100.91.246.53` (private Forgejo server) appeared 5×:
   - BACKUP-INDEX.md:6,17 — including a PR URL exposing branch naming convention
   - .forgejo/README.md:3,41,75,87
   Replaced with `<private-forgejo>` placeholder. PR URL is now a template form
   (no real branch name leaked).

2. Real AWS EC2 instance ID `i-0a8b747023809d451` appeared 2× in
   _manifests/infra-implementer.toml:39,104 — directly inside an agent prompt
   shipped publicly. Replaced with `<ec2-instance-id>` placeholder.

The IP itself is not internet-routable (Tailscale CGNAT), but the leak still
narrows OSINT scope and reveals our Forgejo-on-Tailscale topology. The EC2
instance ID is a real production resource identifier in our shared-tenancy
deployment; leaking it gives an attacker a confirmed target for AWS-API
enumeration if any other vector ever yields IAM access.

These leaks were already pushed to github main in commits 23b818a + 7cc544f.
The HEAD-only scrub clears the working tree and the next commit; full git
history scrub via git-filter-repo is a follow-up if the historical exposure
window matters operationally.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-03 15:36:29 +08:00

Parfii-bot

0be354a920

KeiSeiKit-public — clean state

Single-commit clean baseline after security scrub of niche-tells,
project codenames, internal jargon, and contributor-email leaks.

Contents:
- 100 Rust crates (_primitives/_rust/)
- 37 agent manifests (_manifests/) + generated specs (_generated/)
- 67 user-invocable skills (skills/)
- 33 hooks (hooks/)
- Composition blocks (_blocks/)
- Documentation (docs/, README.md)
- TS adapter packages (_ts_packages/)
- Assembler (_assembler/)
- Roles (_roles/)
- Templates (_templates/)
- Forgejo CI (.forgejo/)

Author: Denis Parfionovich <info@greendragon.info>

License: see LICENSE.

2026-05-01 12:09:03 +08:00

2 commits