Use this checklist before publishing this repository.
The project-level .gitignore excludes:
- internal workflow workspace (
prompt/) - runtime artifacts (
data/,models/,reports/,logs/, status/log files) - runtime config and secrets (
config.py,.env*) - archives/history (
old/,docs-archive/,*archive*/) - host-specific launchd/ops files
examples/public/config.public.example.pyexamples/public/.env.exampleexamples/public/README.mdexamples/public/market_report.sample.mdexamples/public/launchd/(generic launchd templates)
config.py(runtime credentials and deployment-specific settings)prompt/(internal planning/workflow notes)reports/market_report_*.mdandreports-archive/market_report_*.md(generated strategy output)logs/andlogs/spark/(runtime traces and machine details)data/config_history.jsonland other runtime state/history files
- Confirm git root is this project folder (not a parent directory):
git rev-parse --show-toplevel
- Confirm no sensitive files are staged:
git status --short -- .
- Confirm the publish-safe config template exists and is sanitized:
examples/public/config.public.example.py
- Confirm API key defaults in public files are blank/placeholders.
- Run a quick compile check:
python -m py_compile src/*.py
- Optional secret scan:
rg -n "(API_KEY|SECRET|TOKEN|WEBHOOK|PASSWORD)" examples/public
- Optional sensitive-string scan in public docs/examples:
rg -n "(/Users/|@\\d+\\.\\d+\\.\\d+\\.\\d+|com\\.[a-z0-9_-]+\\.[a-z0-9_.-]*|PORTFOLIO_HOLDINGS\\s*=\\s*\\[|WATCHLIST\\s*=\\s*\\[)" README.md PUBLIC_RELEASE.md examples/public
- Enable and run push guard:
git config core.hooksPath .githooksscripts/public_push_guard.sh
- For runtime use, maintain a project-local
config.py; it is intentionally ignored. - If you need to share sample outputs, create redacted files under
examples/public/rather than sharingreports/directly. - If any credentials were ever committed in history, rotate those keys before publishing.