feat(/dotfiles-sync): privacy gate for SSH fragments + 1P-backup check#72
Merged
Conversation
The /dotfiles-sync command was the upstream cause of PR #69's leak: SSH fragments were classified as core/local/skip with no privacy review, so mac-mini-danang got committed plaintext to a public repo. - Detection now tags each new SSH fragment [clean] or [private] using a heuristic (Tailscale .ts.net FQDN, IP in HostName, multi-segment internal hostnames, non-standard SSH port, purpose-revealing identity-file names). - Classification expanded to four-way: core / local / private / skip. The 'private' route renames to *.local (gitignored) and creates a 1P Secure Note titled 'SSH config: <name>'. Flagged-private fragments must never go to core. - New notify-only check: scan ~/.ssh/config.d/*.local for fragments without a matching 1P Secure Note. Drops OP_SERVICE_ACCOUNT_TOKEN per S-49 so the lookup sees the user's full vault list. - Action table gains "Back up SSH fragment privately" with the literal op item create command. Existing "Track SSH configs" row warns to verify no infra fingerprint first. - Mirror parity preserved between .claude/commands/ and home/dot_claude/commands/. Smoke-tested on three synthetic fragments (clean / private hostname / private port): all classified correctly. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
tieubao
added a commit
that referenced
this pull request
May 5, 2026
#72) The /dotfiles-sync command was the upstream cause of PR #69's leak: SSH fragments were classified as core/local/skip with no privacy review, so mac-mini-danang got committed plaintext to a public repo. - Detection now tags each new SSH fragment [clean] or [private] using a heuristic (Tailscale .ts.net FQDN, IP in HostName, multi-segment internal hostnames, non-standard SSH port, purpose-revealing identity-file names). - Classification expanded to four-way: core / local / private / skip. The 'private' route renames to *.local (gitignored) and creates a 1P Secure Note titled 'SSH config: <name>'. Flagged-private fragments must never go to core. - New notify-only check: scan ~/.ssh/config.d/*.local for fragments without a matching 1P Secure Note. Drops OP_SERVICE_ACCOUNT_TOKEN per S-49 so the lookup sees the user's full vault list. - Action table gains "Back up SSH fragment privately" with the literal op item create command. Existing "Track SSH configs" row warns to verify no infra fingerprint first. - Mirror parity preserved between .claude/commands/ and home/dot_claude/commands/. Smoke-tested on three synthetic fragments (clean / private hostname / private port): all classified correctly. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
tieubao
added a commit
that referenced
this pull request
May 5, 2026
Document the post-#72 history rewrite: filter-repo, force-push under a ~13s ruleset toggle, backup tag cleanup. The leaked blob is now orphaned on GitHub; direct SHA access remains until GitHub's internal GC. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
7 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
The
/dotfiles-synccommand was the upstream cause of PR #69's leak. New SSH fragments were classified as core/local/skip with no privacy review, somac-mini-dananggot committed plaintext to a public repo.This PR closes the loop: privacy gate at detection time, four-way classification, and a notify-only check for
*.localfragments that lack a 1P Secure Note backup.What changed
[clean]or[private]using a heuristic (.ts.netFQDN, IP in HostName, multi-segment internal hostnames, non-standard SSH port, purpose-revealing identity files)private→ rename to*.local, createop://Vault/SSH config: <name>/notesPlain. Flagged-private must never go to core.~/.ssh/config.d/*.localfragments without a 1P Secure Note. DropsOP_SERVICE_ACCOUNT_TOKENper S-49 so the lookup sees the full vault list.op item createcommandhost1, host2, ...host1 [clean]/host2 [⚠ private]Mirror parity preserved between
.claude/commands/dotfiles-sync.md(project) andhome/dot_claude/commands/dotfiles-sync.md(user, deployed via chezmoi).Heuristic smoke test
Tested on three synthetic fragments locally:
Host github / HostName github.com / Port 22Host mini / HostName mac-mini-danang / IdentityFile ~/.ssh/id_ed25519Host weirdvps / HostName 45.32.53.122 / Port 52847 / IdentityFile id_ed25519_trading_vpsTest plan
/usr/bin/diffreturns 0)grep -E(no PCRE lookaheads — earlier draft had(?!22$)and was fixed before commit)/dotfiles-syncinvocation correctly flags any new SSH fragment🤖 Generated with Claude Code