Context
Security scanner flagged 4 issues: personal email addresses exposed in git commit metadata on 3 public repos, and a credential location roadmap in autonomousDev.
What Was Done
Git History Rewrites (3 repos)
- LIScreenshot + iconscribepublic: Alumni email in older commit author metadata. Used git-filter-repo –mailmap to rewrite to noreply GitHub email. Force pushed.
- mic-volume-guard: Primary Gmail in commit metadata. Same approach.
Credential Roadmap Redaction
- autonomousDev: freeGames priority doc enumerated all platform credentials, 2FA integration, and Discord webhooks. Replaced with pointer to privateContext.
Hardening
- Added personal email patterns to sensitive-identifiers.md for future security scan detection
- Added alumni email to personal-context.md
Repos Touched
LIScreenshot, iconscribepublic, mic-volume-guard, autonomousDev, privateContext
Open Items
- autonomousDev redaction on branch, will merge via learning-agent PR flow
- GitHub cached commits may persist ~90 days before GC
- Re-run security scanner to confirm resolution