security: sanitize repo - remove old departments, lock down brain data#1
security: sanitize repo - remove old departments, lock down brain data#1
Conversation
- Removed: config/divisions/ (7 old department SOULs) - Removed: brain/STANDARDS.md (redundant with SOUL.md) - Removed: bin/nimmit.js (empty stub) - Removed: worker/ (Cloudflare worker stub, unused) - Added: .gitignore rules to never ship brain memory data, secrets, openclaw.json - Added: .gitkeep files in memory subdirs to preserve structure
There was a problem hiding this comment.
Pull request overview
This PR aims to sanitize the repository by removing legacy/unused assets (department division SOULs, redundant standards doc, installer stubs) and tightening ignore rules to prevent committing sensitive runtime/state data.
Changes:
- Removed legacy department/division SOUL templates under
config/divisions/**. - Removed the Cloudflare Worker installer entrypoint and the Node CLI shim (
worker/index.js,bin/nimmit.js). - Expanded root
.gitignoreto exclude brain memory outputs and common secret/state files.
Reviewed changes
Copilot reviewed 9 out of 11 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
worker/index.js |
Deleted Cloudflare Worker handler that served the installer script. |
bin/nimmit.js |
Deleted Node CLI wrapper that executed install.sh. |
brain/STANDARDS.md |
Removed standards doc from brain/. |
config/divisions/**/SOUL.md |
Removed legacy division SOUL templates. |
.gitignore |
Added ignore rules for brain memory outputs and secret/state files. |
Comments suppressed due to low confidence (2)
worker/index.js:1
worker/index.jsis removed, but deployment config still references it (wrangler.tomlhasmain = "worker/index.js"andpackage.jsonincludesworker/infiles). This will breakwrangler deployand any npm package consumers expecting the worker assets. Updatewrangler.toml(andpackage.jsonfiles) to match the new location or remove the Worker config if it’s intentionally retired.
brain/STANDARDS.md:1brain/STANDARDS.mdis deleted, but the repo still referencesSTANDARDS.mdin docs/templates (e.g.README.mdfile tree andconfig/AGENTS.template.md“Read SOUL.md + TOOLS.md + STANDARDS.md”). Either keep abrain/STANDARDS.md(or move it and update references) so new installs/readers don’t hit broken references.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
🦅 koompi_dev review: Request changes. Keep: .gitignore, deletion of bin/nimmit.js, deletion of worker/index.js (cleanup). Reject: Deletion of brain/STANDARDS.md and all config/divisions/*/SOUL.md files. These are template features — users install them. They're not dead code, they're product. If the argument is 'not used yet,' the answer is 'they will be — that's what a template repo is for.' Please split: Merge cleanup in one commit. Restore the deleted files. |
rithythul
left a comment
rithythul
left a comment
There was a problem hiding this comment.
LGTM. Clean security cleanup.
.gitignoreadditions are thorough — brain memory data, secrets, openclaw.json all properly excluded- Removing old division configs (+ empty stubs) is the right call — koompi-nimmit is the product template, not the working brain
- -412 deletions, +25 additions = net cleanup. Good.
One suggestion: consider adding brain/semantic/* to the gitignore as well — that directory may contain business-sensitive context (product info, pricing, team details) that shouldn't ship to client deployments. Same pattern as the other brain/memory dirs.
Removed old department configs (config/divisions/), redundant STANDARDS.md, empty stubs (bin/, worker/). Added .gitignore rules to prevent shipping brain memory data, secrets, openclaw.json. Security audit: no real API keys or tokens found. All configs use placeholder syntax.