docs: Add Security & Privacy Review section to checklist

- Pre-commit checks for IPs, tokens, passwords, paths - Placeholder replacement guide - File review checklist
2026-02-24 21:01:52 -06:00
parent 56cacd6585
commit 1739c93455
1 changed files with 35 additions and 0 deletions
--- a/checklist.md
+++ b/checklist.md
@@ -167,6 +167,41 @@ sudo journalctl -u mem-qdrant-watcher -f

 ---

+## Security & Privacy Review (Pre-Commit)
+
+### Before Committing to Git
+
+| Check | Command | What to Look For |
+|-------|---------|------------------|
+| **Internal IPs** | `grep -rE "(10\.[0-9]+\.[0-9]+\.[0-9]+\|192\.168\.[0-9]+\.[0-9]+\|172\.(1[6-9]\|2[0-9]\|3[01])\.[0-9]+\.[0-9]+)"` | Private network addresses |
+| **Passwords/Tokens** | `grep -riE "(password|token|secret|api.?key)"` | Hardcoded credentials |
+| **SSH Keys** | `grep -rE "(BEGIN.*PRIVATE KEY|ssh-rsa|ssh-ed25519)"` | Private keys |
+| **Absolute Paths** | `grep -rE "(/root/|/home/[a-z]+/|\.ssh/)"` | System-specific paths |
+| **Timestamps** | `grep -rE "[0-9]{4}-[0-9]{2}-[0-9]{2}T[0-9]{2}:[0-9]{2}"` | Non-project dates/times |
+| **Usernames** | `grep -riE "(user: [a-z]+\|username: [a-z]+)"` | System usernames |
+
+### Replace With Placeholders
+
+| Found | Replace With |
+|-------|--------------|
+| `10.0.0.x` | `<QDRANT_IP>` or `<OLLAMA_IP>` |
+| `192.168.x.x` | `<LOCAL_NETWORK_IP>` |
+| `/root/.openclaw/` | `~/.openclaw/` or `<OPENCLAW_PATH>` |
+| `/home/username/` | `~/` or `<USER_HOME>` |
+| Real tokens | `<TOKEN>` or `<API_KEY>` |
+| Specific dates | `<DATE>` or `<TIMESTAMP>` |
+
+### Files to Review
+
+- [ ] All `.py` files
+- [ ] All `.md` files
+- [ ] All `.json` files
+- [ ] All `.sh` files
+- [ ] Any log files (should be in `.gitignore`)
+- [ ] Any config files with paths
+
+---
+
 ## Sign-off

 | Check | Status | Date |