# Model Dock Security QA Sweep This document defines the pre-GitHub security boundary for the current Model Dock workspace. ## Status - Repo creation should wait until this sweep is executed and the exclusions below are enforced - The current tree contains live secrets, live state, Drive metadata, share links, and operational receipts ## High-risk findings ### Do not commit - `/home/mark/modeldock/.env` Contains live secrets including `POSTGRES_PASSWORD`, `OPENWEBUI_OPENAI_API_KEYS`, and `WEBUI_SECRET_KEY` - `/home/mark/modeldock/state/` Live application and database state for Open WebUI, Flowise, Postgres, Redis, Qdrant, and possibly n8n - `/home/mark/modeldock/outputs/` Live generated outputs and Drive staging artifacts - `/home/mark/modeldock/receipts/` Operational receipts, timestamps, environment details, Drive paths, and in some cases share links - `/home/mark/modeldock/config/output-sync/drive-upload-state.json` Contains remote Drive targets and public share links - `/home/mark/modeldock/config/output-sync/drive-folder-registry.json` Contains discovered Drive folder names and production destination mappings - `/home/mark/modeldock/config/output-sync/state.json` Contains live output routing and manifest paths ### Scrub before commit - `/home/mark/modeldock/OPERATOR_RUNBOOK.md` Contains the current Open WebUI admin email and direct references to live secret handling - `/home/mark/modeldock/README_BOOTSTRAP.md` Safe in principle, but should be reviewed to ensure it stays template-level and not live-state-level - `/home/mark/modeldock/STARTUP_PLAN.md` Safe in principle, but references the current mixed runtime and should be treated as operational documentation - `/home/mark/modeldock/CADDY_DEPLOYMENT_PLAN.md` Safe in principle, but replace placeholder domains and emails only when publishing intentionally - `/home/mark/modeldock/Caddyfile.example` Safe as an example, but keep placeholders until real public deployment ## Safe candidate set for a future private repo - `/home/mark/modeldock/.env.example` - `/home/mark/modeldock/docker-compose.yml` - `/home/mark/modeldock/start-state-services.sh` - `/home/mark/modeldock/start-phase2-services.sh` - `/home/mark/modeldock/start-phase3-workers.sh` - `/home/mark/modeldock/run-drive-uploader.sh` - `/home/mark/modeldock/config/litellm/` - `/home/mark/modeldock/config/open-webui/` - `/home/mark/modeldock/config/postgres/init/` - `/home/mark/modeldock/config/registry-sync/` - `/home/mark/modeldock/config/n8n/` - `/home/mark/modeldock/config/output-sync/` only after removing live state artifacts - `/home/mark/modeldock/README_BOOTSTRAP.md` - `/home/mark/modeldock/STARTUP_PLAN.md` - `/home/mark/modeldock/INGRESS_PLAN.md` - `/home/mark/modeldock/CADDY_DEPLOYMENT_PLAN.md` - `/home/mark/modeldock/Caddyfile.example` - `/home/mark/modeldock/MIGRATION_CHECKLIST__SRV_ARCH1_MODELDOCK.md` ## Repo boundary recommendation Version the stack definition and templates. Do not version: - secrets - live databases - generated outputs - Drive sync state - receipts - discovered external folder inventories - runtime caches or compiled artifacts ## Pre-GitHub checklist 1. Confirm `.env` will not be committed 2. Add and review a `.gitignore` 3. Remove or ignore `state/`, `outputs/`, `receipts/`, and live sync state files 4. Redact current operator identity details from public-facing or repo-facing docs if they are not intended to live in the repo 5. Decide whether `config/output-sync/drive-folder-registry.json`, `drive-upload-state.json`, and `state.json` should be excluded entirely or replaced with sanitized examples 6. Decide whether `OPERATOR_RUNBOOK.md` belongs in the repo as-is, as a sanitized template, or only locally 7. Only after that, create the private GitHub repo and commit the curated set ## Recommended immediate actions - Keep `/home/mark/modeldock` as the live local workspace - Create a sanitized repo-ready copy or branch boundary instead of pushing this directory wholesale - Treat `receipts/` as local operational evidence, not source code