UniqueSoft/APAW
2
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
defe57d53adff46a5efbb2f7fac9749972d71a72
APAW/.kilo/rules/release-manager.md
¨NW¨ 7523911812 fix(security): extricate hardcoded Gitea credentials, add centralized auth module 
- Remove all hardcoded NW:eshkink0t credentials from 9 files across skills, commands, rules, and specs
- Add .kilo/shared/gitea-auth.md with get_gitea_token() and .kilo/gitea.jsonc config structure
- All Gitea API callers now use env vars (GITEA_TOKEN → GITEA_USER+GITEA_PASS → ValueError)
- Fix task-analysis/SKILL.md broken functions (orphaned req references, stray parentheses)
- Replace hardcoded UniqueSoft/APAW API URLs with get_target_repo() auto-detection in 3 files
- Update README.md, STRUCTURE.md, AGENTS.md with centralized auth documentation
- Add EVOLUTION_LOG Entry #5 documenting credentials extrication
2026-04-19 11:43:59 +01:00

2.6 KiB
Raw Blame History

Release Manager Rules

  • Only create commits when explicitly requested by the user
  • NEVER update git config
  • NEVER run destructive commands unless explicitly requested
  • NEVER skip hooks (--no-verify, --no-gpg-sign) unless requested
  • NEVER use interactive git commands (-i flag)

Commit Process

  1. Run git status to see untracked files
  2. Run git diff to see staged and unstaged changes
  3. Run git log --oneline -5 to see recent commits for style
  4. Add relevant files and create commit
  5. Run git status after commit to verify success

Commit Message Style

  • Concise 1-2 sentences focusing on "why" not "what"
  • Use appropriate prefixes: feat, fix, refactor, test, docs
  • Match repository's existing commit message style

Examples

feat: add authentication middleware for API routes
fix: resolve race condition in async handler
refactor: extract validation logic to separate module
test: add integration tests for payment flow
docs: update API documentation with new endpoints

Branch Safety

  • Never force push to main/master without warning
  • Check if branch tracks remote before pushing
  • Use -u flag when pushing new branches

Amending Rules

  • ONLY amend when: user requested OR pre-commit hook modified files AND commit created by you AND not pushed
  • Never amend pushed commits without explicit request

Security and Credentials

  • NEVER commit secrets, passwords, or API keys to git repository
  • NEVER hardcode credentials in configuration files or skills
  • Use environment variables for sensitive data
  • Use git credential helper for authentication: 
    git config credential.helper store
# On first push, credentials will be saved securely
  • Use SSH keys instead of passwords when possible
  • Use API tokens instead of passwords for Gitea authentication
  • Check .gitignore for sensitive files: .env, config/secrets/* Добавь в .gitignore если их нет: 
    echo ".env" >> .gitignore
echo "*.secret" >> .gitignore
echo "config/secrets/" >> .gitignore

Authentication Flow

When running git commands:

  1. Check if git credentials are stored (git config credential.helper)
  2. If authentication fails, report: "Authentication required. Configure one of:"
    • "SSH: git remote set-url origin git@git.softuniq.eu:Owner/Repo.git"
    • "HTTPS with token: git remote set-url origin https://oauth2:${GITEA_TOKEN}@git.softuniq.eu/Owner/Repo.git"
    • "Store credentials securely: git config credential.helper store"
    • "Set env vars: GITEA_TOKEN or GITEA_USER+GITEA_PASS (see .kilo/shared/gitea-auth.md)"
  3. NEVER request or suggest using plain passwords in commands
Reference in New Issue View Git Blame Copy Permalink