Delete .claude directory

[beastoin]

so slop not this time

[greptile-apps]

Greptile Summary

This PR deletes .claude/skills/rotate-key/SKILL.md, a Claude agent skill file that was accidentally committed to the public repository. The deletion itself is correct and necessary.

Key points:

• The deleted file contained a detailed key-rotation runbook with sensitive infrastructure identifiers: GCP project IDs (based-hardware, based-hardware-dev), a service account email, a Codemagic App ID, Kubernetes namespace and deployment names, Cloud Run service details, and Codemagic CI env-var group names.
• Removing the file from the working tree is the right first step, but the data still exists in git history at the original commit and is publicly accessible since this is an open-source repository.
• The team should consider using git filter-repo or BFG Repo Cleaner to purge the file from git history entirely, followed by a force-push and a GitHub cache-purge request, to fully mitigate the exposure.

Confidence Score: 4/5

• Safe to merge — the deletion removes the problematic file from the working tree, but sensitive infrastructure data remains in git history and should be purged separately.
• The change itself is a pure deletion with no risk of introducing bugs or regressions. The score is 4 rather than 5 because the underlying security concern (exposed infrastructure identifiers in git history) is not addressed by this PR alone and requires additional follow-up action.
• .claude/skills/rotate-key/SKILL.md — the file's contents are still visible in git history; history rewrite is recommended.

Important Files Changed

Filename	Overview
.claude/skills/rotate-key/SKILL.md	Deletion of a Claude skill file that was accidentally committed and contained sensitive infrastructure details (GCP project names, service account email, Codemagic App ID, K8s deployment names, env var groupings). Deletion is correct, but the data persists in git history.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A["SKILL.md accidentally committed\nto public repo history"] --> B["PR #5830: Delete .claude/skills/rotate-key/SKILL.md"]
    B --> C{"Sensitive data\nstill in git history?"}
    C -- Yes --> D["GCP project IDs\nbased-hardware / based-hardware-dev"]
    C -- Yes --> E["Service account email\nlocal-development-joan@based-hardware-dev.iam..."]
    C -- Yes --> F["Codemagic App ID\n66c95e6ec76853c447b8bcbb"]
    C -- Yes --> G["K8s namespace + deployment names\nprod-omi-backend"]
    D & E & F & G --> H["Consider: git history rewrite\n(BFG Repo Cleaner / git filter-repo)"]
    B --> I["Working tree: data removed ✅"]

Loading

Comments Outside Diff (1)

1. .claude/skills/rotate-key/SKILL.md

   Sensitive data remains accessible in git history

   Deleting this file from the working tree is the right call, but because this is a public repository the contents are still fully readable in git history at the original commit (975e1a96). The file exposed several pieces of sensitive operational data:

   • GCP project IDs: based-hardware and based-hardware-dev
   • Service account email: local-development-joan@based-hardware-dev.iam.gserviceaccount.com
   • Codemagic App ID: 66c95e6ec76853c447b8bcbb
   • Kubernetes namespace + deployment names: prod-omi-backend, prod-omi-backend-listen, desktop-backend, prod-omi-backend-pusher
   • Cloud Run service + region: desktop-backend in us-central1
   • GCR image base path: gcr.io/based-hardware/
   • Env var group names & bundled key list for Codemagic CI (desktop_secrets, app_env, OMI_DESKTOP_APP_ENV)

   Consider rewriting git history to purge the commit entirely using a tool like BFG Repo Cleaner or git filter-repo:

   # Using git filter-repo (recommended)
   git filter-repo --path .claude/skills/rotate-key/SKILL.md --invert-paths
   git push --force-with-lease

   Until the history is rewritten and GitHub's caches are cleared (you'd also need to contact GitHub support to purge cached views), treat all exposed identifiers as potentially known to anyone who viewed the commit.

_{Last reviewed commit: "Delete .claude direc..."}