Benjamin Admin 5f8009e844 fix(security): remove hardcoded Qdrant key + allowlist doc false-positives ...

secret-scan (gitleaks) had never run on a PR (broken checkout). A real Qdrant dev API key was hardcoded in 4 pre-existing files; removed in favour of env / gitea-secret references (scripts read QDRANT_API_KEY from os.environ; rag-ingest workflow references a gitea Actions secret). The remaining ~52 findings are doc curl examples + .env.example placeholders + a rule_key identifier, allowlisted in .gitleaks.toml (default ruleset kept). gitleaks now reports 0 findings.

ACTION REQUIRED: rotate the Qdrant dev API key — the leaked value is in git history.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-06-21 14:37:54 +02:00

..

githooks

refactor: phase 0 guardrails + phase 1 step 2 (models.py split)

2026-04-07 13:18:29 +02:00

qa

fix(security): remove hardcoded Qdrant key + allowlist doc false-positives

2026-06-21 14:37:54 +02:00

apply_block_markers_022.py

fix: Migration 022 — Regex an echte Template-Struktur angepasst (bold-headings)

2026-03-04 13:42:30 +01:00

apply_consent_history_migration.sh

chore: remove all gitea remote references; single origin push only

2026-04-19 16:16:12 +02:00

apply_consent_templates_migration.sh

feat: Betrieb-Module → 100% — Echte CRUD-Flows, kein Mock-Data

2026-03-03 12:48:43 +01:00

apply_einwilligungen_migration.sh

chore: remove all gitea remote references; single origin push only

2026-04-19 16:16:12 +02:00

apply_escalations_migration.sh

feat: Betrieb-Module → 100% — Echte CRUD-Flows, kein Mock-Data

2026-03-03 12:48:43 +01:00

apply_legal_docs_migration.sh

chore: remove all gitea remote references; single origin push only

2026-04-19 16:16:12 +02:00

apply_legal_templates_020_migration.sh

feat: Dokumentengenerator — Vollständige Vorlage-Bibliothek + Frontend-Redesign

2026-03-04 10:47:38 +01:00

apply_legal_templates_attribution_migration.sh

feat: Legal Templates — Attribution-Tracking + 6 neue Templates (DE/EN)

2026-03-04 09:00:25 +01:00

apply_legal_templates_migration.sh

feat: Legal Templates Service — eigene Vorlagen für Dokumentengenerator

2026-03-03 23:12:07 +01:00

apply_notfallplan_migration.sh

feat: Betrieb-Module → 100% — Echte CRUD-Flows, kein Mock-Data

2026-03-03 12:48:43 +01:00

apply_template_migrations.sh

feat(consent+report): P56-P67 Mercedes-Audit-Cycle (Anti-Audit, Phase G Vendors, Cookie-Behavior-Validator + 5 Mail-Polish-Items) [migration-approved]

2026-05-21 06:28:25 +02:00

apply_templates_023.py

fix: apply_templates_023.py — placeholders als JSONB + version/status Felder

2026-03-04 14:45:50 +01:00

apply_training_migrations.sh

feat: 6 Dokumentations-Module auf 100% — VVT Backend, Filter, PDF-Export

2026-03-02 17:14:58 +01:00

apply_vvt_migration.sh

chore: remove all gitea remote references; single origin push only

2026-04-19 16:16:12 +02:00

check-loc.sh

ci: gate jobs on change detection + tag-based deploy ordering [guardrail-change]

2026-05-13 16:39:43 +02:00

check-rebuild-needed.sh

feat(audit): Phase 1 Quick-Wins (P81 + P85 + P70 + P83) + TCF DELETE/INSERT-Fix

2026-05-22 08:24:46 +02:00

cleanup-qdrant-duplicates.py

fix(security): remove hardcoded Qdrant key + allowlist doc false-positives

2026-06-21 14:37:54 +02:00

deploy.sh

chore: replace all Coolify references with Orca

2026-04-19 16:33:56 +02:00

detect-changes.sh

fix(ci): detect-changes.sh always emits outputs (kill the cascade)

2026-06-21 13:15:54 +02:00

edpb-crawler.py

fix(crawler): korrigierte URLs fuer DSK-OH, BayLDA-TOM (404-Fixes)

2026-03-05 12:12:25 +01:00

find_recital_controls.py

feat(qa): recital detection, review split, duplicate comparison

2026-03-18 08:20:02 +01:00

generate-rule-patterns.py

feat(iace): integrate Rule Library as 58 extended hazard patterns (HP045-HP102)

2026-03-16 11:24:07 +01:00

gt_measure_gap_analysis.py

feat(iace): GT-Bremse coverage — 59 expert measures + 7 hazard patterns

2026-05-16 13:08:52 +02:00

ingest-ce-corpus.sh

feat(rag): optimize RAG pipeline — JSON-Mode, CoT, Hybrid Search, Re-Ranking, Cross-Reg Dedup, chunk 1024

2026-03-21 11:49:43 +01:00

ingest-dsfa-bundesland.sh

feat: DSFA vollständiges DB-Schema + PDF-Ingest + Tests

2026-03-05 10:03:09 +01:00

ingest-iace-libraries.sh

feat(rag): optimize RAG pipeline — JSON-Mode, CoT, Hybrid Search, Re-Ranking, Cross-Reg Dedup, chunk 1024

2026-03-21 11:49:43 +01:00

ingest-industry-compliance.sh

feat(rag): optimize RAG pipeline — JSON-Mode, CoT, Hybrid Search, Re-Ranking, Cross-Reg Dedup, chunk 1024

2026-03-21 11:49:43 +01:00

ingest-legal-corpus.sh

feat(rag): optimize RAG pipeline — JSON-Mode, CoT, Hybrid Search, Re-Ranking, Cross-Reg Dedup, chunk 1024

2026-03-21 11:49:43 +01:00

ingest-phase-h.sh

feat(rag): optimize RAG pipeline — JSON-Mode, CoT, Hybrid Search, Re-Ranking, Cross-Reg Dedup, chunk 1024

2026-03-21 11:49:43 +01:00

ingest-phase-i.sh

feat(scripts): add Phase I ingestion script for 12 new documents

2026-03-22 09:18:30 +01:00

install-hooks.sh

refactor: phase 0 guardrails + phase 1 step 2 (models.py split)

2026-04-07 13:18:29 +02:00

migrate-qdrant.py

fix(security): remove hardcoded Qdrant key + allowlist doc false-positives

2026-06-21 14:37:54 +02:00

migrate-qdrant.sh

feat(qdrant): Migrate to hosted qdrant-dev.breakpilot.ai with API-Key auth

2026-03-06 13:55:21 +01:00

parsed-rule-library.json

feat(iace): integrate Rule Library as 58 extended hazard patterns (HP045-HP102)

2026-03-16 11:24:07 +01:00

populate-rag-originals.sh

fix: correct EDPB/ENISA/EDPS PDF download URLs

2026-03-01 11:17:12 +01:00

rag-sources.md

feat: CRA wiki, cybersecurity policy template, Phase H RAG ingestion

2026-03-15 00:43:46 +01:00

validate-controls.py

feat(canonical-controls): Canonical Control Library — rechtssichere Security Controls

2026-03-12 19:55:06 +01:00

wait-for-core.sh

Initial commit: breakpilot-compliance - Compliance SDK Platform

2026-02-11 23:47:28 +01:00