StillHammer 5602ce50be Prepare project for GitHub publication

- Add comprehensive README.md with examples and quick start
- Add SECURITY.md with API key safety guidelines
- Add MIT LICENSE
- Add .gitattributes for line ending normalization
- Create .env.example templates (root + ConfluentTranslator)
- Update .gitignore (remove unused rules, add .env variants)
- Archive work documents to docs/archive/
- Remove temporary files (nul, prompt-*.json)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

2025-12-10 08:57:43 +08:00

2.6 KiB

Raw Permalink Blame History

Security Policy

Sensitive Information

IMPORTANT: This repository contains code that requires API keys from third-party services (Anthropic, OpenAI).

Environment Variables

NEVER commit the .env file to version control.

The .env file contains sensitive credentials:

ANTHROPIC_API_KEY - Your Anthropic Claude API key
OPENAI_API_KEY - Your OpenAI GPT API key

These keys provide access to paid services and must remain private.

Setup Instructions

Copy .env.example to .env:
```
cp .env.example .env
```

Edit .env and add your actual API keys:

ANTHROPIC_API_KEY=sk-ant-your-actual-key-here
OPENAI_API_KEY=sk-proj-your-actual-key-here

Verify .env is in .gitignore:

cat .gitignore | grep .env
# Should show: .env

If You Accidentally Committed API Keys

If you accidentally committed a file containing API keys:

Immediately revoke the exposed keys:
- Anthropic: https://console.anthropic.com/settings/keys
- OpenAI: https://platform.openai.com/api-keys
Generate new API keys from the respective platforms
Update your .env file with the new keys

Remove the sensitive file from Git history:

# Remove file from history (dangerous - use with caution)
git filter-branch --force --index-filter \
  "git rm --cached --ignore-unmatch .env" \
  --prune-empty --tag-name-filter cat -- --all

# Force push (only if repository is private or you're sure)
git push origin --force --all

Best Practices

Never hardcode API keys in source code
Never commit .env files
Use .env.example as a template (without real keys)
Rotate API keys regularly
Use separate keys for development and production
Monitor API usage for unexpected activity

Reporting Security Issues

If you discover a security vulnerability in this project, please email the maintainer directly rather than opening a public issue.

Supported Versions

Version	Supported
Latest	✅
Older	❌

Dependencies

This project uses third-party npm packages. Run npm audit regularly to check for known vulnerabilities:

cd ConfluentTranslator
npm audit
npm audit fix  # Apply automatic fixes if available

API Rate Limits

Be aware of API rate limits and costs:

Anthropic Claude: Pay-per-use (check pricing at https://www.anthropic.com/pricing)
OpenAI GPT: Pay-per-use (check pricing at https://openai.com/pricing)

Monitor your usage to avoid unexpected bills.

2.6 KiB Raw Permalink Blame History